# Copyright Broadcom, Inc. All Rights Reserved.
# SPDX-License-Identifier: APACHE-2.0
## @section Global parameters
## Global Docker image parameters
## Please, note that this will override the image parameters, including dependencies, configured to use the global value
## Current available global Docker image parameters: imageRegistry, imagePullSecrets and storageClass
##
## @param global.imageRegistry Global Docker image registry
## @param global.imagePullSecrets Global Docker registry secret names as an array
## @param global.storageClass Global StorageClass for Persistent Volume(s)
##
global:
imageRegistry: ""
## E.g.
## imagePullSecrets:
## - myRegistryKeySecretName
##
## Compatibility adaptations for Kubernetes platforms
##
compatibility:
## Compatibility adaptations for Openshift
##
openshift:
## @param global.compatibility.openshift.adaptSecurityContext Adapt the securityContext sections of the deployment to make them compatible with Openshift restricted-v2 SCC: remove runAsUser, runAsGroup and fsGroup and let the platform use their allowed default IDs. Possible values: auto (apply if the detected running cluster is Openshift), force (perform the adaptation always), disabled (do not perform adaptation)
##
adaptSecurityContext: auto
## @section Common parameters
##
## @param kubeVersion Override Kubernetes version
##
kubeVersion: ""
## @param nameOverride String to partially override common.names.fullname
##
nameOverride: "rabbitmq-cluster-operator"
## @param fullnameOverride String to fully override common.names.fullname
##
fullnameOverride: "rabbitmq-cluster-operator"
## @param commonLabels Labels to add to all deployed objects
##
commonLabels: {}
## @param commonAnnotations Annotations to add to all deployed objects
##
commonAnnotations: {}
## @param clusterDomain Kubernetes cluster domain name
##
clusterDomain: cluster.local
## Enable diagnostic mode in the deployment(s)/statefulset(s)
##
diagnosticMode:
## @param diagnosticMode.enabled Enable diagnostic mode (all probes will be disabled)
##
enabled: false
## @section RabbitMQ Cluster Operator Parameters
##
## Tanzu RabbitMQ Image
## @param rabbitmqImage.registry [default: REGISTRY_NAME] RabbitMQ Image registry
## @param rabbitmqImage.repository [default: REPOSITORY_NAME/rabbitmq] RabbitMQ Image repository
## @skip rabbitmqImage.tag RabbitMQ Image tag (immutable tags are recommended)
## @param rabbitmqImage.digest RabbitMQ image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag
## @param rabbitmqImage.pullSecrets RabbitMQ Image pull secrets
##
rabbitmqImage:
registry: rabbitmq.packages.broadcom.com
repository: vmware-tanzu-rabbitmq
tag: 4.0.0
digest: ""
## Optionally specify an array of imagePullSecrets.
## Secrets must be manually created in the namespace.
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-rabbitmqImage-private-registry/
## e.g:
pullSecrets:
- tanzu-rabbitmq-registry-creds
## RabbitMQ Default User Credential Updater Image
## @param credentialUpdaterImage.registry [default: REGISTRY_NAME] RabbitMQ Default User Credential Updater image registry
## @param credentialUpdaterImage.repository [default: REPOSITORY_NAME/rmq-default-credential-updater] RabbitMQ Default User Credential Updater image repository
## @skip credentialUpdaterImage.tag RabbitMQ Default User Credential Updater image tag (immutable tags are recommended)
## @param credentialUpdaterImage.digest RabbitMQ Default User Credential Updater image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag
## @param credentialUpdaterImage.pullSecrets RabbitMQ Default User Credential Updater image pull secrets
##
credentialUpdaterImage:
registry: rabbitmqoperator.packages.broadcom.com
repository: default-user-credential-updater
tag: 1.0.4
digest: ""
## Optionally specify an array of imagePullSecrets.
## Secrets must be manually created in the namespace.
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-credentialUpdaterImage-private-registry/
## e.g:
pullSecrets:
- tanzu-rabbitmq-registry-creds
##
clusterOperator:
## RabbitMQ Cluster Operator image
## @param clusterOperator.image.registry [default: REGISTRY_NAME] RabbitMQ Cluster Operator image registry
## @param clusterOperator.image.repository [default: REPOSITORY_NAME/rabbitmq-cluster-operator] RabbitMQ Cluster Operator image repository
## @skip clusterOperator.image.tag RabbitMQ Cluster Operator image tag (immutable tags are recommended)
## @param clusterOperator.image.digest RabbitMQ Cluster Operator image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag
## @param clusterOperator.image.pullPolicy RabbitMQ Cluster Operator image pull policy
## @param clusterOperator.image.pullSecrets RabbitMQ Cluster Operator image pull secrets
##
image:
registry: rabbitmqoperator.packages.broadcom.com
repository: cluster-operator
tag: 2.10.0
digest: ""
## Specify a imagePullPolicy
## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent'
## ref: https://kubernetes.io/docs/concepts/containers/images/#pre-pulled-images
##
pullPolicy: IfNotPresent
## Optionally specify an array of imagePullSecrets.
## Secrets must be manually created in the namespace.
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
pullSecrets:
- tanzu-rabbitmq-registry-creds
## @param clusterOperator.revisionHistoryLimit sets number of replicaset to keep in k8s
##
revisionHistoryLimit: 10
## @param clusterOperator.watchAllNamespaces Watch for resources in all namespaces
##
watchAllNamespaces: true
## @param clusterOperator.watchNamespaces [array] Watch for resources in the given namespaces (ignored if watchAllNamespaces=true)
##
watchNamespaces: []
## @param clusterOperator.replicaCount Number of RabbitMQ Cluster Operator replicas to deploy
##
replicaCount: 1
## @param clusterOperator.schedulerName Alternative scheduler
##
schedulerName: ""
## @param clusterOperator.topologySpreadConstraints Topology Spread Constraints for pod assignment
## https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/
## The value is evaluated as a template
##
topologySpreadConstraints: []
## @param clusterOperator.terminationGracePeriodSeconds In seconds, time the given to the %%MAIN_CONTAINER_NAME%% pod needs to terminate gracefully
## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod/#termination-of-pods
##
terminationGracePeriodSeconds: ""
## Configure extra options for RabbitMQ Cluster Operator containers' liveness and readiness probes
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes
## @param clusterOperator.livenessProbe.enabled Enable livenessProbe on RabbitMQ Cluster Operator nodes
## @param clusterOperator.livenessProbe.initialDelaySeconds Initial delay seconds for livenessProbe
## @param clusterOperator.livenessProbe.periodSeconds Period seconds for livenessProbe
## @param clusterOperator.livenessProbe.timeoutSeconds Timeout seconds for livenessProbe
## @param clusterOperator.livenessProbe.failureThreshold Failure threshold for livenessProbe
## @param clusterOperator.livenessProbe.successThreshold Success threshold for livenessProbe
##
livenessProbe:
enabled: true
initialDelaySeconds: 5
periodSeconds: 30
timeoutSeconds: 5
successThreshold: 1
failureThreshold: 5
## @param clusterOperator.readinessProbe.enabled Enable readinessProbe on RabbitMQ Cluster Operator nodes
## @param clusterOperator.readinessProbe.initialDelaySeconds Initial delay seconds for readinessProbe
## @param clusterOperator.readinessProbe.periodSeconds Period seconds for readinessProbe
## @param clusterOperator.readinessProbe.timeoutSeconds Timeout seconds for readinessProbe
## @param clusterOperator.readinessProbe.failureThreshold Failure threshold for readinessProbe
## @param clusterOperator.readinessProbe.successThreshold Success threshold for readinessProbe
##
readinessProbe:
enabled: true
initialDelaySeconds: 5
periodSeconds: 30
timeoutSeconds: 5
successThreshold: 1
failureThreshold: 5
## @param clusterOperator.startupProbe.enabled Enable startupProbe on RabbitMQ Cluster Operator nodes
## @param clusterOperator.startupProbe.initialDelaySeconds Initial delay seconds for startupProbe
## @param clusterOperator.startupProbe.periodSeconds Period seconds for startupProbe
## @param clusterOperator.startupProbe.timeoutSeconds Timeout seconds for startupProbe
## @param clusterOperator.startupProbe.failureThreshold Failure threshold for startupProbe
## @param clusterOperator.startupProbe.successThreshold Success threshold for startupProbe
##
startupProbe:
enabled: false
initialDelaySeconds: 5
periodSeconds: 30
timeoutSeconds: 5
successThreshold: 1
failureThreshold: 5
## @param clusterOperator.customLivenessProbe Custom livenessProbe that overrides the default one
##
customLivenessProbe: {}
## @param clusterOperator.customReadinessProbe Custom readinessProbe that overrides the default one
##
customReadinessProbe: {}
## @param clusterOperator.customStartupProbe Custom startupProbe that overrides the default one
##
customStartupProbe: {}
## RabbitMQ Cluster Operator resource requests and limits
## ref: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/
resources:
requests:
cpu: 200m
memory: 500Mi
limits:
cpu: 200m
memory: 500Mi
## Configure Pods Security Context
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod
## @param clusterOperator.podSecurityContext.enabled Enabled RabbitMQ Cluster Operator pods' Security Context
## @param clusterOperator.podSecurityContext.fsGroupChangePolicy Set filesystem group change policy
## @param clusterOperator.podSecurityContext.sysctls Set kernel settings using the sysctl interface
## @param clusterOperator.podSecurityContext.supplementalGroups Set filesystem extra groups
## @param clusterOperator.podSecurityContext.fsGroup Set RabbitMQ Cluster Operator pod's Security Context fsGroup
##
podSecurityContext:
enabled: true
fsGroupChangePolicy: Always
sysctls: []
supplementalGroups: []
fsGroup: 1001
## Configure Container Security Context
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod
## @param clusterOperator.containerSecurityContext.enabled Enabled containers' Security Context
## @param clusterOperator.containerSecurityContext.seLinuxOptions [object,nullable] Set SELinux options in container
## @param clusterOperator.containerSecurityContext.runAsUser Set containers' Security Context runAsUser
## @param clusterOperator.containerSecurityContext.runAsGroup Set containers' Security Context runAsGroup
## @param clusterOperator.containerSecurityContext.runAsNonRoot Set container's Security Context runAsNonRoot
## @param clusterOperator.containerSecurityContext.privileged Set container's Security Context privileged
## @param clusterOperator.containerSecurityContext.readOnlyRootFilesystem Set container's Security Context readOnlyRootFilesystem
## @param clusterOperator.containerSecurityContext.allowPrivilegeEscalation Set container's Security Context allowPrivilegeEscalation
## @param clusterOperator.containerSecurityContext.capabilities.drop List of capabilities to be dropped
## @param clusterOperator.containerSecurityContext.seccompProfile.type Set container's Security Context seccomp profile
##
containerSecurityContext:
enabled: true
seLinuxOptions: null
runAsUser: 1001
runAsGroup: 1001
runAsNonRoot: true
privileged: false
readOnlyRootFilesystem: true
allowPrivilegeEscalation: false
capabilities:
drop: ["ALL"]
seccompProfile:
type: "RuntimeDefault"
## @param clusterOperator.automountServiceAccountToken Mount Service Account token in pod
##
automountServiceAccountToken: true
## @param clusterOperator.hostAliases RabbitMQ Cluster Operator pods host aliases
## https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/
##
hostAliases: []
## @param clusterOperator.podLabels Extra labels for RabbitMQ Cluster Operator pods
## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/
##
podLabels: {}
## @param clusterOperator.podAnnotations Annotations for RabbitMQ Cluster Operator pods
## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/
##
podAnnotations: {}
## @param clusterOperator.podAffinityPreset Pod affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard`
## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity
##
podAffinityPreset: ""
## @param clusterOperator.podAntiAffinityPreset Pod anti-affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard`
## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity
##
podAntiAffinityPreset: soft
## Node affinity preset
## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity
##
nodeAffinityPreset:
## @param clusterOperator.nodeAffinityPreset.type Node affinity preset type. Ignored if `affinity` is set. Allowed values: `soft` or `hard`
##
type: ""
## @param clusterOperator.nodeAffinityPreset.key Node label key to match. Ignored if `affinity` is set
##
key: ""
## @param clusterOperator.nodeAffinityPreset.values Node label values to match. Ignored if `affinity` is set
## E.g.
## values:
## - e2e-az1
## - e2e-az2
##
values: []
## @param clusterOperator.affinity Affinity for RabbitMQ Cluster Operator pods assignment
## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity
## NOTE: `podAffinityPreset`, `podAntiAffinityPreset`, and `nodeAffinityPreset` will be ignored when it's set
##
affinity: {}
## @param clusterOperator.nodeSelector Node labels for RabbitMQ Cluster Operator pods assignment
## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/
##
nodeSelector: {}
## @param clusterOperator.tolerations Tolerations for RabbitMQ Cluster Operator pods assignment
## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/
##
tolerations: []
## @param clusterOperator.updateStrategy.type RabbitMQ Cluster Operator statefulset strategy type
## ref: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#update-strategies
##
updateStrategy:
## StrategyType
## Can be set to RollingUpdate or OnDelete
##
type: RollingUpdate
## @param clusterOperator.priorityClassName RabbitMQ Cluster Operator pods' priorityClassName
##
priorityClassName: ""
## @param clusterOperator.containerPorts.metrics RabbitMQ Cluster Operator container port (used for metrics)
##
containerPorts:
metrics: 9782
## @param clusterOperator.extraEnvVars Array with extra environment variables to add to RabbitMQ Cluster Operator nodes
## e.g:
## extraEnvVars:
## - name: FOO
## value: "bar"
##
extraEnvVars: []
## @param clusterOperator.extraEnvVarsCM Name of existing ConfigMap containing extra env vars for RabbitMQ Cluster Operator nodes
##
extraEnvVarsCM: ""
## @param clusterOperator.extraEnvVarsSecret Name of existing Secret containing extra env vars for RabbitMQ Cluster Operator nodes
##
extraEnvVarsSecret: ""
## @param clusterOperator.extraVolumes Optionally specify extra list of additional volumes for the RabbitMQ Cluster Operator pod(s)
##
extraVolumes: []
## @param clusterOperator.extraVolumeMounts Optionally specify extra list of additional volumeMounts for the RabbitMQ Cluster Operator container(s)
##
extraVolumeMounts: []
## @param clusterOperator.sidecars Add additional sidecar containers to the RabbitMQ Cluster Operator pod(s)
## e.g:
## sidecars:
## - name: your-image-name
## image: your-image
## imagePullPolicy: Always
## ports:
## - name: portname
## containerPort: 1234
##
sidecars: []
## @param clusterOperator.initContainers Add additional init containers to the RabbitMQ Cluster Operator pod(s)
## ref: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/
## e.g:
## initContainers:
## - name: your-image-name
## image: your-image
## imagePullPolicy: Always
## command: ['sh', '-c', 'echo "hello world"']
##
initContainers: []
## Network Policies
## Ref: https://kubernetes.io/docs/concepts/services-networking/network-policies/
##
networkPolicy:
## @param clusterOperator.networkPolicy.enabled Specifies whether a NetworkPolicy should be created
##
enabled: false
## @param clusterOperator.networkPolicy.kubeAPIServerPorts [array] List of possible endpoints to kube-apiserver (limit to your cluster settings to increase security)
##
kubeAPIServerPorts: [443, 6443, 8443]
## @param clusterOperator.networkPolicy.allowExternal Don't require injector label for connections
## The Policy model to apply. When set to false, only pods with the correct
## injector label will have network access to the ports injector is listening
## on. When true, injector will accept connections from any source
## (with the correct destination port).
##
allowExternal: true
## @param clusterOperator.networkPolicy.allowExternalEgress Allow the pod to access any range of port and all destinations.
##
allowExternalEgress: true
## @param clusterOperator.networkPolicy.extraIngress [array] Add extra ingress rules to the NetworkPolicy
## e.g:
## extraIngress:
## - ports:
## - port: 1234
## from:
## - podSelector:
## - matchLabels:
## - role: frontend
## - podSelector:
## - matchExpressions:
## - key: role
## operator: In
## values:
## - frontend
extraIngress: []
## @param clusterOperator.networkPolicy.extraEgress [array] Add extra ingress rules to the NetworkPolicy
## e.g:
## extraEgress:
## - ports:
## - port: 1234
## to:
## - podSelector:
## - matchLabels:
## - role: frontend
## - podSelector:
## - matchExpressions:
## - key: role
## operator: In
## values:
## - frontend
##
extraEgress: []
## @param clusterOperator.networkPolicy.ingressNSMatchLabels [object] Labels to match to allow traffic from other namespaces
## @param clusterOperator.networkPolicy.ingressNSPodMatchLabels [object] Pod labels to match to allow traffic from other namespaces
##
ingressNSMatchLabels: {}
ingressNSPodMatchLabels: {}
## RBAC configuration
##
rbac:
## @param clusterOperator.rbac.create Specifies whether RBAC resources should be created
##
create: true
## ClusterRole parameters
##
clusterRole:
## @param clusterOperator.rbac.clusterRole.customRules Define custom access rules for the ClusterRole
## ref: https://kubernetes.io/docs/reference/access-authn-authz/rbac/#role-and-clusterrole
## e.g:
## customRules:
## - apiGroups: A list of API groups (e.g., [""], ["apps"]).
## - resources: A list of resource names (e.g., ["configmaps", "pods"]).
## - verbs: A list of allowed access verbs (e.g., ["create", "get", "list"]).
customRules: []
## @param clusterOperator.rbac.clusterRole.extraRules Define extra access rules for the ClusterRole. This has no effect if customerRules is a non-empty array.
## ref: https://kubernetes.io/docs/reference/access-authn-authz/rbac/#role-and-clusterrole
## e.g:
## extraRules:
## - apiGroups: A list of API groups (e.g., [""], ["apps"]).
## - resources: A list of resource names (e.g., ["configmaps", "pods"]).
## - verbs: A list of allowed access verbs (e.g., ["create", "get", "list"]).
extraRules: []
## ServiceAccount configuration
##
serviceAccount:
## @param clusterOperator.serviceAccount.create Specifies whether a ServiceAccount should be created
##
create: true
## @param clusterOperator.serviceAccount.name The name of the ServiceAccount to use.
## If not set and create is true, a name is generated using the common.names.fullname template
##
name: ""
## @param clusterOperator.serviceAccount.annotations Add annotations
##
annotations: {}
## @param clusterOperator.serviceAccount.automountServiceAccountToken Automount API credentials for a service account.
##
automountServiceAccountToken: false
## @section RabbitMQ Cluster Operator Metrics parameters
##
metrics:
## Metrics service parameters
##
service:
## @param clusterOperator.metrics.service.enabled Create a service for accessing the metrics endpoint
##
enabled: false
## @param clusterOperator.metrics.service.type RabbitMQ Cluster Operator metrics service type
##
type: ClusterIP
## @param clusterOperator.metrics.service.ports.http RabbitMQ Cluster Operator metrics service HTTP port
##
ports:
http: 80
## Node ports to expose
## @param clusterOperator.metrics.service.nodePorts.http Node port for HTTP
## NOTE: choose port between <30000-32767>
##
nodePorts:
http: ""
## @param clusterOperator.metrics.service.clusterIP RabbitMQ Cluster Operator metrics service Cluster IP
## e.g.:
## clusterIP: None
##
clusterIP: ""
## @param clusterOperator.metrics.service.extraPorts Extra ports to expose (normally used with the `sidecar` value)
##
extraPorts: []
## @param clusterOperator.metrics.service.loadBalancerIP RabbitMQ Cluster Operator metrics service Load Balancer IP
## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-loadbalancer
##
loadBalancerIP: ""
## @param clusterOperator.metrics.service.loadBalancerSourceRanges RabbitMQ Cluster Operator metrics service Load Balancer sources
## ref: https://kubernetes.io/docs/tasks/access-application-cluster/configure-cloud-provider-firewall/#restrict-access-for-loadbalancer-service
## e.g:
## loadBalancerSourceRanges:
## - 10.10.10.0/24
##
loadBalancerSourceRanges: []
## @param clusterOperator.metrics.service.externalTrafficPolicy RabbitMQ Cluster Operator metrics service external traffic policy
## ref https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/#preserving-the-client-source-ip
##
externalTrafficPolicy: Cluster
## @param clusterOperator.metrics.service.annotations [object] Additional custom annotations for RabbitMQ Cluster Operator metrics service
##
annotations:
prometheus.io/scrape: "true"
prometheus.io/port: "{{ .Values.clusterOperator.metrics.service.ports.http }}"
## @param clusterOperator.metrics.service.sessionAffinity Session Affinity for Kubernetes service, can be "None" or "ClientIP"
## If "ClientIP", consecutive client requests will be directed to the same Pod
## ref: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies
##
sessionAffinity: None
## @param clusterOperator.metrics.service.sessionAffinityConfig Additional settings for the sessionAffinity
## sessionAffinityConfig:
## clientIP:
## timeoutSeconds: 300
##
sessionAffinityConfig: {}
serviceMonitor:
## @param clusterOperator.metrics.serviceMonitor.enabled Specify if a servicemonitor will be deployed for prometheus-operator
##
enabled: false
## @param clusterOperator.metrics.serviceMonitor.namespace Namespace which Prometheus is running in
## e.g:
## namespace: monitoring
##
namespace: ""
## @param clusterOperator.metrics.serviceMonitor.jobLabel Specify the jobLabel to use for the prometheus-operator
##
jobLabel: app.kubernetes.io/name
## @param clusterOperator.metrics.serviceMonitor.honorLabels Honor metrics labels
## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#endpoint
##
honorLabels: false
## @param clusterOperator.metrics.serviceMonitor.selector Prometheus instance selector labels
## e.g:
## selector:
## prometheus: my-prometheus
##
selector: {}
## @param clusterOperator.metrics.serviceMonitor.scrapeTimeout Timeout after which the scrape is ended
## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#endpoint
## e.g:
## scrapeTimeout: 10s
##
scrapeTimeout: ""
## @param clusterOperator.metrics.serviceMonitor.interval Scrape interval. If not set, the Prometheus default scrape interval is used
##
interval: ""
## DEPRECATED: Use clusterOperator.metrics.serviceMonitor.labels instead
## This value will be removed in a future release
## additionalLabels: {}
## @param clusterOperator.metrics.serviceMonitor.metricRelabelings Specify additional relabeling of metrics
##
metricRelabelings: []
## @param clusterOperator.metrics.serviceMonitor.relabelings Specify general relabeling
##
relabelings: []
## @param clusterOperator.metrics.serviceMonitor.labels Extra labels for the ServiceMonitor
##
labels: {}
## @param clusterOperator.metrics.serviceMonitor.path Define the path used by ServiceMonitor to scrap metrics
## Could be /metrics for aggregated metrics or /metrics/per-object for more details
##
path: ""
## @param clusterOperator.metrics.serviceMonitor.params Define the HTTP URL parameters used by ServiceMonitor
##
params: {}
podMonitor:
## @param clusterOperator.metrics.podMonitor.enabled Create PodMonitor Resource for scraping metrics using PrometheusOperator
##
enabled: false
## @param clusterOperator.metrics.podMonitor.jobLabel Specify the jobLabel to use for the prometheus-operator
##
jobLabel: app.kubernetes.io/name
## @param clusterOperator.metrics.podMonitor.namespace Namespace which Prometheus is running in
##
namespace: ""
## @param clusterOperator.metrics.podMonitor.honorLabels Honor metrics labels
##
honorLabels: false
## @param clusterOperator.metrics.podMonitor.selector Prometheus instance selector labels
selector: {}
## @param clusterOperator.metrics.podMonitor.interval Specify the interval at which metrics should be scraped
##
interval: 30s
## @param clusterOperator.metrics.podMonitor.scrapeTimeout Specify the timeout after which the scrape is ended
##
scrapeTimeout: 30s
## @param clusterOperator.metrics.podMonitor.additionalLabels [object] Additional labels that can be used so PodMonitors will be discovered by Prometheus
##
additionalLabels: {}
## @param clusterOperator.metrics.podMonitor.path Define HTTP path to scrape for metrics.
##
path: ""
## @param clusterOperator.metrics.podMonitor.relabelings Specify general relabeling
##
relabelings: []
## @param clusterOperator.metrics.podMonitor.metricRelabelings Specify additional relabeling of metrics
##
metricRelabelings: []
## @param clusterOperator.metrics.podMonitor.params Define the HTTP URL parameters used by PodMonitor
##
params: {}
## @section RabbitMQ Messaging Topology Operator Parameters
##
msgTopologyOperator:
## @param msgTopologyOperator.enabled Deploy RabbitMQ Messaging Topology Operator as part of the installation
##
enabled: true
## RabbitMQ Messaging Topology Operator image
## @param msgTopologyOperator.image.registry [default: REGISTRY_NAME] RabbitMQ Messaging Topology Operator image registry
## @param msgTopologyOperator.image.repository [default: REPOSITORY_NAME/rmq-messaging-topology-operator] RabbitMQ Messaging Topology Operator image repository
## @skip msgTopologyOperator.image.tag RabbitMQ Messaging Topology Operator image tag (immutable tags are recommended)
## @param msgTopologyOperator.image.digest RabbitMQ Messaging Topology Operator image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag
## @param msgTopologyOperator.image.pullPolicy RabbitMQ Messaging Topology Operator image pull policy
## @param msgTopologyOperator.image.pullSecrets RabbitMQ Messaging Topology Operator image pull secrets
##
image:
registry: rabbitmqoperator.packages.broadcom.com
repository: messaging-topology-operator
tag: 1.14.2
digest: ""
## Specify a imagePullPolicy
## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent'
## ref: https://kubernetes.io/docs/concepts/containers/images/#pre-pulled-images
##
pullPolicy: IfNotPresent
## Optionally specify an array of imagePullSecrets.
## Secrets must be manually created in the namespace.
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
## e.g:
pullSecrets:
- tanzu-rabbitmq-registry-creds
## @param msgTopologyOperator.revisionHistoryLimit sets number of replicaset to keep in k8s
##
revisionHistoryLimit: 10
## @param msgTopologyOperator.watchAllNamespaces Watch for resources in all namespaces
##
watchAllNamespaces: true
## @param msgTopologyOperator.watchNamespaces [array] Watch for resources in the given namespaces ## @param clusterOperator.watchNamespaces [array] Watch for resources in the given namespaces (ignored if watchAllNamespaces=true)
##
watchNamespaces: []
## @param msgTopologyOperator.replicaCount Number of RabbitMQ Messaging Topology Operator replicas to deploy
##
replicaCount: 1
## @param msgTopologyOperator.topologySpreadConstraints Topology Spread Constraints for pod assignment
## https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/
## The value is evaluated as a template
##
topologySpreadConstraints: []
## @param msgTopologyOperator.schedulerName Alternative scheduler
##
schedulerName: ""
## @param msgTopologyOperator.terminationGracePeriodSeconds In seconds, time the given to the %%MAIN_CONTAINER_NAME%% pod needs to terminate gracefully
## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod/#termination-of-pods
##
terminationGracePeriodSeconds: ""
## @param msgTopologyOperator.hostNetwork Boolean
##
hostNetwork: "false"
## @param msgTopologyOperator.dnsPolicy Alternative DNS policy
##
dnsPolicy: "ClusterFirst"
## Configure extra options for RabbitMQ Messaging Topology Operator containers' liveness and readiness probes
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes
## @param msgTopologyOperator.livenessProbe.enabled Enable livenessProbe on RabbitMQ Messaging Topology Operator nodes
## @param msgTopologyOperator.livenessProbe.initialDelaySeconds Initial delay seconds for livenessProbe
## @param msgTopologyOperator.livenessProbe.periodSeconds Period seconds for livenessProbe
## @param msgTopologyOperator.livenessProbe.timeoutSeconds Timeout seconds for livenessProbe
## @param msgTopologyOperator.livenessProbe.failureThreshold Failure threshold for livenessProbe
## @param msgTopologyOperator.livenessProbe.successThreshold Success threshold for livenessProbe
##
livenessProbe:
enabled: true
initialDelaySeconds: 5
periodSeconds: 30
timeoutSeconds: 5
successThreshold: 1
failureThreshold: 5
## @param msgTopologyOperator.readinessProbe.enabled Enable readinessProbe on RabbitMQ Messaging Topology Operator nodes
## @param msgTopologyOperator.readinessProbe.initialDelaySeconds Initial delay seconds for readinessProbe
## @param msgTopologyOperator.readinessProbe.periodSeconds Period seconds for readinessProbe
## @param msgTopologyOperator.readinessProbe.timeoutSeconds Timeout seconds for readinessProbe
## @param msgTopologyOperator.readinessProbe.failureThreshold Failure threshold for readinessProbe
## @param msgTopologyOperator.readinessProbe.successThreshold Success threshold for readinessProbe
##
readinessProbe:
enabled: true
initialDelaySeconds: 5
periodSeconds: 30
timeoutSeconds: 5
successThreshold: 1
failureThreshold: 5
## @param msgTopologyOperator.startupProbe.enabled Enable startupProbe on RabbitMQ Messaging Topology Operator nodes
## @param msgTopologyOperator.startupProbe.initialDelaySeconds Initial delay seconds for startupProbe
## @param msgTopologyOperator.startupProbe.periodSeconds Period seconds for startupProbe
## @param msgTopologyOperator.startupProbe.timeoutSeconds Timeout seconds for startupProbe
## @param msgTopologyOperator.startupProbe.failureThreshold Failure threshold for startupProbe
## @param msgTopologyOperator.startupProbe.successThreshold Success threshold for startupProbe
##
startupProbe:
enabled: false
initialDelaySeconds: 5
periodSeconds: 30
timeoutSeconds: 5
successThreshold: 1
failureThreshold: 5
## @param msgTopologyOperator.customLivenessProbe Custom livenessProbe that overrides the default one
##
customLivenessProbe: {}
## @param msgTopologyOperator.customReadinessProbe Custom readinessProbe that overrides the default one
##
customReadinessProbe: {}
## @param msgTopologyOperator.customStartupProbe Custom startupProbe that overrides the default one
##
customStartupProbe: {}
## @param msgTopologyOperator.existingWebhookCertSecret name of a secret containing the certificates (use it to avoid certManager creating one)
##
existingWebhookCertSecret: ""
## @param msgTopologyOperator.existingWebhookCertCABundle PEM-encoded CA Bundle of the existing secret provided in existingWebhookCertSecret (only if useCertManager=false)
##
existingWebhookCertCABundle: ""
## RabbitMQ Messaging Topology Operator resource requests and limits
## ref: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/
resources:
limits:
cpu: 300m
memory: 500Mi
requests:
cpu: 100m
memory: 100Mi
## Configure Pods Security Context
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod
## @param msgTopologyOperator.podSecurityContext.enabled Enabled RabbitMQ Messaging Topology Operator pods' Security Context
## @param msgTopologyOperator.podSecurityContext.fsGroupChangePolicy Set filesystem group change policy
## @param msgTopologyOperator.podSecurityContext.sysctls Set kernel settings using the sysctl interface
## @param msgTopologyOperator.podSecurityContext.supplementalGroups Set filesystem extra groups
## @param msgTopologyOperator.podSecurityContext.fsGroup Set RabbitMQ Messaging Topology Operator pod's Security Context fsGroup
##
podSecurityContext:
enabled: true
fsGroupChangePolicy: Always
sysctls: []
supplementalGroups: []
fsGroup: 1001
## Configure Container Security Context
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod
## @param msgTopologyOperator.containerSecurityContext.enabled Enabled containers' Security Context
## @param msgTopologyOperator.containerSecurityContext.seLinuxOptions [object,nullable] Set SELinux options in container
## @param msgTopologyOperator.containerSecurityContext.runAsUser Set containers' Security Context runAsUser
## @param msgTopologyOperator.containerSecurityContext.runAsGroup Set containers' Security Context runAsGroup
## @param msgTopologyOperator.containerSecurityContext.runAsNonRoot Set container's Security Context runAsNonRoot
## @param msgTopologyOperator.containerSecurityContext.privileged Set container's Security Context privileged
## @param msgTopologyOperator.containerSecurityContext.readOnlyRootFilesystem Set container's Security Context readOnlyRootFilesystem
## @param msgTopologyOperator.containerSecurityContext.allowPrivilegeEscalation Set container's Security Context allowPrivilegeEscalation
## @param msgTopologyOperator.containerSecurityContext.capabilities.drop List of capabilities to be dropped
## @param msgTopologyOperator.containerSecurityContext.seccompProfile.type Set container's Security Context seccomp profile
##
containerSecurityContext:
enabled: true
seLinuxOptions: null
runAsUser: 1001
runAsGroup: 1001
runAsNonRoot: true
privileged: false
readOnlyRootFilesystem: true
allowPrivilegeEscalation: false
capabilities:
drop: ["ALL"]
seccompProfile:
type: "RuntimeDefault"
## @param msgTopologyOperator.fullnameOverride String to fully override rmqco.msgTopologyOperator.fullname template
##
fullnameOverride: "messaging-topology-operator"
## @param msgTopologyOperator.automountServiceAccountToken Mount Service Account token in pod
##
automountServiceAccountToken: true
## @param msgTopologyOperator.hostAliases RabbitMQ Messaging Topology Operator pods host aliases
## https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/
##
hostAliases: []
## @param msgTopologyOperator.podLabels Extra labels for RabbitMQ Messaging Topology Operator pods
## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/
##
podLabels: {}
## @param msgTopologyOperator.podAnnotations Annotations for RabbitMQ Messaging Topology Operator pods
## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/
##
podAnnotations: {}
## @param msgTopologyOperator.podAffinityPreset Pod affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard`
## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity
##
podAffinityPreset: ""
## @param msgTopologyOperator.podAntiAffinityPreset Pod anti-affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard`
## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity
##
podAntiAffinityPreset: soft
## Node affinity preset
## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity
##
nodeAffinityPreset:
## @param msgTopologyOperator.nodeAffinityPreset.type Node affinity preset type. Ignored if `affinity` is set. Allowed values: `soft` or `hard`
##
type: ""
## @param msgTopologyOperator.nodeAffinityPreset.key Node label key to match. Ignored if `affinity` is set
##
key: ""
## @param msgTopologyOperator.nodeAffinityPreset.values Node label values to match. Ignored if `affinity` is set
## E.g.
## values:
## - e2e-az1
## - e2e-az2
##
values: []
## @param msgTopologyOperator.affinity Affinity for RabbitMQ Messaging Topology Operator pods assignment
## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity
## NOTE: `podAffinityPreset`, `podAntiAffinityPreset`, and `nodeAffinityPreset` will be ignored when it's set
##
affinity: {}
## @param msgTopologyOperator.nodeSelector Node labels for RabbitMQ Messaging Topology Operator pods assignment
## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/
##
nodeSelector: {}
## @param msgTopologyOperator.tolerations Tolerations for RabbitMQ Messaging Topology Operator pods assignment
## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/
##
tolerations: []
## @param msgTopologyOperator.updateStrategy.type RabbitMQ Messaging Topology Operator statefulset strategy type
## ref: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#update-strategies
##
updateStrategy:
## StrategyType
## Can be set to RollingUpdate or OnDelete
##
type: RollingUpdate
## @param msgTopologyOperator.priorityClassName RabbitMQ Messaging Topology Operator pods' priorityClassName
##
priorityClassName: ""
## @param msgTopologyOperator.containerPorts.metrics RabbitMQ Messaging Topology Operator container port (used for metrics)
##
containerPorts:
metrics: 8080
## @param msgTopologyOperator.extraEnvVars Array with extra environment variables to add to RabbitMQ Messaging Topology Operator nodes
## e.g:
## extraEnvVars:
## - name: FOO
## value: "bar"
##
extraEnvVars: []
## @param msgTopologyOperator.extraEnvVarsCM Name of existing ConfigMap containing extra env vars for RabbitMQ Messaging Topology Operator nodes
##
extraEnvVarsCM: ""
## @param msgTopologyOperator.extraEnvVarsSecret Name of existing Secret containing extra env vars for RabbitMQ Messaging Topology Operator nodes
##
extraEnvVarsSecret: ""
## @param msgTopologyOperator.extraVolumes Optionally specify extra list of additional volumes for the RabbitMQ Messaging Topology Operator pod(s)
##
extraVolumes: []
## @param msgTopologyOperator.extraVolumeMounts Optionally specify extra list of additional volumeMounts for the RabbitMQ Messaging Topology Operator container(s)
##
extraVolumeMounts: []
## @param msgTopologyOperator.sidecars Add additional sidecar containers to the RabbitMQ Messaging Topology Operator pod(s)
## e.g:
## sidecars:
## - name: your-image-name
## image: your-image
## imagePullPolicy: Always
## ports:
## - name: portname
## containerPort: 1234
##
sidecars: []
## @param msgTopologyOperator.initContainers Add additional init containers to the RabbitMQ Messaging Topology Operator pod(s)
## ref: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/
## e.g:
## initContainers:
## - name: your-image-name
## image: your-image
## imagePullPolicy: Always
## command: ['sh', '-c', 'echo "hello world"']
##
initContainers: []
## Webhook service parameters
##
service:
## @param msgTopologyOperator.service.type RabbitMQ Messaging Topology Operator webhook service type
##
type: ClusterIP
## @param msgTopologyOperator.service.ports.webhook RabbitMQ Messaging Topology Operator webhook service HTTP port
##
ports:
webhook: 443
## Node ports to expose
## @param msgTopologyOperator.service.nodePorts.http Node port for HTTP
## NOTE: choose port between <30000-32767>
##
nodePorts:
http: ""
## @param msgTopologyOperator.service.clusterIP RabbitMQ Messaging Topology Operator webhook service Cluster IP
## e.g.:
## clusterIP: None
##
clusterIP: ""
## @param msgTopologyOperator.service.loadBalancerIP RabbitMQ Messaging Topology Operator webhook service Load Balancer IP
## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-loadbalancer
##
loadBalancerIP: ""
## @param msgTopologyOperator.service.extraPorts Extra ports to expose (normally used with the `sidecar` value)
##
extraPorts: []
## @param msgTopologyOperator.service.loadBalancerSourceRanges RabbitMQ Messaging Topology Operator webhook service Load Balancer sources
## ref: https://kubernetes.io/docs/tasks/access-application-cluster/configure-cloud-provider-firewall/#restrict-access-for-loadbalancer-service
## e.g:
## loadBalancerSourceRanges:
## - 10.10.10.0/24
##
loadBalancerSourceRanges: []
## @param msgTopologyOperator.service.externalTrafficPolicy RabbitMQ Messaging Topology Operator webhook service external traffic policy
## ref https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/#preserving-the-client-source-ip
##
externalTrafficPolicy: Cluster
## @param msgTopologyOperator.service.annotations Additional custom annotations for RabbitMQ Messaging Topology Operator webhook service
##
annotations: {}
## @param msgTopologyOperator.service.sessionAffinity Session Affinity for Kubernetes service, can be "None" or "ClientIP"
## If "ClientIP", consecutive client requests will be directed to the same Pod
## ref: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies
##
sessionAffinity: None
## @param msgTopologyOperator.service.sessionAffinityConfig Additional settings for the sessionAffinity
## sessionAffinityConfig:
## clientIP:
## timeoutSeconds: 300
##
sessionAffinityConfig: {}
## Network Policies
## Ref: https://kubernetes.io/docs/concepts/services-networking/network-policies/
##
networkPolicy:
## @param msgTopologyOperator.networkPolicy.enabled Specifies whether a NetworkPolicy should be created
##
enabled: false
## @param msgTopologyOperator.networkPolicy.kubeAPIServerPorts [array] List of possible endpoints to kube-apiserver (limit to your cluster settings to increase security)
##
kubeAPIServerPorts: [443, 6443, 8443]
## @param msgTopologyOperator.networkPolicy.allowExternal Don't require injector label for connections
## The Policy model to apply. When set to false, only pods with the correct
## injector label will have network access to the ports injector is listening
## on. When true, injector will accept connections from any source
## (with the correct destination port).
##
allowExternal: true
## @param msgTopologyOperator.networkPolicy.allowExternalEgress Allow the pod to access any range of port and all destinations.
##
allowExternalEgress: true
## @param msgTopologyOperator.networkPolicy.extraIngress [array] Add extra ingress rules to the NetworkPolicy
## e.g:
## extraIngress:
## - ports:
## - port: 1234
## from:
## - podSelector:
## - matchLabels:
## - role: frontend
## - podSelector:
## - matchExpressions:
## - key: role
## operator: In
## values:
## - frontend
extraIngress: []
## @param msgTopologyOperator.networkPolicy.extraEgress [array] Add extra ingress rules to the NetworkPolicy
## e.g:
## extraEgress:
## - ports:
## - port: 1234
## to:
## - podSelector:
## - matchLabels:
## - role: frontend
## - podSelector:
## - matchExpressions:
## - key: role
## operator: In
## values:
## - frontend
##
extraEgress: []
## @param msgTopologyOperator.networkPolicy.ingressNSMatchLabels [object] Labels to match to allow traffic from other namespaces
## @param msgTopologyOperator.networkPolicy.ingressNSPodMatchLabels [object] Pod labels to match to allow traffic from other namespaces
##
ingressNSMatchLabels: {}
ingressNSPodMatchLabels: {}
## RBAC configuration
##
rbac:
## @param msgTopologyOperator.rbac.create Specifies whether RBAC resources should be created
##
create: true
## ClusterRole parameters
##
clusterRole:
## @param msgTopologyOperator.rbac.clusterRole.customRules Define custom access rules for the ClusterRole
## ref: https://kubernetes.io/docs/reference/access-authn-authz/rbac/#role-and-clusterrole
## e.g:
## customRules:
## - apiGroups: A list of API groups (e.g., [""], ["apps"]).
## - resources: A list of resource names (e.g., ["configmaps", "pods"]).
## - verbs: A list of allowed access verbs (e.g., ["create", "get", "list"]).
customRules: []
## @param msgTopologyOperator.rbac.clusterRole.extraRules Define extra access rules for the ClusterRole. This has no effect if customerRules is a non-empty array.
## ref: https://kubernetes.io/docs/reference/access-authn-authz/rbac/#role-and-clusterrole
## e.g:
## extraRules:
## - apiGroups: A list of API groups (e.g., [""], ["apps"]).
## - resources: A list of resource names (e.g., ["configmaps", "pods"]).
## - verbs: A list of allowed access verbs (e.g., ["create", "get", "list"]).
extraRules: []
## ServiceAccount configuration
##
serviceAccount:
## @param msgTopologyOperator.serviceAccount.create Specifies whether a ServiceAccount should be created
##
create: true
## @param msgTopologyOperator.serviceAccount.name The name of the ServiceAccount to use.
## If not set and create is true, a name is generated using the common.names.fullname template
##
name: ""
## @param msgTopologyOperator.serviceAccount.annotations Add annotations
##
annotations: {}
## @param msgTopologyOperator.serviceAccount.automountServiceAccountToken Automount API credentials for a service account.
##
automountServiceAccountToken: false
## @section RabbitMQ Messaging Topology Operator parameters
##
metrics:
## Metrics service parameters
##
service:
## @param msgTopologyOperator.metrics.service.enabled Create a service for accessing the metrics endpoint
##
enabled: false
## @param msgTopologyOperator.metrics.service.type RabbitMQ Cluster Operator metrics service type
##
type: ClusterIP
## @param msgTopologyOperator.metrics.service.ports.http RabbitMQ Cluster Operator metrics service HTTP port
##
ports:
http: 80
## Node ports to expose
## @param msgTopologyOperator.metrics.service.nodePorts.http Node port for HTTP
## NOTE: choose port between <30000-32767>
##
nodePorts:
http: ""
## @param msgTopologyOperator.metrics.service.clusterIP RabbitMQ Cluster Operator metrics service Cluster IP
## e.g.:
## clusterIP: None
##
clusterIP: ""
## @param msgTopologyOperator.metrics.service.extraPorts Extra ports to expose (normally used with the `sidecar` value)
##
extraPorts: []
## @param msgTopologyOperator.metrics.service.loadBalancerIP RabbitMQ Cluster Operator metrics service Load Balancer IP
## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-loadbalancer
##
loadBalancerIP: ""
## @param msgTopologyOperator.metrics.service.loadBalancerSourceRanges RabbitMQ Cluster Operator metrics service Load Balancer sources
## ref: https://kubernetes.io/docs/tasks/access-application-cluster/configure-cloud-provider-firewall/#restrict-access-for-loadbalancer-service
## e.g:
## loadBalancerSourceRanges:
## - 10.10.10.0/24
##
loadBalancerSourceRanges: []
## @param msgTopologyOperator.metrics.service.externalTrafficPolicy RabbitMQ Cluster Operator metrics service external traffic policy
## ref https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/#preserving-the-client-source-ip
##
externalTrafficPolicy: Cluster
## @param msgTopologyOperator.metrics.service.annotations [object] Additional custom annotations for RabbitMQ Cluster Operator metrics service
##
annotations:
prometheus.io/scrape: "true"
prometheus.io/port: "{{ .Values.msgTopologyOperator.metrics.service.ports.http }}"
## @param msgTopologyOperator.metrics.service.sessionAffinity Session Affinity for Kubernetes service, can be "None" or "ClientIP"
## If "ClientIP", consecutive client requests will be directed to the same Pod
## ref: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies
##
sessionAffinity: None
## @param msgTopologyOperator.metrics.service.sessionAffinityConfig Additional settings for the sessionAffinity
## sessionAffinityConfig:
## clientIP:
## timeoutSeconds: 300
##
sessionAffinityConfig: {}
serviceMonitor:
## @param msgTopologyOperator.metrics.serviceMonitor.enabled Specify if a servicemonitor will be deployed for prometheus-operator
##
enabled: false
## @param msgTopologyOperator.metrics.serviceMonitor.namespace Namespace which Prometheus is running in
## e.g:
## namespace: monitoring
##
namespace: ""
## @param msgTopologyOperator.metrics.serviceMonitor.jobLabel Specify the jobLabel to use for the prometheus-operator
##
jobLabel: app.kubernetes.io/name
## DEPRECATED: Use msgTopologyOperator.metrics.serviceMonitor.labels instead.
## This value will be removed in a future release
## additionalLabels: {}
## @param msgTopologyOperator.metrics.serviceMonitor.selector Prometheus instance selector labels
## e.g:
## selector:
## prometheus: my-prometheus
##
selector: {}
## @param msgTopologyOperator.metrics.serviceMonitor.honorLabels Honor metrics labels
## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#endpoint
##
honorLabels: false
## @param msgTopologyOperator.metrics.serviceMonitor.scrapeTimeout Timeout after which the scrape is ended
## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#endpoint
## e.g:
## scrapeTimeout: 10s
##
scrapeTimeout: ""
## @param msgTopologyOperator.metrics.serviceMonitor.interval Scrape interval. If not set, the Prometheus default scrape interval is used
##
interval: ""
## @param msgTopologyOperator.metrics.serviceMonitor.metricRelabelings Specify additional relabeling of metrics
##
metricRelabelings: []
## @param msgTopologyOperator.metrics.serviceMonitor.relabelings Specify general relabeling
##
relabelings: []
## @param msgTopologyOperator.metrics.serviceMonitor.labels Extra labels for the ServiceMonitor
##
labels: {}
podMonitor:
## @param msgTopologyOperator.metrics.podMonitor.enabled Create PodMonitor Resource for scraping metrics using PrometheusOperator
##
enabled: false
## @param msgTopologyOperator.metrics.podMonitor.jobLabel Specify the jobLabel to use for the prometheus-operator
##
jobLabel: app.kubernetes.io/name
## @param msgTopologyOperator.metrics.podMonitor.namespace Namespace which Prometheus is running in
##
namespace: ""
## @param msgTopologyOperator.metrics.podMonitor.honorLabels Honor metrics labels
##
honorLabels: false
## @param msgTopologyOperator.metrics.podMonitor.selector Prometheus instance selector labels
selector: {}
## @param msgTopologyOperator.metrics.podMonitor.interval Specify the interval at which metrics should be scraped
##
interval: 30s
## @param msgTopologyOperator.metrics.podMonitor.scrapeTimeout Specify the timeout after which the scrape is ended
##
scrapeTimeout: 30s
## @param msgTopologyOperator.metrics.podMonitor.additionalLabels [object] Additional labels that can be used so PodMonitors will be discovered by Prometheus
##
additionalLabels: {}
## @param msgTopologyOperator.metrics.podMonitor.relabelings Specify general relabeling
##
relabelings: []
## @param msgTopologyOperator.metrics.podMonitor.metricRelabelings Specify additional relabeling of metrics
##
metricRelabelings: []
## @section audit-logger parameters
auditLogger:
## @param auditLogger.enabled Deploy RabbitMQ Audit Logger as part of the installation
##
enabled: false
## RabbitMQ Audit Logger image
## @param auditLogger.image.registry [default: REGISTRY_NAME] RabbitMQ Audit Logger image registry
## @param auditLogger.image.repository [default: REPOSITORY_NAME/audit-logger] RabbitMQ Audit Logger image repository
## @skip auditLogger.image.tag RabbitMQ Audit Logger image tag (immutable tags are recommended)
## @param auditLogger.image.digest RabbitMQ Audit Logger image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag
## @param auditLogger.image.pullPolicy RabbitMQ Audit Logger image pull policy
## @param auditLogger.image.pullSecrets RabbitMQ Audit Logger image pull secrets
##
image:
registry: rabbitmq.packages.broadcom.com
repository: rabbitmq-audit-logger
tag: 0.4.3-amd64
digest: ""
## Specify a imagePullPolicy
## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent'
## ref: https://kubernetes.io/docs/concepts/containers/images/#pre-pulled-images
##
pullPolicy: IfNotPresent
## Optionally specify an array of imagePullSecrets.
## Secrets must be manually created in the namespace.
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
## e.g:
pullSecrets:
- tanzu-rabbitmq-registry-creds
## Mandatory specify the RabbitMQ Audit logger configuration secret.
configurations:
secretName: "audit-logger-config"
## @param auditLogger.revisionHistoryLimit sets number of replicaset to keep in k8s
##
revisionHistoryLimit: 10
## @param auditLogger.watchAllNamespaces Watch for resources in all namespaces
##
auditAllNamespaces: true
## @param auditLogger.auditNamespaces [array] Watch for resources in the given namespaces
##
auditNamespaces: []
## @param auditLogger.replicaCount Number of RabbitMQ Audit Logger replicas to deploy
##
replicaCount: 1
## @param auditLogger.topologySpreadConstraints Topology Spread Constraints for pod assignment
## https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/
## The value is evaluated as a template
##
topologySpreadConstraints: []
## @param auditLogger.schedulerName Alternative scheduler
##
schedulerName: ""
## @param auditLogger.terminationGracePeriodSeconds In seconds, time the given to the %%MAIN_CONTAINER_NAME%% pod needs to terminate gracefully
## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod/#termination-of-pods
##
terminationGracePeriodSeconds: ""
## Configure extra options for RabbitMQ Cluster Operator containers' liveness and readiness probes
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes
## @param auditLogger.livenessProbe.enabled Enable livenessProbe on RabbitMQ Cluster Operator nodes
## @param auditLogger.livenessProbe.initialDelaySeconds Initial delay seconds for livenessProbe
## @param auditLogger.livenessProbe.periodSeconds Period seconds for livenessProbe
## @param auditLogger.livenessProbe.timeoutSeconds Timeout seconds for livenessProbe
## @param auditLogger.livenessProbe.failureThreshold Failure threshold for livenessProbe
## @param auditLogger.livenessProbe.successThreshold Success threshold for livenessProbe
##
livenessProbe:
enabled: false
initialDelaySeconds: 5
periodSeconds: 30
timeoutSeconds: 5
successThreshold: 1
failureThreshold: 5
## @param auditLogger.readinessProbe.enabled Enable readinessProbe on RabbitMQ Cluster Operator nodes
## @param auditLogger.readinessProbe.initialDelaySeconds Initial delay seconds for readinessProbe
## @param auditLogger.readinessProbe.periodSeconds Period seconds for readinessProbe
## @param auditLogger.readinessProbe.timeoutSeconds Timeout seconds for readinessProbe
## @param auditLogger.readinessProbe.failureThreshold Failure threshold for readinessProbe
## @param auditLogger.readinessProbe.successThreshold Success threshold for readinessProbe
##
readinessProbe:
enabled: false
initialDelaySeconds: 5
periodSeconds: 30
timeoutSeconds: 5
successThreshold: 1
failureThreshold: 5
customLivenessProbe: {}
## @param clusterOperator.customReadinessProbe Custom readinessProbe that overrides the default one
##
customReadinessProbe: {}
## @param clusterOperator.customStartupProbe Custom startupProbe that overrides the default one
##
customStartupProbe: {}
resources:
limits:
cpu: 300m
memory: 500Mi
requests:
cpu: 100m
memory: 100Mi
## Configure Pods Security Context
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod
## @param auditLogger.podSecurityContext.enabled Enabled RabbitMQ Audit Logger pods' Security Context
## @param auditLogger.podSecurityContext.fsGroupChangePolicy Set filesystem group change policy
## @param auditLogger.podSecurityContext.sysctls Set kernel settings using the sysctl interface
## @param auditLogger.podSecurityContext.supplementalGroups Set filesystem extra groups
## @param auditLogger.podSecurityContext.fsGroup Set RabbitMQ Audit Logger pod's Security Context fsGroup
##
podSecurityContext:
enabled: true
fsGroupChangePolicy: Always
sysctls: []
supplementalGroups: []
fsGroup: 1001
## Configure Container Security Context
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod
## @param auditLogger.containerSecurityContext.enabled Enabled containers' Security Context
## @param auditLogger.containerSecurityContext.seLinuxOptions [object,nullable] Set SELinux options in container
## @param auditLogger.containerSecurityContext.runAsUser Set containers' Security Context runAsUser
## @param auditLogger.containerSecurityContext.runAsGroup Set containers' Security Context runAsGroup
## @param auditLogger.containerSecurityContext.runAsNonRoot Set container's Security Context runAsNonRoot
## @param auditLogger.containerSecurityContext.privileged Set container's Security Context privileged
## @param auditLogger.containerSecurityContext.readOnlyRootFilesystem Set container's Security Context readOnlyRootFilesystem
## @param auditLogger.containerSecurityContext.allowPrivilegeEscalation Set container's Security Context allowPrivilegeEscalation
## @param auditLogger.containerSecurityContext.capabilities.drop List of capabilities to be dropped
## @param auditLogger.containerSecurityContext.seccompProfile.type Set container's Security Context seccomp profile
##
containerSecurityContext:
enabled: true
seLinuxOptions: null
runAsUser: 1001
runAsGroup: 1001
runAsNonRoot: true
privileged: false
readOnlyRootFilesystem: true
allowPrivilegeEscalation: false
capabilities:
drop: ["ALL"]
seccompProfile:
type: "RuntimeDefault"
## @param auditLogger.fullnameOverride String to fully override rmqco.auditLogger.fullname template
##
fullnameOverride: "rabbitmq-audit-logger"
## @param auditLogger.automountServiceAccountToken Mount Service Account token in pod
##
automountServiceAccountToken: true
## @param auditLogger.podLabels Extra labels for RabbitMQ Audit Logger pods
## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/
##
podLabels: {}
## @param auditLogger.podAnnotations Annotations for RabbitMQ Audit Logger pods
## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/
##
podAnnotations: {}
## @param auditLogger.podAffinityPreset Pod affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard`
## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity
##
podAffinityPreset: ""
## @param auditLogger.podAntiAffinityPreset Pod anti-affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard`
## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity
##
podAntiAffinityPreset: soft
## Node affinity preset
## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity
##
nodeAffinityPreset:
## @param auditLogger.nodeAffinityPreset.type Node affinity preset type. Ignored if `affinity` is set. Allowed values: `soft` or `hard`
##
type: ""
## @param auditLogger.nodeAffinityPreset.key Node label key to match. Ignored if `affinity` is set
##
key: ""
## @param auditLogger.nodeAffinityPreset.values Node label values to match. Ignored if `affinity` is set
## E.g.
## values:
## - e2e-az1
## - e2e-az2
##
values: []
## @param auditLogger.affinity Affinity for RabbitMQ Audit Logger pods assignment
## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity
## NOTE: `podAffinityPreset`, `podAntiAffinityPreset`, and `nodeAffinityPreset` will be ignored when it's set
##
affinity: {}
## @param auditLogger.nodeSelector Node labels for RabbitMQ Audit Logger pods assignment
## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/
##
nodeSelector: {}
## @param auditLogger.tolerations Tolerations for RabbitMQ Audit Logger pods assignment
## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/
##
tolerations: []
## @param auditLogger.updateStrategy.type RabbitMQ Audit Logger statefulset strategy type
## ref: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#update-strategies
##
updateStrategy:
## StrategyType
## Can be set to RollingUpdate or OnDelete
##
type: RollingUpdate
## @param auditLogger.priorityClassName RabbitMQ Audit Logger pods' priorityClassName
##
priorityClassName: ""
## Network Policies
## Ref: https://kubernetes.io/docs/concepts/services-networking/network-policies/
##
networkPolicy:
## @param auditLogger.networkPolicy.enabled Specifies whether a NetworkPolicy should be created
##
enabled: false
## @param auditLogger.networkPolicy.kubeAPIServerPorts [array] List of possible endpoints to kube-apiserver (limit to your cluster settings to increase security)
##
kubeAPIServerPorts: [443, 6443, 8443]
## @param auditLogger.networkPolicy.allowExternal Don't require injector label for connections
## The Policy model to apply. When set to false, only pods with the correct
## injector label will have network access to the ports injector is listening
## on. When true, injector will accept connections from any source
## (with the correct destination port).
##
allowExternal: true
## @param auditLogger.networkPolicy.allowExternalEgress Allow the pod to access any range of port and all destinations.
##
allowExternalEgress: true
## @param auditLogger.networkPolicy.extraIngress [array] Add extra ingress rules to the NetworkPolicy
## e.g:
## extraIngress:
## - ports:
## - port: 1234
## from:
## - podSelector:
## - matchLabels:
## - role: frontend
## - podSelector:
## - matchExpressions:
## - key: role
## operator: In
## values:
## - frontend
extraIngress: []
## @param auditLogger.networkPolicy.extraEgress [array] Add extra ingress rules to the NetworkPolicy
## e.g:
## extraEgress:
## - ports:
## - port: 1234
## to:
## - podSelector:
## - matchLabels:
## - role: frontend
## - podSelector:
## - matchExpressions:
## - key: role
## operator: In
## values:
## - frontend
##
extraEgress: []
## @param msgTopolauditLoggerogyOperator.networkPolicy.ingressNSMatchLabels [object] Labels to match to allow traffic from other namespaces
## @param auditLogger.networkPolicy.ingressNSPodMatchLabels [object] Pod labels to match to allow traffic from other namespaces
##
ingressNSMatchLabels: {}
ingressNSPodMatchLabels: {}
## RBAC configuration
##
rbac:
## @param auditLogger.rbac.create Specifies whether RBAC resources should be created
##
create: true
## ClusterRole parameters
##
clusterRole:
## @param auditLogger.rbac.clusterRole.customRules Define custom access rules for the ClusterRole
## ref: https://kubernetes.io/docs/reference/access-authn-authz/rbac/#role-and-clusterrole
## e.g:
## customRules:
## - apiGroups: A list of API groups (e.g., [""], ["apps"]).
## - resources: A list of resource names (e.g., ["configmaps", "pods"]).
## - verbs: A list of allowed access verbs (e.g., ["create", "get", "list"]).
customRules: []
## @param auditLogger.rbac.clusterRole.extraRules Define extra access rules for the ClusterRole. This has no effect if customerRules is a non-empty array.
## ref: https://kubernetes.io/docs/reference/access-authn-authz/rbac/#role-and-clusterrole
## e.g:
## extraRules:
## - apiGroups: A list of API groups (e.g., [""], ["apps"]).
## - resources: A list of resource names (e.g., ["configmaps", "pods"]).
## - verbs: A list of allowed access verbs (e.g., ["create", "get", "list"]).
extraRules: []
## ServiceAccount configuration
##
serviceAccount:
## @param auditLogger.serviceAccount.create Specifies whether a ServiceAccount should be created
##
create: true
## @param auditLogger.serviceAccount.name The name of the ServiceAccount to use.
## If not set and create is true, a name is generated using the common.names.fullname template
##
name: ""
## @param auditLogger.serviceAccount.annotations Add annotations
##
annotations: {}
## @param auditLogger.serviceAccount.automountServiceAccountToken Automount API credentials for a service account.
##
automountServiceAccountToken: false
## @section RabbitMQ Audit Logger parameters
##
## @section cert-manager parameters
##
## @param useCertManager Deploy cert-manager objects (Issuer and Certificate) for webhooks
##
useCertManager: true
Content feedback and comments