rabbitmq-cluster-operator
Helm chart
iamguarded
Request a free trial
Contact our team to test out this Helm chart and related images for free. Please also indicate any other images you would like to evaluate.
Tag:
1
# This file has been modified by Chainguard, Inc.
2
#
3
# Copyright Chainguard, Inc. All Rights Reserved.
4
# Chainguard, Inc. modifications are subject to the license
5
# available at: https://www.chainguard.dev/legal/software-license-agreement
6
#
7
# Copyright Broadcom, Inc. All Rights Reserved.
8
# SPDX-License-Identifier: APACHE-2.0
9
10
## @section Global parameters
11
## Global Docker image parameters
12
## Please, note that this will override the image parameters, including dependencies, configured to use the global value
13
## Current available global Docker image parameters: imageRegistry, imagePullSecrets and storageClass
14
##
15
16
## @param global.imageRegistry Global Docker image registry
17
## @param global.imagePullSecrets Global Docker registry secret names as an array
18
## @param global.defaultStorageClass Global default StorageClass for Persistent Volume(s)
19
## @param global.storageClass DEPRECATED: use global.defaultStorageClass instead
20
##
21
global:
22
imageRegistry: ""
23
## E.g.
24
## imagePullSecrets:
25
## - myRegistryKeySecretName
26
##
27
imagePullSecrets: []
28
defaultStorageClass: ""
29
storageClass: ""
30
## Security parameters
31
##
32
security:
33
## @param global.security.allowInsecureImages Allows skipping image verification
34
allowInsecureImages: false
35
## Compatibility adaptations for Kubernetes platforms
36
##
37
compatibility:
38
## Compatibility adaptations for Openshift
39
##
40
openshift:
41
## @param global.compatibility.openshift.adaptSecurityContext Adapt the securityContext sections of the deployment to make them compatible with Openshift restricted-v2 SCC: remove runAsUser, runAsGroup and fsGroup and let the platform use their allowed default IDs. Possible values: auto (apply if the detected running cluster is Openshift), force (perform the adaptation always), disabled (do not perform adaptation)
42
##
43
adaptSecurityContext: auto
44
org: ""
45
## @section Common parameters
46
##
47
48
## @param kubeVersion Override Kubernetes version
49
##
50
kubeVersion: ""
51
## @param nameOverride String to partially override common.names.fullname
52
##
53
nameOverride: ""
54
## @param fullnameOverride String to fully override common.names.fullname
55
##
56
fullnameOverride: ""
57
## @param commonLabels Labels to add to all deployed objects
58
##
59
commonLabels: {}
60
## @param commonAnnotations Annotations to add to all deployed objects
61
##
62
commonAnnotations: {}
63
## @param clusterDomain Kubernetes cluster domain name
64
##
65
clusterDomain: cluster.local
66
## @param extraDeploy Array of extra objects to deploy with the release
67
##
68
extraDeploy: []
69
## Enable diagnostic mode in the deployment(s)/statefulset(s)
70
##
71
diagnosticMode:
72
## @param diagnosticMode.enabled Enable diagnostic mode (all probes will be disabled)
73
##
74
enabled: false
75
## @section RabbitMQ Cluster Operator Parameters
76
##
77
78
## Iamguarded RabbitMQ Image
79
## @param rabbitmqImage.registry [default: REGISTRY_NAME] RabbitMQ Image registry
80
## @param rabbitmqImage.repository [default: REPOSITORY_NAME/rabbitmq] RabbitMQ Image repository
81
## @skip rabbitmqImage.tag RabbitMQ Image tag (immutable tags are recommended)
82
## @param rabbitmqImage.digest RabbitMQ image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag
83
## @param rabbitmqImage.pullSecrets RabbitMQ Image pull secrets
84
##
85
rabbitmqImage:
86
registry: cgr.dev
87
repository: chainguard-private/rabbitmq-iamguarded
88
tag: 4.3.2
89
digest: ""
90
## Optionally specify an array of imagePullSecrets.
91
## Secrets must be manually created in the namespace.
92
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-rabbitmqImage-private-registry/
93
## e.g:
94
## pullSecrets:
95
## - myRegistryKeySecretName
96
##
97
pullSecrets: []
98
## Iamguarded RabbitMQ Default User Credential Updater Image
99
## @param credentialUpdaterImage.registry [default: REGISTRY_NAME] RabbitMQ Default User Credential Updater image registry
100
## @param credentialUpdaterImage.repository [default: REPOSITORY_NAME/rmq-default-credential-updater] RabbitMQ Default User Credential Updater image repository
101
## @skip credentialUpdaterImage.tag RabbitMQ Default User Credential Updater image tag (immutable tags are recommended)
102
## @param credentialUpdaterImage.digest RabbitMQ Default User Credential Updater image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag
103
## @param credentialUpdaterImage.pullSecrets RabbitMQ Default User Credential Updater image pull secrets
104
##
105
credentialUpdaterImage:
106
registry: cgr.dev
107
repository: chainguard-private/rabbitmq-default-user-credential-updater-iamguarded
108
tag: 1.0.15
109
digest: ""
110
## Optionally specify an array of imagePullSecrets.
111
## Secrets must be manually created in the namespace.
112
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-credentialUpdaterImage-private-registry/
113
## e.g:
114
## pullSecrets:
115
## - myRegistryKeySecretName
116
##
117
pullSecrets: []
118
clusterOperator:
119
## Iamguarded RabbitMQ Cluster Operator image
120
## @param clusterOperator.image.registry [default: REGISTRY_NAME] RabbitMQ Cluster Operator image registry
121
## @param clusterOperator.image.repository [default: REPOSITORY_NAME/rabbitmq-cluster-operator] RabbitMQ Cluster Operator image repository
122
## @skip clusterOperator.image.tag RabbitMQ Cluster Operator image tag (immutable tags are recommended)
123
## @param clusterOperator.image.digest RabbitMQ Cluster Operator image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag
124
## @param clusterOperator.image.pullPolicy RabbitMQ Cluster Operator image pull policy
125
## @param clusterOperator.image.pullSecrets RabbitMQ Cluster Operator image pull secrets
126
##
127
image:
128
registry: cgr.dev
129
repository: chainguard-private/rabbitmq-cluster-operator-iamguarded
130
tag: 2.21.1
131
digest: ""
132
## Specify a imagePullPolicy
133
## ref: https://kubernetes.io/docs/concepts/containers/images/#pre-pulled-images
134
##
135
pullPolicy: IfNotPresent
136
## Optionally specify an array of imagePullSecrets.
137
## Secrets must be manually created in the namespace.
138
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
139
## e.g:
140
## pullSecrets:
141
## - myRegistryKeySecretName
142
##
143
pullSecrets: []
144
## @param clusterOperator.revisionHistoryLimit sets number of replicaset to keep in k8s
145
##
146
revisionHistoryLimit: 10
147
## @param clusterOperator.watchAllNamespaces Watch for resources in all namespaces
148
##
149
watchAllNamespaces: true
150
## @param clusterOperator.watchNamespaces [array] Watch for resources in the given namespaces (ignored if watchAllNamespaces=true)
151
##
152
watchNamespaces: []
153
## @param clusterOperator.replicaCount Number of RabbitMQ Cluster Operator replicas to deploy
154
##
155
replicaCount: 1
156
## @param clusterOperator.schedulerName Alternative scheduler
157
##
158
schedulerName: ""
159
## @param clusterOperator.topologySpreadConstraints Topology Spread Constraints for pod assignment
160
## https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/
161
## The value is evaluated as a template
162
##
163
topologySpreadConstraints: []
164
## @param clusterOperator.terminationGracePeriodSeconds In seconds, time the given to the %%MAIN_CONTAINER_NAME%% pod needs to terminate gracefully
165
## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod/#termination-of-pods
166
##
167
terminationGracePeriodSeconds: ""
168
## Configure extra options for RabbitMQ Cluster Operator containers' liveness and readiness probes
169
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes
170
## @param clusterOperator.livenessProbe.enabled Enable livenessProbe on RabbitMQ Cluster Operator nodes
171
## @param clusterOperator.livenessProbe.initialDelaySeconds Initial delay seconds for livenessProbe
172
## @param clusterOperator.livenessProbe.periodSeconds Period seconds for livenessProbe
173
## @param clusterOperator.livenessProbe.timeoutSeconds Timeout seconds for livenessProbe
174
## @param clusterOperator.livenessProbe.failureThreshold Failure threshold for livenessProbe
175
## @param clusterOperator.livenessProbe.successThreshold Success threshold for livenessProbe
176
##
177
livenessProbe:
178
enabled: true
179
initialDelaySeconds: 5
180
periodSeconds: 30
181
timeoutSeconds: 5
182
successThreshold: 1
183
failureThreshold: 5
184
## @param clusterOperator.readinessProbe.enabled Enable readinessProbe on RabbitMQ Cluster Operator nodes
185
## @param clusterOperator.readinessProbe.initialDelaySeconds Initial delay seconds for readinessProbe
186
## @param clusterOperator.readinessProbe.periodSeconds Period seconds for readinessProbe
187
## @param clusterOperator.readinessProbe.timeoutSeconds Timeout seconds for readinessProbe
188
## @param clusterOperator.readinessProbe.failureThreshold Failure threshold for readinessProbe
189
## @param clusterOperator.readinessProbe.successThreshold Success threshold for readinessProbe
190
##
191
readinessProbe:
192
enabled: true
193
initialDelaySeconds: 5
194
periodSeconds: 30
195
timeoutSeconds: 5
196
successThreshold: 1
197
failureThreshold: 5
198
## @param clusterOperator.startupProbe.enabled Enable startupProbe on RabbitMQ Cluster Operator nodes
199
## @param clusterOperator.startupProbe.initialDelaySeconds Initial delay seconds for startupProbe
200
## @param clusterOperator.startupProbe.periodSeconds Period seconds for startupProbe
201
## @param clusterOperator.startupProbe.timeoutSeconds Timeout seconds for startupProbe
202
## @param clusterOperator.startupProbe.failureThreshold Failure threshold for startupProbe
203
## @param clusterOperator.startupProbe.successThreshold Success threshold for startupProbe
204
##
205
startupProbe:
206
enabled: false
207
initialDelaySeconds: 5
208
periodSeconds: 30
209
timeoutSeconds: 5
210
successThreshold: 1
211
failureThreshold: 5
212
## @param clusterOperator.customLivenessProbe Custom livenessProbe that overrides the default one
213
##
214
customLivenessProbe: {}
215
## @param clusterOperator.customReadinessProbe Custom readinessProbe that overrides the default one
216
##
217
customReadinessProbe: {}
218
## @param clusterOperator.customStartupProbe Custom startupProbe that overrides the default one
219
##
220
customStartupProbe: {}
221
## RabbitMQ Cluster Operator resource requests and limits
222
## ref: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/
223
## @param clusterOperator.resourcesPreset Set container resources according to one common preset (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge). This is ignored if clusterOperator.resources is set (clusterOperator.resources is recommended for production).
224
##
225
resourcesPreset: "nano"
226
## @param clusterOperator.resources Set container requests and limits for different resources like CPU or memory (essential for production workloads)
227
## Example:
228
## resources:
229
## requests:
230
## cpu: 2
231
## memory: 512Mi
232
## limits:
233
## cpu: 3
234
## memory: 1024Mi
235
##
236
resources: {}
237
## Pod Disruption Budget configuration
238
## ref: https://kubernetes.io/docs/tasks/run-application/configure-pdb/
239
## @param clusterOperator.pdb.create Enable a Pod Disruption Budget creation
240
## @param clusterOperator.pdb.minAvailable Minimum number/percentage of pods that should remain scheduled
241
## @param clusterOperator.pdb.maxUnavailable Maximum number/percentage of pods that may be made unavailable
242
##
243
pdb:
244
create: true
245
minAvailable: ""
246
maxUnavailable: ""
247
## Configure Pods Security Context
248
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod
249
## @param clusterOperator.podSecurityContext.enabled Enabled RabbitMQ Cluster Operator pods' Security Context
250
## @param clusterOperator.podSecurityContext.fsGroupChangePolicy Set filesystem group change policy
251
## @param clusterOperator.podSecurityContext.sysctls Set kernel settings using the sysctl interface
252
## @param clusterOperator.podSecurityContext.supplementalGroups Set filesystem extra groups
253
## @param clusterOperator.podSecurityContext.fsGroup Set RabbitMQ Cluster Operator pod's Security Context fsGroup
254
##
255
podSecurityContext:
256
enabled: true
257
fsGroupChangePolicy: Always
258
sysctls: []
259
supplementalGroups: []
260
fsGroup: 1001
261
## Configure Container Security Context
262
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod
263
## @param clusterOperator.containerSecurityContext.enabled Enabled containers' Security Context
264
## @param clusterOperator.containerSecurityContext.seLinuxOptions [object,nullable] Set SELinux options in container
265
## @param clusterOperator.containerSecurityContext.runAsUser Set containers' Security Context runAsUser
266
## @param clusterOperator.containerSecurityContext.runAsGroup Set containers' Security Context runAsGroup
267
## @param clusterOperator.containerSecurityContext.runAsNonRoot Set container's Security Context runAsNonRoot
268
## @param clusterOperator.containerSecurityContext.privileged Set container's Security Context privileged
269
## @param clusterOperator.containerSecurityContext.readOnlyRootFilesystem Set container's Security Context readOnlyRootFilesystem
270
## @param clusterOperator.containerSecurityContext.allowPrivilegeEscalation Set container's Security Context allowPrivilegeEscalation
271
## @param clusterOperator.containerSecurityContext.capabilities.drop List of capabilities to be dropped
272
## @param clusterOperator.containerSecurityContext.seccompProfile.type Set container's Security Context seccomp profile
273
##
274
containerSecurityContext:
275
enabled: true
276
seLinuxOptions: {}
277
runAsUser: 1001
278
runAsGroup: 1001
279
runAsNonRoot: true
280
privileged: false
281
readOnlyRootFilesystem: true
282
allowPrivilegeEscalation: false
283
capabilities:
284
drop: ["ALL"]
285
seccompProfile:
286
type: "RuntimeDefault"
287
## @param clusterOperator.command Override default container command (useful when using custom images)
288
##
289
command: []
290
## @param clusterOperator.args Override default container args (useful when using custom images)
291
##
292
args: []
293
## @param clusterOperator.automountServiceAccountToken Mount Service Account token in pod
294
##
295
automountServiceAccountToken: true
296
## @param clusterOperator.hostAliases RabbitMQ Cluster Operator pods host aliases
297
## https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/
298
##
299
hostAliases: []
300
## @param clusterOperator.podLabels Extra labels for RabbitMQ Cluster Operator pods
301
## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/
302
##
303
podLabels: {}
304
## @param clusterOperator.podAnnotations Annotations for RabbitMQ Cluster Operator pods
305
## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/
306
##
307
podAnnotations: {}
308
## @param clusterOperator.podAffinityPreset Pod affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard`
309
## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity
310
##
311
podAffinityPreset: ""
312
## @param clusterOperator.podAntiAffinityPreset Pod anti-affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard`
313
## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity
314
##
315
podAntiAffinityPreset: soft
316
## Node affinity preset
317
## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity
318
##
319
nodeAffinityPreset:
320
## @param clusterOperator.nodeAffinityPreset.type Node affinity preset type. Ignored if `affinity` is set. Allowed values: `soft` or `hard`
321
##
322
type: ""
323
## @param clusterOperator.nodeAffinityPreset.key Node label key to match. Ignored if `affinity` is set
324
##
325
key: ""
326
## @param clusterOperator.nodeAffinityPreset.values Node label values to match. Ignored if `affinity` is set
327
## E.g.
328
## values:
329
## - e2e-az1
330
## - e2e-az2
331
##
332
values: []
333
## @param clusterOperator.affinity Affinity for RabbitMQ Cluster Operator pods assignment
334
## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity
335
## NOTE: `podAffinityPreset`, `podAntiAffinityPreset`, and `nodeAffinityPreset` will be ignored when it's set
336
##
337
affinity: {}
338
## @param clusterOperator.nodeSelector Node labels for RabbitMQ Cluster Operator pods assignment
339
## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/
340
##
341
nodeSelector: {}
342
## @param clusterOperator.tolerations Tolerations for RabbitMQ Cluster Operator pods assignment
343
## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/
344
##
345
tolerations: []
346
## @param clusterOperator.updateStrategy.type RabbitMQ Cluster Operator statefulset strategy type
347
## ref: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#update-strategies
348
##
349
updateStrategy:
350
## StrategyType
351
## Can be set to RollingUpdate or OnDelete
352
##
353
type: RollingUpdate
354
## @param clusterOperator.priorityClassName RabbitMQ Cluster Operator pods' priorityClassName
355
##
356
priorityClassName: ""
357
## @param clusterOperator.lifecycleHooks for the RabbitMQ Cluster Operator container(s) to automate configuration before or after startup
358
##
359
lifecycleHooks: {}
360
## @param clusterOperator.containerPorts.metrics RabbitMQ Cluster Operator container port (used for metrics)
361
##
362
containerPorts:
363
metrics: 9782
364
## @param clusterOperator.extraEnvVars Array with extra environment variables to add to RabbitMQ Cluster Operator nodes
365
## e.g:
366
## extraEnvVars:
367
## - name: FOO
368
## value: "bar"
369
##
370
extraEnvVars: []
371
## @param clusterOperator.extraEnvVarsCM Name of existing ConfigMap containing extra env vars for RabbitMQ Cluster Operator nodes
372
##
373
extraEnvVarsCM: ""
374
## @param clusterOperator.extraEnvVarsSecret Name of existing Secret containing extra env vars for RabbitMQ Cluster Operator nodes
375
##
376
extraEnvVarsSecret: ""
377
## @param clusterOperator.extraVolumes Optionally specify extra list of additional volumes for the RabbitMQ Cluster Operator pod(s)
378
##
379
extraVolumes: []
380
## @param clusterOperator.extraVolumeMounts Optionally specify extra list of additional volumeMounts for the RabbitMQ Cluster Operator container(s)
381
##
382
extraVolumeMounts: []
383
## @param clusterOperator.sidecars Add additional sidecar containers to the RabbitMQ Cluster Operator pod(s)
384
## e.g:
385
## sidecars:
386
## - name: your-image-name
387
## image: your-image
388
## imagePullPolicy: Always
389
## ports:
390
## - name: portname
391
## containerPort: 1234
392
##
393
sidecars: []
394
## @param clusterOperator.initContainers Add additional init containers to the RabbitMQ Cluster Operator pod(s)
395
## ref: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/
396
## e.g:
397
## initContainers:
398
## - name: your-image-name
399
## image: your-image
400
## imagePullPolicy: Always
401
## command: ['sh', '-c', 'echo "hello world"']
402
##
403
initContainers: []
404
## Network Policies
405
## Ref: https://kubernetes.io/docs/concepts/services-networking/network-policies/
406
##
407
networkPolicy:
408
## @param clusterOperator.networkPolicy.enabled Specifies whether a NetworkPolicy should be created
409
##
410
enabled: true
411
## @param clusterOperator.networkPolicy.kubeAPIServerPorts [array] List of possible endpoints to kube-apiserver (limit to your cluster settings to increase security)
412
##
413
kubeAPIServerPorts: [443, 6443, 8443]
414
## @param clusterOperator.networkPolicy.allowExternal Don't require injector label for connections
415
## The Policy model to apply. When set to false, only pods with the correct
416
## injector label will have network access to the ports injector is listening
417
## on. When true, injector will accept connections from any source
418
## (with the correct destination port).
419
##
420
allowExternal: true
421
## @param clusterOperator.networkPolicy.allowExternalEgress Allow the pod to access any range of port and all destinations.
422
##
423
allowExternalEgress: true
424
## @param clusterOperator.networkPolicy.extraIngress [array] Add extra ingress rules to the NetworkPolicy
425
## e.g:
426
## extraIngress:
427
## - ports:
428
## - port: 1234
429
## from:
430
## - podSelector:
431
## - matchLabels:
432
## - role: frontend
433
## - podSelector:
434
## - matchExpressions:
435
## - key: role
436
## operator: In
437
## values:
438
## - frontend
439
extraIngress: []
440
## @param clusterOperator.networkPolicy.extraEgress [array] Add extra ingress rules to the NetworkPolicy
441
## e.g:
442
## extraEgress:
443
## - ports:
444
## - port: 1234
445
## to:
446
## - podSelector:
447
## - matchLabels:
448
## - role: frontend
449
## - podSelector:
450
## - matchExpressions:
451
## - key: role
452
## operator: In
453
## values:
454
## - frontend
455
##
456
extraEgress: []
457
## @param clusterOperator.networkPolicy.ingressNSMatchLabels [object] Labels to match to allow traffic from other namespaces
458
## @param clusterOperator.networkPolicy.ingressNSPodMatchLabels [object] Pod labels to match to allow traffic from other namespaces
459
##
460
ingressNSMatchLabels: {}
461
ingressNSPodMatchLabels: {}
462
## RBAC configuration
463
##
464
rbac:
465
## @param clusterOperator.rbac.create Specifies whether RBAC resources should be created
466
##
467
create: true
468
## ClusterRole parameters
469
##
470
clusterRole:
471
## @param clusterOperator.rbac.clusterRole.customRules Define custom access rules for the ClusterRole
472
## ref: https://kubernetes.io/docs/reference/access-authn-authz/rbac/#role-and-clusterrole
473
## e.g:
474
## customRules:
475
## - apiGroups: A list of API groups (e.g., [""], ["apps"]).
476
## - resources: A list of resource names (e.g., ["configmaps", "pods"]).
477
## - verbs: A list of allowed access verbs (e.g., ["create", "get", "list"]).
478
customRules: []
479
## @param clusterOperator.rbac.clusterRole.extraRules Define extra access rules for the ClusterRole. This has no effect if customerRules is a non-empty array.
480
## ref: https://kubernetes.io/docs/reference/access-authn-authz/rbac/#role-and-clusterrole
481
## e.g:
482
## extraRules:
483
## - apiGroups: A list of API groups (e.g., [""], ["apps"]).
484
## - resources: A list of resource names (e.g., ["configmaps", "pods"]).
485
## - verbs: A list of allowed access verbs (e.g., ["create", "get", "list"]).
486
extraRules: []
487
## ServiceAccount configuration
488
##
489
serviceAccount:
490
## @param clusterOperator.serviceAccount.create Specifies whether a ServiceAccount should be created
491
##
492
create: true
493
## @param clusterOperator.serviceAccount.name The name of the ServiceAccount to use.
494
## If not set and create is true, a name is generated using the common.names.fullname template
495
##
496
name: ""
497
## @param clusterOperator.serviceAccount.annotations Add annotations
498
##
499
annotations: {}
500
## @param clusterOperator.serviceAccount.automountServiceAccountToken Automount API credentials for a service account.
501
##
502
automountServiceAccountToken: false
503
## @section RabbitMQ Cluster Operator Metrics parameters
504
##
505
metrics:
506
## Metrics service parameters
507
##
508
service:
509
## @param clusterOperator.metrics.service.enabled Create a service for accessing the metrics endpoint
510
##
511
enabled: false
512
## @param clusterOperator.metrics.service.type RabbitMQ Cluster Operator metrics service type
513
##
514
type: ClusterIP
515
## @param clusterOperator.metrics.service.ports.http RabbitMQ Cluster Operator metrics service HTTP port
516
##
517
ports:
518
http: 80
519
## Node ports to expose
520
## @param clusterOperator.metrics.service.nodePorts.http Node port for HTTP
521
## NOTE: choose port between <30000-32767>
522
##
523
nodePorts:
524
http: ""
525
## @param clusterOperator.metrics.service.clusterIP RabbitMQ Cluster Operator metrics service Cluster IP
526
## e.g.:
527
## clusterIP: None
528
##
529
clusterIP: ""
530
## @param clusterOperator.metrics.service.extraPorts Extra ports to expose (normally used with the `sidecar` value)
531
##
532
extraPorts: []
533
## @param clusterOperator.metrics.service.loadBalancerIP RabbitMQ Cluster Operator metrics service Load Balancer IP
534
## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-loadbalancer
535
##
536
loadBalancerIP: ""
537
## @param clusterOperator.metrics.service.loadBalancerSourceRanges RabbitMQ Cluster Operator metrics service Load Balancer sources
538
## ref: https://kubernetes.io/docs/tasks/access-application-cluster/configure-cloud-provider-firewall/#restrict-access-for-loadbalancer-service
539
## e.g:
540
## loadBalancerSourceRanges:
541
## - 10.10.10.0/24
542
##
543
loadBalancerSourceRanges: []
544
## @param clusterOperator.metrics.service.externalTrafficPolicy RabbitMQ Cluster Operator metrics service external traffic policy
545
## ref https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/#preserving-the-client-source-ip
546
##
547
externalTrafficPolicy: Cluster
548
## @param clusterOperator.metrics.service.annotations [object] Additional custom annotations for RabbitMQ Cluster Operator metrics service
549
##
550
annotations:
551
prometheus.io/scrape: "true"
552
prometheus.io/port: "{{ .Values.clusterOperator.metrics.service.ports.http }}"
553
## @param clusterOperator.metrics.service.sessionAffinity Session Affinity for Kubernetes service, can be "None" or "ClientIP"
554
## If "ClientIP", consecutive client requests will be directed to the same Pod
555
## ref: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies
556
##
557
sessionAffinity: None
558
## @param clusterOperator.metrics.service.sessionAffinityConfig Additional settings for the sessionAffinity
559
## sessionAffinityConfig:
560
## clientIP:
561
## timeoutSeconds: 300
562
##
563
sessionAffinityConfig: {}
564
serviceMonitor:
565
## @param clusterOperator.metrics.serviceMonitor.enabled Specify if a servicemonitor will be deployed for prometheus-operator
566
##
567
enabled: false
568
## @param clusterOperator.metrics.serviceMonitor.namespace Namespace which Prometheus is running in
569
## e.g:
570
## namespace: monitoring
571
##
572
namespace: ""
573
## @param clusterOperator.metrics.serviceMonitor.jobLabel Specify the jobLabel to use for the prometheus-operator
574
##
575
jobLabel: app.kubernetes.io/name
576
## @param clusterOperator.metrics.serviceMonitor.honorLabels Honor metrics labels
577
## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#endpoint
578
##
579
honorLabels: false
580
## @param clusterOperator.metrics.serviceMonitor.selector Prometheus instance selector labels
581
## e.g:
582
## selector:
583
## prometheus: my-prometheus
584
##
585
selector: {}
586
## @param clusterOperator.metrics.serviceMonitor.scrapeTimeout Timeout after which the scrape is ended
587
## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#endpoint
588
## e.g:
589
## scrapeTimeout: 10s
590
##
591
scrapeTimeout: ""
592
## @param clusterOperator.metrics.serviceMonitor.interval Scrape interval. If not set, the Prometheus default scrape interval is used
593
##
594
interval: ""
595
## DEPRECATED: Use clusterOperator.metrics.serviceMonitor.labels instead
596
## This value will be removed in a future release
597
## additionalLabels: {}
598
599
## @param clusterOperator.metrics.serviceMonitor.metricRelabelings Specify additional relabeling of metrics
600
##
601
metricRelabelings: []
602
## @param clusterOperator.metrics.serviceMonitor.relabelings Specify general relabeling
603
##
604
relabelings: []
605
## @param clusterOperator.metrics.serviceMonitor.labels Extra labels for the ServiceMonitor
606
##
607
labels: {}
608
## @param clusterOperator.metrics.serviceMonitor.path Define the path used by ServiceMonitor to scrap metrics
609
## Could be /metrics for aggregated metrics or /metrics/per-object for more details
610
##
611
path: ""
612
## @param clusterOperator.metrics.serviceMonitor.params Define the HTTP URL parameters used by ServiceMonitor
613
##
614
params: {}
615
podMonitor:
616
## @param clusterOperator.metrics.podMonitor.enabled Create PodMonitor Resource for scraping metrics using PrometheusOperator
617
##
618
enabled: false
619
## @param clusterOperator.metrics.podMonitor.jobLabel Specify the jobLabel to use for the prometheus-operator
620
##
621
jobLabel: app.kubernetes.io/name
622
## @param clusterOperator.metrics.podMonitor.namespace Namespace which Prometheus is running in
623
##
624
namespace: ""
625
## @param clusterOperator.metrics.podMonitor.honorLabels Honor metrics labels
626
##
627
honorLabels: false
628
## @param clusterOperator.metrics.podMonitor.selector Prometheus instance selector labels
629
selector: {}
630
## @param clusterOperator.metrics.podMonitor.interval Specify the interval at which metrics should be scraped
631
##
632
interval: 30s
633
## @param clusterOperator.metrics.podMonitor.scrapeTimeout Specify the timeout after which the scrape is ended
634
##
635
scrapeTimeout: 30s
636
## @param clusterOperator.metrics.podMonitor.additionalLabels [object] Additional labels that can be used so PodMonitors will be discovered by Prometheus
637
##
638
additionalLabels: {}
639
## @param clusterOperator.metrics.podMonitor.path Define HTTP path to scrape for metrics.
640
##
641
path: ""
642
## @param clusterOperator.metrics.podMonitor.relabelings Specify general relabeling
643
##
644
relabelings: []
645
## @param clusterOperator.metrics.podMonitor.metricRelabelings Specify additional relabeling of metrics
646
##
647
metricRelabelings: []
648
## @param clusterOperator.metrics.podMonitor.params Define the HTTP URL parameters used by PodMonitor
649
##
650
params: {}
651
## @section RabbitMQ Messaging Topology Operator Parameters
652
##
653
msgTopologyOperator:
654
## @param msgTopologyOperator.enabled Deploy RabbitMQ Messaging Topology Operator as part of the installation
655
##
656
enabled: true
657
## Iamguarded RabbitMQ Messaging Topology Operator image
658
## @param msgTopologyOperator.image.registry [default: REGISTRY_NAME] RabbitMQ Messaging Topology Operator image registry
659
## @param msgTopologyOperator.image.repository [default: REPOSITORY_NAME/rmq-messaging-topology-operator] RabbitMQ Messaging Topology Operator image repository
660
## @skip msgTopologyOperator.image.tag RabbitMQ Messaging Topology Operator image tag (immutable tags are recommended)
661
## @param msgTopologyOperator.image.digest RabbitMQ Messaging Topology Operator image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag
662
## @param msgTopologyOperator.image.pullPolicy RabbitMQ Messaging Topology Operator image pull policy
663
## @param msgTopologyOperator.image.pullSecrets RabbitMQ Messaging Topology Operator image pull secrets
664
##
665
image:
666
registry: cgr.dev
667
repository: chainguard-private/rabbitmq-messaging-topology-operator-iamguarded
668
tag: 1.19.3
669
digest: ""
670
## Specify a imagePullPolicy
671
## ref: https://kubernetes.io/docs/concepts/containers/images/#pre-pulled-images
672
##
673
pullPolicy: IfNotPresent
674
## Optionally specify an array of imagePullSecrets.
675
## Secrets must be manually created in the namespace.
676
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
677
## e.g:
678
## pullSecrets:
679
## - myRegistryKeySecretName
680
##
681
pullSecrets: []
682
## @param msgTopologyOperator.revisionHistoryLimit sets number of replicaset to keep in k8s
683
##
684
revisionHistoryLimit: 10
685
## @param msgTopologyOperator.watchAllNamespaces Watch for resources in all namespaces
686
##
687
watchAllNamespaces: true
688
## @param msgTopologyOperator.watchNamespaces [array] Watch for resources in the given namespaces ## @param clusterOperator.watchNamespaces [array] Watch for resources in the given namespaces (ignored if watchAllNamespaces=true)
689
##
690
watchNamespaces: []
691
## @param msgTopologyOperator.replicaCount Number of RabbitMQ Messaging Topology Operator replicas to deploy
692
##
693
replicaCount: 1
694
## @param msgTopologyOperator.topologySpreadConstraints Topology Spread Constraints for pod assignment
695
## https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/
696
## The value is evaluated as a template
697
##
698
topologySpreadConstraints: []
699
## @param msgTopologyOperator.schedulerName Alternative scheduler
700
##
701
schedulerName: ""
702
## @param msgTopologyOperator.terminationGracePeriodSeconds In seconds, time the given to the %%MAIN_CONTAINER_NAME%% pod needs to terminate gracefully
703
## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod/#termination-of-pods
704
##
705
terminationGracePeriodSeconds: ""
706
## @param msgTopologyOperator.hostNetwork Boolean
707
##
708
hostNetwork: "false"
709
## @param msgTopologyOperator.dnsPolicy Alternative DNS policy
710
##
711
dnsPolicy: "ClusterFirst"
712
## Configure extra options for RabbitMQ Messaging Topology Operator containers' liveness and readiness probes
713
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes
714
## @param msgTopologyOperator.livenessProbe.enabled Enable livenessProbe on RabbitMQ Messaging Topology Operator nodes
715
## @param msgTopologyOperator.livenessProbe.initialDelaySeconds Initial delay seconds for livenessProbe
716
## @param msgTopologyOperator.livenessProbe.periodSeconds Period seconds for livenessProbe
717
## @param msgTopologyOperator.livenessProbe.timeoutSeconds Timeout seconds for livenessProbe
718
## @param msgTopologyOperator.livenessProbe.failureThreshold Failure threshold for livenessProbe
719
## @param msgTopologyOperator.livenessProbe.successThreshold Success threshold for livenessProbe
720
##
721
livenessProbe:
722
enabled: true
723
initialDelaySeconds: 5
724
periodSeconds: 30
725
timeoutSeconds: 5
726
successThreshold: 1
727
failureThreshold: 5
728
## @param msgTopologyOperator.readinessProbe.enabled Enable readinessProbe on RabbitMQ Messaging Topology Operator nodes
729
## @param msgTopologyOperator.readinessProbe.initialDelaySeconds Initial delay seconds for readinessProbe
730
## @param msgTopologyOperator.readinessProbe.periodSeconds Period seconds for readinessProbe
731
## @param msgTopologyOperator.readinessProbe.timeoutSeconds Timeout seconds for readinessProbe
732
## @param msgTopologyOperator.readinessProbe.failureThreshold Failure threshold for readinessProbe
733
## @param msgTopologyOperator.readinessProbe.successThreshold Success threshold for readinessProbe
734
##
735
readinessProbe:
736
enabled: true
737
initialDelaySeconds: 5
738
periodSeconds: 30
739
timeoutSeconds: 5
740
successThreshold: 1
741
failureThreshold: 5
742
## @param msgTopologyOperator.startupProbe.enabled Enable startupProbe on RabbitMQ Messaging Topology Operator nodes
743
## @param msgTopologyOperator.startupProbe.initialDelaySeconds Initial delay seconds for startupProbe
744
## @param msgTopologyOperator.startupProbe.periodSeconds Period seconds for startupProbe
745
## @param msgTopologyOperator.startupProbe.timeoutSeconds Timeout seconds for startupProbe
746
## @param msgTopologyOperator.startupProbe.failureThreshold Failure threshold for startupProbe
747
## @param msgTopologyOperator.startupProbe.successThreshold Success threshold for startupProbe
748
##
749
startupProbe:
750
enabled: false
751
initialDelaySeconds: 5
752
periodSeconds: 30
753
timeoutSeconds: 5
754
successThreshold: 1
755
failureThreshold: 5
756
## @param msgTopologyOperator.customLivenessProbe Custom livenessProbe that overrides the default one
757
##
758
customLivenessProbe: {}
759
## @param msgTopologyOperator.customReadinessProbe Custom readinessProbe that overrides the default one
760
##
761
customReadinessProbe: {}
762
## @param msgTopologyOperator.customStartupProbe Custom startupProbe that overrides the default one
763
##
764
customStartupProbe: {}
765
## @param msgTopologyOperator.skipCreateAdmissionWebhookConfig skip creation of ValidationWebhookConfiguration
766
##
767
skipCreateAdmissionWebhookConfig: false
768
## @param msgTopologyOperator.existingWebhookCertSecret name of a secret containing the certificates (use it to avoid certManager creating one)
769
##
770
existingWebhookCertSecret: ""
771
## @param msgTopologyOperator.existingWebhookCertCABundle PEM-encoded CA Bundle of the existing secret provided in existingWebhookCertSecret (only if useCertManager=false)
772
##
773
existingWebhookCertCABundle: ""
774
## RabbitMQ Messaging Topology Operator resource requests and limits
775
## ref: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/
776
## @param msgTopologyOperator.resourcesPreset Set container resources according to one common preset (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge). This is ignored if msgTopologyOperator.resources is set (msgTopologyOperator.resources is recommended for production).
777
##
778
resourcesPreset: "nano"
779
## @param msgTopologyOperator.resources Set container requests and limits for different resources like CPU or memory (essential for production workloads)
780
## Example:
781
## resources:
782
## requests:
783
## cpu: 2
784
## memory: 512Mi
785
## limits:
786
## cpu: 3
787
## memory: 1024Mi
788
##
789
resources: {}
790
## Pod Disruption Budget configuration
791
## ref: https://kubernetes.io/docs/tasks/run-application/configure-pdb/
792
## @param msgTopologyOperator.pdb.create Enable a Pod Disruption Budget creation
793
## @param msgTopologyOperator.pdb.minAvailable Minimum number/percentage of pods that should remain scheduled
794
## @param msgTopologyOperator.pdb.maxUnavailable Maximum number/percentage of pods that may be made unavailable
795
##
796
pdb:
797
create: true
798
minAvailable: ""
799
maxUnavailable: ""
800
## Configure Pods Security Context
801
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod
802
## @param msgTopologyOperator.podSecurityContext.enabled Enabled RabbitMQ Messaging Topology Operator pods' Security Context
803
## @param msgTopologyOperator.podSecurityContext.fsGroupChangePolicy Set filesystem group change policy
804
## @param msgTopologyOperator.podSecurityContext.sysctls Set kernel settings using the sysctl interface
805
## @param msgTopologyOperator.podSecurityContext.supplementalGroups Set filesystem extra groups
806
## @param msgTopologyOperator.podSecurityContext.fsGroup Set RabbitMQ Messaging Topology Operator pod's Security Context fsGroup
807
##
808
podSecurityContext:
809
enabled: true
810
fsGroupChangePolicy: Always
811
sysctls: []
812
supplementalGroups: []
813
fsGroup: 1001
814
## Configure Container Security Context
815
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod
816
## @param msgTopologyOperator.containerSecurityContext.enabled Enabled containers' Security Context
817
## @param msgTopologyOperator.containerSecurityContext.seLinuxOptions [object,nullable] Set SELinux options in container
818
## @param msgTopologyOperator.containerSecurityContext.runAsUser Set containers' Security Context runAsUser
819
## @param msgTopologyOperator.containerSecurityContext.runAsGroup Set containers' Security Context runAsGroup
820
## @param msgTopologyOperator.containerSecurityContext.runAsNonRoot Set container's Security Context runAsNonRoot
821
## @param msgTopologyOperator.containerSecurityContext.privileged Set container's Security Context privileged
822
## @param msgTopologyOperator.containerSecurityContext.readOnlyRootFilesystem Set container's Security Context readOnlyRootFilesystem
823
## @param msgTopologyOperator.containerSecurityContext.allowPrivilegeEscalation Set container's Security Context allowPrivilegeEscalation
824
## @param msgTopologyOperator.containerSecurityContext.capabilities.drop List of capabilities to be dropped
825
## @param msgTopologyOperator.containerSecurityContext.seccompProfile.type Set container's Security Context seccomp profile
826
##
827
containerSecurityContext:
828
enabled: true
829
seLinuxOptions: {}
830
runAsUser: 1001
831
runAsGroup: 1001
832
runAsNonRoot: true
833
privileged: false
834
readOnlyRootFilesystem: true
835
allowPrivilegeEscalation: false
836
capabilities:
837
drop: ["ALL"]
838
seccompProfile:
839
type: "RuntimeDefault"
840
## @param msgTopologyOperator.fullnameOverride String to fully override rmqco.msgTopologyOperator.fullname template
841
##
842
fullnameOverride: ""
843
## @param msgTopologyOperator.command Override default container command (useful when using custom images)
844
##
845
command: []
846
## @param msgTopologyOperator.args Override default container args (useful when using custom images)
847
##
848
args: []
849
## @param msgTopologyOperator.automountServiceAccountToken Mount Service Account token in pod
850
##
851
automountServiceAccountToken: true
852
## @param msgTopologyOperator.hostAliases RabbitMQ Messaging Topology Operator pods host aliases
853
## https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/
854
##
855
hostAliases: []
856
## @param msgTopologyOperator.podLabels Extra labels for RabbitMQ Messaging Topology Operator pods
857
## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/
858
##
859
podLabels: {}
860
## @param msgTopologyOperator.podAnnotations Annotations for RabbitMQ Messaging Topology Operator pods
861
## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/
862
##
863
podAnnotations: {}
864
## @param msgTopologyOperator.podAffinityPreset Pod affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard`
865
## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity
866
##
867
podAffinityPreset: ""
868
## @param msgTopologyOperator.podAntiAffinityPreset Pod anti-affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard`
869
## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity
870
##
871
podAntiAffinityPreset: soft
872
## Node affinity preset
873
## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity
874
##
875
nodeAffinityPreset:
876
## @param msgTopologyOperator.nodeAffinityPreset.type Node affinity preset type. Ignored if `affinity` is set. Allowed values: `soft` or `hard`
877
##
878
type: ""
879
## @param msgTopologyOperator.nodeAffinityPreset.key Node label key to match. Ignored if `affinity` is set
880
##
881
key: ""
882
## @param msgTopologyOperator.nodeAffinityPreset.values Node label values to match. Ignored if `affinity` is set
883
## E.g.
884
## values:
885
## - e2e-az1
886
## - e2e-az2
887
##
888
values: []
889
## @param msgTopologyOperator.affinity Affinity for RabbitMQ Messaging Topology Operator pods assignment
890
## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity
891
## NOTE: `podAffinityPreset`, `podAntiAffinityPreset`, and `nodeAffinityPreset` will be ignored when it's set
892
##
893
affinity: {}
894
## @param msgTopologyOperator.nodeSelector Node labels for RabbitMQ Messaging Topology Operator pods assignment
895
## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/
896
##
897
nodeSelector: {}
898
## @param msgTopologyOperator.tolerations Tolerations for RabbitMQ Messaging Topology Operator pods assignment
899
## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/
900
##
901
tolerations: []
902
## @param msgTopologyOperator.updateStrategy.type RabbitMQ Messaging Topology Operator statefulset strategy type
903
## ref: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#update-strategies
904
##
905
updateStrategy:
906
## StrategyType
907
## Can be set to RollingUpdate or OnDelete
908
##
909
type: RollingUpdate
910
## @param msgTopologyOperator.priorityClassName RabbitMQ Messaging Topology Operator pods' priorityClassName
911
##
912
priorityClassName: ""
913
## @param msgTopologyOperator.lifecycleHooks for the RabbitMQ Messaging Topology Operator container(s) to automate configuration before or after startup
914
##
915
lifecycleHooks: {}
916
## @param msgTopologyOperator.containerPorts.metrics RabbitMQ Messaging Topology Operator container port (used for metrics)
917
## @param msgTopologyOperator.containerPorts.health RabbitMQ Messaging Topology Operator container port (used for health probes)
918
##
919
containerPorts:
920
metrics: 8080
921
health: 8081
922
## @param msgTopologyOperator.extraEnvVars Array with extra environment variables to add to RabbitMQ Messaging Topology Operator nodes
923
## e.g:
924
## extraEnvVars:
925
## - name: FOO
926
## value: "bar"
927
##
928
extraEnvVars: []
929
## @param msgTopologyOperator.extraEnvVarsCM Name of existing ConfigMap containing extra env vars for RabbitMQ Messaging Topology Operator nodes
930
##
931
extraEnvVarsCM: ""
932
## @param msgTopologyOperator.extraEnvVarsSecret Name of existing Secret containing extra env vars for RabbitMQ Messaging Topology Operator nodes
933
##
934
extraEnvVarsSecret: ""
935
## @param msgTopologyOperator.extraVolumes Optionally specify extra list of additional volumes for the RabbitMQ Messaging Topology Operator pod(s)
936
##
937
extraVolumes: []
938
## @param msgTopologyOperator.extraVolumeMounts Optionally specify extra list of additional volumeMounts for the RabbitMQ Messaging Topology Operator container(s)
939
##
940
extraVolumeMounts: []
941
## @param msgTopologyOperator.sidecars Add additional sidecar containers to the RabbitMQ Messaging Topology Operator pod(s)
942
## e.g:
943
## sidecars:
944
## - name: your-image-name
945
## image: your-image
946
## imagePullPolicy: Always
947
## ports:
948
## - name: portname
949
## containerPort: 1234
950
##
951
sidecars: []
952
## @param msgTopologyOperator.initContainers Add additional init containers to the RabbitMQ Messaging Topology Operator pod(s)
953
## ref: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/
954
## e.g:
955
## initContainers:
956
## - name: your-image-name
957
## image: your-image
958
## imagePullPolicy: Always
959
## command: ['sh', '-c', 'echo "hello world"']
960
##
961
initContainers: []
962
## Webhook service parameters
963
##
964
service:
965
## @param msgTopologyOperator.service.type RabbitMQ Messaging Topology Operator webhook service type
966
##
967
type: ClusterIP
968
## @param msgTopologyOperator.service.ports.webhook RabbitMQ Messaging Topology Operator webhook service HTTP port
969
##
970
ports:
971
webhook: 443
972
## Node ports to expose
973
## @param msgTopologyOperator.service.nodePorts.http Node port for HTTP
974
## NOTE: choose port between <30000-32767>
975
##
976
nodePorts:
977
http: ""
978
## @param msgTopologyOperator.service.clusterIP RabbitMQ Messaging Topology Operator webhook service Cluster IP
979
## e.g.:
980
## clusterIP: None
981
##
982
clusterIP: ""
983
## @param msgTopologyOperator.service.loadBalancerIP RabbitMQ Messaging Topology Operator webhook service Load Balancer IP
984
## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-loadbalancer
985
##
986
loadBalancerIP: ""
987
## @param msgTopologyOperator.service.extraPorts Extra ports to expose (normally used with the `sidecar` value)
988
##
989
extraPorts: []
990
## @param msgTopologyOperator.service.loadBalancerSourceRanges RabbitMQ Messaging Topology Operator webhook service Load Balancer sources
991
## ref: https://kubernetes.io/docs/tasks/access-application-cluster/configure-cloud-provider-firewall/#restrict-access-for-loadbalancer-service
992
## e.g:
993
## loadBalancerSourceRanges:
994
## - 10.10.10.0/24
995
##
996
loadBalancerSourceRanges: []
997
## @param msgTopologyOperator.service.externalTrafficPolicy RabbitMQ Messaging Topology Operator webhook service external traffic policy
998
## ref https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/#preserving-the-client-source-ip
999
##
1000
externalTrafficPolicy: Cluster
1001
## @param msgTopologyOperator.service.annotations Additional custom annotations for RabbitMQ Messaging Topology Operator webhook service
1002
##
1003
annotations: {}
1004
## @param msgTopologyOperator.service.sessionAffinity Session Affinity for Kubernetes service, can be "None" or "ClientIP"
1005
## If "ClientIP", consecutive client requests will be directed to the same Pod
1006
## ref: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies
1007
##
1008
sessionAffinity: None
1009
## @param msgTopologyOperator.service.sessionAffinityConfig Additional settings for the sessionAffinity
1010
## sessionAffinityConfig:
1011
## clientIP:
1012
## timeoutSeconds: 300
1013
##
1014
sessionAffinityConfig: {}
1015
## Network Policies
1016
## Ref: https://kubernetes.io/docs/concepts/services-networking/network-policies/
1017
##
1018
networkPolicy:
1019
## @param msgTopologyOperator.networkPolicy.enabled Specifies whether a NetworkPolicy should be created
1020
##
1021
enabled: true
1022
## @param msgTopologyOperator.networkPolicy.kubeAPIServerPorts [array] List of possible endpoints to kube-apiserver (limit to your cluster settings to increase security)
1023
##
1024
kubeAPIServerPorts: [443, 6443, 8443]
1025
## @param msgTopologyOperator.networkPolicy.allowExternal Don't require injector label for connections
1026
## The Policy model to apply. When set to false, only pods with the correct
1027
## injector label will have network access to the ports injector is listening
1028
## on. When true, injector will accept connections from any source
1029
## (with the correct destination port).
1030
##
1031
allowExternal: true
1032
## @param msgTopologyOperator.networkPolicy.allowExternalEgress Allow the pod to access any range of port and all destinations.
1033
##
1034
allowExternalEgress: true
1035
## @param msgTopologyOperator.networkPolicy.extraIngress [array] Add extra ingress rules to the NetworkPolicy
1036
## e.g:
1037
## extraIngress:
1038
## - ports:
1039
## - port: 1234
1040
## from:
1041
## - podSelector:
1042
## - matchLabels:
1043
## - role: frontend
1044
## - podSelector:
1045
## - matchExpressions:
1046
## - key: role
1047
## operator: In
1048
## values:
1049
## - frontend
1050
extraIngress: []
1051
## @param msgTopologyOperator.networkPolicy.extraEgress [array] Add extra ingress rules to the NetworkPolicy
1052
## e.g:
1053
## extraEgress:
1054
## - ports:
1055
## - port: 1234
1056
## to:
1057
## - podSelector:
1058
## - matchLabels:
1059
## - role: frontend
1060
## - podSelector:
1061
## - matchExpressions:
1062
## - key: role
1063
## operator: In
1064
## values:
1065
## - frontend
1066
##
1067
extraEgress: []
1068
## @param msgTopologyOperator.networkPolicy.ingressNSMatchLabels [object] Labels to match to allow traffic from other namespaces
1069
## @param msgTopologyOperator.networkPolicy.ingressNSPodMatchLabels [object] Pod labels to match to allow traffic from other namespaces
1070
##
1071
ingressNSMatchLabels: {}
1072
ingressNSPodMatchLabels: {}
1073
## RBAC configuration
1074
##
1075
rbac:
1076
## @param msgTopologyOperator.rbac.create Specifies whether RBAC resources should be created
1077
##
1078
create: true
1079
## ClusterRole parameters
1080
##
1081
clusterRole:
1082
## @param msgTopologyOperator.rbac.clusterRole.customRules Define custom access rules for the ClusterRole
1083
## ref: https://kubernetes.io/docs/reference/access-authn-authz/rbac/#role-and-clusterrole
1084
## e.g:
1085
## customRules:
1086
## - apiGroups: A list of API groups (e.g., [""], ["apps"]).
1087
## - resources: A list of resource names (e.g., ["configmaps", "pods"]).
1088
## - verbs: A list of allowed access verbs (e.g., ["create", "get", "list"]).
1089
customRules: []
1090
## @param msgTopologyOperator.rbac.clusterRole.extraRules Define extra access rules for the ClusterRole. This has no effect if customerRules is a non-empty array.
1091
## ref: https://kubernetes.io/docs/reference/access-authn-authz/rbac/#role-and-clusterrole
1092
## e.g:
1093
## extraRules:
1094
## - apiGroups: A list of API groups (e.g., [""], ["apps"]).
1095
## - resources: A list of resource names (e.g., ["configmaps", "pods"]).
1096
## - verbs: A list of allowed access verbs (e.g., ["create", "get", "list"]).
1097
extraRules: []
1098
## ServiceAccount configuration
1099
##
1100
serviceAccount:
1101
## @param msgTopologyOperator.serviceAccount.create Specifies whether a ServiceAccount should be created
1102
##
1103
create: true
1104
## @param msgTopologyOperator.serviceAccount.name The name of the ServiceAccount to use.
1105
## If not set and create is true, a name is generated using the common.names.fullname template
1106
##
1107
name: ""
1108
## @param msgTopologyOperator.serviceAccount.annotations Add annotations
1109
##
1110
annotations: {}
1111
## @param msgTopologyOperator.serviceAccount.automountServiceAccountToken Automount API credentials for a service account.
1112
##
1113
automountServiceAccountToken: false
1114
## @section RabbitMQ Messaging Topology Operator parameters
1115
##
1116
metrics:
1117
## Metrics service parameters
1118
##
1119
service:
1120
## @param msgTopologyOperator.metrics.service.enabled Create a service for accessing the metrics endpoint
1121
##
1122
enabled: false
1123
## @param msgTopologyOperator.metrics.service.type RabbitMQ Cluster Operator metrics service type
1124
##
1125
type: ClusterIP
1126
## @param msgTopologyOperator.metrics.service.ports.http RabbitMQ Cluster Operator metrics service HTTP port
1127
##
1128
ports:
1129
http: 80
1130
## Node ports to expose
1131
## @param msgTopologyOperator.metrics.service.nodePorts.http Node port for HTTP
1132
## NOTE: choose port between <30000-32767>
1133
##
1134
nodePorts:
1135
http: ""
1136
## @param msgTopologyOperator.metrics.service.clusterIP RabbitMQ Cluster Operator metrics service Cluster IP
1137
## e.g.:
1138
## clusterIP: None
1139
##
1140
clusterIP: ""
1141
## @param msgTopologyOperator.metrics.service.extraPorts Extra ports to expose (normally used with the `sidecar` value)
1142
##
1143
extraPorts: []
1144
## @param msgTopologyOperator.metrics.service.loadBalancerIP RabbitMQ Cluster Operator metrics service Load Balancer IP
1145
## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-loadbalancer
1146
##
1147
loadBalancerIP: ""
1148
## @param msgTopologyOperator.metrics.service.loadBalancerSourceRanges RabbitMQ Cluster Operator metrics service Load Balancer sources
1149
## ref: https://kubernetes.io/docs/tasks/access-application-cluster/configure-cloud-provider-firewall/#restrict-access-for-loadbalancer-service
1150
## e.g:
1151
## loadBalancerSourceRanges:
1152
## - 10.10.10.0/24
1153
##
1154
loadBalancerSourceRanges: []
1155
## @param msgTopologyOperator.metrics.service.externalTrafficPolicy RabbitMQ Cluster Operator metrics service external traffic policy
1156
## ref https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/#preserving-the-client-source-ip
1157
##
1158
externalTrafficPolicy: Cluster
1159
## @param msgTopologyOperator.metrics.service.annotations [object] Additional custom annotations for RabbitMQ Cluster Operator metrics service
1160
##
1161
annotations:
1162
prometheus.io/scrape: "true"
1163
prometheus.io/port: "{{ .Values.msgTopologyOperator.metrics.service.ports.http }}"
1164
## @param msgTopologyOperator.metrics.service.sessionAffinity Session Affinity for Kubernetes service, can be "None" or "ClientIP"
1165
## If "ClientIP", consecutive client requests will be directed to the same Pod
1166
## ref: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies
1167
##
1168
sessionAffinity: None
1169
## @param msgTopologyOperator.metrics.service.sessionAffinityConfig Additional settings for the sessionAffinity
1170
## sessionAffinityConfig:
1171
## clientIP:
1172
## timeoutSeconds: 300
1173
##
1174
sessionAffinityConfig: {}
1175
serviceMonitor:
1176
## @param msgTopologyOperator.metrics.serviceMonitor.enabled Specify if a servicemonitor will be deployed for prometheus-operator
1177
##
1178
enabled: false
1179
## @param msgTopologyOperator.metrics.serviceMonitor.namespace Namespace which Prometheus is running in
1180
## e.g:
1181
## namespace: monitoring
1182
##
1183
namespace: ""
1184
## @param msgTopologyOperator.metrics.serviceMonitor.jobLabel Specify the jobLabel to use for the prometheus-operator
1185
##
1186
jobLabel: app.kubernetes.io/name
1187
## DEPRECATED: Use msgTopologyOperator.metrics.serviceMonitor.labels instead.
1188
## This value will be removed in a future release
1189
## additionalLabels: {}
1190
1191
## @param msgTopologyOperator.metrics.serviceMonitor.selector Prometheus instance selector labels
1192
## e.g:
1193
## selector:
1194
## prometheus: my-prometheus
1195
##
1196
selector: {}
1197
## @param msgTopologyOperator.metrics.serviceMonitor.honorLabels Honor metrics labels
1198
## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#endpoint
1199
##
1200
honorLabels: false
1201
## @param msgTopologyOperator.metrics.serviceMonitor.scrapeTimeout Timeout after which the scrape is ended
1202
## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#endpoint
1203
## e.g:
1204
## scrapeTimeout: 10s
1205
##
1206
scrapeTimeout: ""
1207
## @param msgTopologyOperator.metrics.serviceMonitor.interval Scrape interval. If not set, the Prometheus default scrape interval is used
1208
##
1209
interval: ""
1210
## @param msgTopologyOperator.metrics.serviceMonitor.metricRelabelings Specify additional relabeling of metrics
1211
##
1212
metricRelabelings: []
1213
## @param msgTopologyOperator.metrics.serviceMonitor.relabelings Specify general relabeling
1214
##
1215
relabelings: []
1216
## @param msgTopologyOperator.metrics.serviceMonitor.labels Extra labels for the ServiceMonitor
1217
##
1218
labels: {}
1219
podMonitor:
1220
## @param msgTopologyOperator.metrics.podMonitor.enabled Create PodMonitor Resource for scraping metrics using PrometheusOperator
1221
##
1222
enabled: false
1223
## @param msgTopologyOperator.metrics.podMonitor.jobLabel Specify the jobLabel to use for the prometheus-operator
1224
##
1225
jobLabel: app.kubernetes.io/name
1226
## @param msgTopologyOperator.metrics.podMonitor.namespace Namespace which Prometheus is running in
1227
##
1228
namespace: ""
1229
## @param msgTopologyOperator.metrics.podMonitor.honorLabels Honor metrics labels
1230
##
1231
honorLabels: false
1232
## @param msgTopologyOperator.metrics.podMonitor.selector Prometheus instance selector labels
1233
selector: {}
1234
## @param msgTopologyOperator.metrics.podMonitor.interval Specify the interval at which metrics should be scraped
1235
##
1236
interval: 30s
1237
## @param msgTopologyOperator.metrics.podMonitor.scrapeTimeout Specify the timeout after which the scrape is ended
1238
##
1239
scrapeTimeout: 30s
1240
## @param msgTopologyOperator.metrics.podMonitor.additionalLabels [object] Additional labels that can be used so PodMonitors will be discovered by Prometheus
1241
##
1242
additionalLabels: {}
1243
## @param msgTopologyOperator.metrics.podMonitor.relabelings Specify general relabeling
1244
##
1245
relabelings: []
1246
## @param msgTopologyOperator.metrics.podMonitor.metricRelabelings Specify additional relabeling of metrics
1247
##
1248
metricRelabelings: []
1249
## @section cert-manager parameters
1250
##
1251
1252
## @param useCertManager Deploy cert-manager objects (Issuer and Certificate) for webhooks
1253
##
1254
useCertManager: false
1255
The trusted source for open source
Talk to an expertProduct
Customers
© 2026 Chainguard, Inc. All Rights Reserved.
Chainguard® and the Chainguard logo are registered trademarks of Chainguard, Inc. in the United States and/or other countries.
The other respective trademarks mentioned on this page are owned by the respective companies and use of them does not imply any affiliation or endorsement.
Chainguard® and the Chainguard logo are registered trademarks of Chainguard, Inc. in the United States and/or other countries.
The other respective trademarks mentioned on this page are owned by the respective companies and use of them does not imply any affiliation or endorsement.