Update RabbitMQ and add configuration for Users and VHosts

Signed-off-by: Andrei Kvapil <kvapss@gmail.com>
aenix-io · Sep 4, 2024 · e962e21 · e962e21
1 parent 9e33dc0
commit e962e21
Show file tree

Hide file tree

Showing 9 changed files with 3,807 additions and 145 deletions.
diff --git a/packages/apps/rabbitmq/Chart.yaml b/packages/apps/rabbitmq/Chart.yaml
@@ -16,10 +16,10 @@ type: application
 # This is the chart version. This version number should be incremented each time you make changes
 # to the chart and its templates, including the app version.
 # Versions are expected to follow Semantic Versioning (https://semver.org/)
-version: 0.3.0
+version: 0.4.0
 
 # This is the version number of the application being deployed. This version number should be
 # incremented each time you make changes to the application. Versions are not expected to
 # follow Semantic Versioning. They should reflect the version the application is using.
 # It is recommended to use it with quotes.
-appVersion: "3.12.2"
+appVersion: "3.13.2"
diff --git a/packages/apps/rabbitmq/README.md b/packages/apps/rabbitmq/README.md
@@ -19,3 +19,10 @@ The service utilizes official RabbitMQ operator. This ensures the reliability an
 | `size` | Persistent Volume size | `10Gi` |
 | `replicas` | Number of RabbitMQ replicas | `3` |
 | `storageClass` | StorageClass used to store the data | `""` |
+
+### Configuration parameters
+
+| Name | Description | Value |
+| -------- | --------------------------- | ----- |
+| `users` | Users configuration | `{}` |
+| `vhosts` | Virtual Hosts configuration | `{}` |
diff --git a/packages/apps/rabbitmq/templates/dashboard-resourcemap.yaml b/packages/apps/rabbitmq/templates/dashboard-resourcemap.yaml
@@ -0,0 +1,22 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+ name: {{ .Release.Name }}-dashboard-resources
+rules:
+- apiGroups:
+ - ""
+ resources:
+ - secrets
+ resourceNames:
+ - {{ .Release.Name }}-default-user
+ {{- range $name, $u := .Values.users }}
+ - {{ $.Release.Name }}-{{ kebabcase $name }}-credentials
+ {{- end }}
+ verbs: ["get", "list", "watch"]
+- apiGroups:
+ - ""
+ resources:
+ - services
+ resourceNames:
+ - {{ .Release.Name }}
+ verbs: ["get", "list", "watch"]
diff --git a/packages/apps/rabbitmq/templates/rabbitmq.yaml b/packages/apps/rabbitmq/templates/rabbitmq.yaml
@@ -17,3 +17,81 @@ spec:
  storageClassName: {{ . }}
  {{- end }}
  storage: {{ .Values.size }}
+
+{{- range $user, $u := .Values.users }}
+
+{{- $password := $u.password }}
+{{- if not $password }}
+{{- with (dig "data" "password" "" (lookup "v1" "Secret" $.Release.Namespace (printf "%s-%s-credentials" $.Release.Name (kebabcase $user)))) }}
+{{- $password = b64dec . }}
+{{- end }}
+{{- end }}
+{{- if not $password }}
+{{- $password = (randAlphaNum 16) }}
+{{- end }}
+
+---
+apiVersion: rabbitmq.com/v1beta1
+kind: User
+metadata:
+ name: {{ $.Release.Name }}-{{ kebabcase $user }}
+ annotations:
+ config: '{{ printf "%s %s" $user $password | sha256sum }}'
+spec:
+ importCredentialsSecret:
+ name: {{ $.Release.Name }}-{{ $user }}-credentials
+ rabbitmqClusterReference:
+ name: {{ $.Release.Name }}
+---
+apiVersion: v1
+kind: Secret
+metadata:
+ name: {{ $.Release.Name }}-{{ kebabcase $user }}-credentials
+type: Opaque
+stringData:
+ username: {{ $user }}
+ password: {{ $password }}
+{{- end }}
+
+{{- range $host, $h := .Values.vhosts }}
+---
+apiVersion: rabbitmq.com/v1beta1
+kind: Vhost
+metadata:
+ name: {{ $.Release.Name }}-{{ kebabcase $host }}
+spec:
+ name: {{ $host }}
+ rabbitmqClusterReference:
+ name: {{ $.Release.Name }}
+{{- range $user := $h.roles.admin }}
+---
+apiVersion: rabbitmq.com/v1beta1
+kind: Permission
+metadata:
+ name: {{ $.Release.Name }}-{{ kebabcase $host }}-{{ kebabcase $user }}
+spec:
+ vhost: "{{ $host }}"
+ user: "{{ $user }}"
+ permissions:
+ write: ".*"
+ configure: ".*"
+ read: ".*"
+ rabbitmqClusterReference:
+ name: {{ $.Release.Name }}
+{{- end }}
+{{- range $user := $h.roles.readonly }}
+---
+apiVersion: rabbitmq.com/v1beta1
+kind: Permission
+metadata:
+ name: {{ $.Release.Name }}-{{ kebabcase $host }}-{{ kebabcase $user }}
+spec:
+ vhost: "{{ $host }}"
+ user: "{{ $user }}"
+ permissions:
+ read: ".*"
+ rabbitmqClusterReference:
+ name: {{ $.Release.Name }}
+{{- end }}
+
+{{- end }}
diff --git a/packages/apps/rabbitmq/values.schema.json b/packages/apps/rabbitmq/values.schema.json
@@ -21,6 +21,11 @@
  "type": "string",
  "description": "StorageClass used to store the data",
  "default": ""
+ },
+ "vhosts": {
+ "type": "object",
+ "description": "Virtual Hosts configuration",
+ "default": {}
  }
  }
 }
diff --git a/packages/apps/rabbitmq/values.yaml b/packages/apps/rabbitmq/values.yaml
@@ -9,3 +9,33 @@ external: false
 size: 10Gi
 replicas: 3
 storageClass: ""
+
+## @section Configuration parameters
+
+## @param users [object] Users configuration
+## Example:
+## users:
+## user1:
+## password: strongpassword
+## user2:
+## password: hackme
+## user3:
+## password: testtest
+##
+users: {}
+
+## @param vhosts Virtual Hosts configuration
+## Example:
+## vhosts:
+## myapp:
+## roles:
+## admin:
+## - user1
+## - user2
+## readonly:
+## - user3
+## test:
+## roles:
+## admin:
+## - user3
+vhosts: {}
diff --git a/packages/system/rabbitmq-operator/Makefile b/packages/system/rabbitmq-operator/Makefile
@@ -8,3 +8,6 @@ update:
  wget -O templates/cluster-operator.yml https://github.com/rabbitmq/cluster-operator/releases/latest/download/cluster-operator.yml
  yq -i 'del(select(.kind=="Namespace"))' templates/cluster-operator.yml
  sed -i 's/rabbitmq-system/$(NAMESPACE)/g' templates/cluster-operator.yml
+ wget -O templates/messaging-topology-operator.yml https://github.com/rabbitmq/messaging-topology-operator/releases/latest/download/messaging-topology-operator-with-certmanager.yaml
+ yq -i 'del(select(.kind=="Namespace"))' templates/messaging-topology-operator.yml
+ sed -i 's/rabbitmq-system/$(NAMESPACE)/g' templates/messaging-topology-operator.yml