feat(helm): support password-protected rabbitmq (reanahub#847)

mdonadoni · Nov 22, 2024 · 20a0ea8 · 20a0ea8
1 parent be12076
commit 20a0ea8
Show file tree

Hide file tree

Showing 6 changed files with 70 additions and 0 deletions.
diff --git a/helm/reana/README.md b/helm/reana/README.md
@@ -107,6 +107,8 @@ This Helm automatically prefixes all names using the release name to avoid colli
 | `secrets.gitlab.REANA_GITLAB_OAUTH_APP_ID`               | GitLab OAuth application id                                                          | None                                            |
 | `secrets.gitlab.REANA_GITLAB_OAUTH_APP_SECRET`           | **[Do not use in production, use secrets instead]** GitLab OAuth application secret  | None                                            |
 | `secrets.login`                                          | **[Do not use in production, use secrets instead]** Third-party Keycloak identity provider consumer key and secret ([configuration details](https://docs.reana.io/administration/configuration/configuring-access/#keycloak-single-sign-on-configuration)) | `{}` |
+| `secrets.message_broker.user`                            | Message broker (RabbitMQ) username.                                                  | test                                            |
+| `secrets.message_broker.password`                        | **[Do not use in production, use secrets instead]** Message broker (RabbitMQ) password | 1234                                          |
 | `secrets.reana.REANA_SECRET_KEY`                         | **[Do not use in production, use secrets instead]** REANA encryption secret key      | None                                            |
 | `serviceAccount.create`                                  | Create a service account for the REANA system user                                   | true                                            |
 | `serviceAccount.name`                                    | Service account name                                                                 | reana                                           |

diff --git a/helm/reana/templates/reana-message-broker.yaml b/helm/reana/templates/reana-message-broker.yaml
@@ -45,11 +45,26 @@ spec:
       - name: message-broker
         image: {{ .Values.components.reana_message_broker.image }}
         imagePullPolicy: {{ .Values.components.reana_message_broker.imagePullPolicy }}
+        env:
+        - name: RABBIT_MQ_USER
+          valueFrom:
+            secretKeyRef:
+              name: {{ include "reana.prefix" . }}-message-broker-secrets
+              key: user
+        - name: RABBIT_MQ_PASS
+          valueFrom:
+            secretKeyRef:
+              name: {{ include "reana.prefix" . }}-message-broker-secrets
+              key: password
         ports:
         - containerPort: 5672
           name: tcp
         - containerPort: 15672
           name: management
+        command:
+        - "/start.sh"
+        - "$(RABBIT_MQ_USER)"
+        - "$(RABBIT_MQ_PASS)"
         volumeMounts:
         - mountPath: /var/lib/rabbitmq/mnesia
           subPath: rabbitmq/mnesia

diff --git a/helm/reana/templates/reana-server.yaml b/helm/reana/templates/reana-server.yaml
@@ -156,6 +156,16 @@ spec:
               secretKeyRef:
                 name: {{ include "reana.prefix" . }}-cache-secrets
                 key: password
+          - name: RABBIT_MQ_USER
+            valueFrom:
+              secretKeyRef:
+                name: {{ include "reana.prefix" . }}-message-broker-secrets
+                key: user
+          - name: RABBIT_MQ_PASS
+            valueFrom:
+              secretKeyRef:
+                name: {{ include "reana.prefix" . }}-message-broker-secrets
+                key: password
           {{- if .Values.debug.enabled }}
           # Disable CORS in development environment, for example
           # to connect from an external React application.
@@ -282,6 +292,16 @@ spec:
               name: {{ include "reana.prefix" $ }}-login-provider-secrets
               key: PROVIDER_SECRETS
         {{- end }}
+        - name: RABBIT_MQ_USER
+          valueFrom:
+            secretKeyRef:
+              name: {{ include "reana.prefix" . }}-message-broker-secrets
+              key: user
+        - name: RABBIT_MQ_PASS
+          valueFrom:
+            secretKeyRef:
+              name: {{ include "reana.prefix" . }}-message-broker-secrets
+              key: password
       volumes:
       - name: reana-shared-volume
         {{- if not (eq .Values.shared_storage.backend "hostpath") }}

diff --git a/helm/reana/templates/reana-workflow-controller.yaml b/helm/reana/templates/reana-workflow-controller.yaml
@@ -206,6 +206,16 @@ spec:
                 name: {{ include "reana.prefix" . }}-db-secrets
                 key: password
           {{ end }}
+          - name: RABBIT_MQ_USER
+            valueFrom:
+              secretKeyRef:
+                name: {{ include "reana.prefix" . }}-message-broker-secrets
+                key: user
+          - name: RABBIT_MQ_PASS
+            valueFrom:
+              secretKeyRef:
+                name: {{ include "reana.prefix" . }}-message-broker-secrets
+                key: password
       - name: job-status-consumer
         image: {{ .Values.components.reana_workflow_controller.image }}
         imagePullPolicy: {{ .Values.components.reana_workflow_controller.imagePullPolicy }}
@@ -269,6 +279,16 @@ spec:
             secretKeyRef:
               name: {{ include "reana.prefix" . }}-cern-gitlab-secrets
               key: REANA_GITLAB_HOST
+        - name: RABBIT_MQ_USER
+          valueFrom:
+            secretKeyRef:
+              name: {{ include "reana.prefix" . }}-message-broker-secrets
+              key: user
+        - name: RABBIT_MQ_PASS
+          valueFrom:
+            secretKeyRef:
+              name: {{ include "reana.prefix" . }}-message-broker-secrets
+              key: password
       volumes:
       - name: reana-shared-volume
         {{- if not (eq .Values.shared_storage.backend "hostpath") }}

diff --git a/helm/reana/templates/secrets.yaml b/helm/reana/templates/secrets.yaml
@@ -24,6 +24,18 @@ data:
 ---
 apiVersion: v1
 kind: Secret
+metadata:
+  name: {{ include "reana.prefix" . }}-message-broker-secrets
+  namespace: {{ .Release.Namespace }}
+  annotations:
+    "helm.sh/resource-policy": keep
+type: Opaque
+data:
+  user: {{ .Values.secrets.message_broker.user | default "test" | b64enc | quote }}
+  password: {{ .Values.secrets.message_broker.password | default "1234" | b64enc | quote }}
+---
+apiVersion: v1
+kind: Secret
 metadata:
   name: {{ include "reana.prefix" . }}-cern-sso-secrets
   namespace: {{ .Release.Namespace }}

diff --git a/helm/reana/values.yaml b/helm/reana/values.yaml
@@ -50,6 +50,7 @@ infrastructure_storage: {}
 secrets:
   database: {}
   cache: {}
+  message_broker: {}
   gitlab: {}
   cern:
     sso: {}