hakanbaysal/rabbitmq-ha-values.yaml

## rabbitmq-ha-values.yaml
## RabbitMQ application credentials
## Ref: http://rabbitmq.com/access-control.html
##
rabbitmqUsername: guest
# rabbitmqPassword:

## RabbitMQ Management user used for health checks
managementUsername: management
# managementPassword:

## Place any additional key/value configuration to add to rabbitmq.conf
## Ref: https://www.rabbitmq.com/configure.html#config-items
extraConfig: |
#  queue_master_locator = min-masters

## Place advanced.config file in /etc/rabbitmq/advanced.config
## Ref: https://www.rabbitmq.com/configure.html#advanced-config-file
advancedConfig: |
## Definitions specification within the secret, will always be mounted
## at /etc/definitions/defintions.json
definitionsSource: definitions.json

## Place any additional plugins to enable in /etc/rabbitmq/enabled_plugins
## Ref: https://www.rabbitmq.com/plugins.html
extraPlugins: |
  rabbitmq_shovel,
  rabbitmq_shovel_management,
  rabbitmq_federation,
  rabbitmq_federation_management,
definitions:
  globalParameters: |-
#    {
#        "name": "cluster_name",
#        "value": "rabbitmq-ha"
#    }
  users: |-
#   {
#     "name": "myUsername",
#     "password": "myPassword",
#     "tags": "administrator"
#   }
  vhosts: |-
#   {
#     "name": "/rabbit"
#   }
  parameters: |-
#   {
#     "value": {
#       "src-uri": "amqp://localhost",
#       "src-queue": "source",
#       "dest-uri": "amqp://localhost",
#       "dest-queue": "destination",
#       "add-forward-headers": false,
#       "ack-mode": "on-confirm",
#       "delete-after": "never"
#     },
#     "vhost": "/",
#     "component": "shovel",
#     "name": "test"
#   }
  permissions: |-
#   {
#     "user": "myUsername",
#     "vhost": "/rabbit",
#     "configure": ".*",
#     "write": ".*",
#     "read": ".*"
#   }
  topicPermissions: |-
#   {
#     "user": "myUsername",
#     "vhost": "/rabbit",
#     "exchange": "myexchange",
#     "write": ".*",
#     "read": ".*"
#   }
  queues: |-
#    {
#       "name":"myName",
#       "vhost":"/rabbit",
#       "durable":true,
#       "auto_delete":false,
#       "arguments":{}
#    }
  exchanges: |-
#    {
#       "name":"myName",
#       "vhost":"/rabbit",
#       "type":"direct",
#       "durable":true,
#       "auto_delete":false,
#       "internal":false,
#       "arguments":{}
#    }
  bindings: |-
#    {
#       "source":"myName",
#       "vhost":"/rabbit",
#       "destination":"myName",
#       "destination_type":"queue",
#       "routing_key":"myKey",
#       "arguments":{}
#    }
## Sets the policies in definitions.json. This can be used to control the high
## availability of queues by mirroring them to multiple nodes.
## Ref: https://www.rabbitmq.com/ha.html
  policies: |
    {
      "name": "ha-all",
      "pattern": ".*",
      "vhost": "/",
      "definition": {
        "ha-mode": "all",
        "ha-sync-mode": "automatic",
        "ha-sync-batch-size": 1
      }
    }
## Ref: https://www.rabbitmq.com/rabbitmqctl.8.html#force_boot
forceBoot: true

## RabbitMQ default VirtualHost
## Ref: https://www.rabbitmq.com/vhosts.html
##
rabbitmqVhost: "/"

## Erlang cookie to determine whether different nodes are allowed to communicate with each other
## Ref: https://www.rabbitmq.com/clustering.html
##
# rabbitmqErlangCookie:

## RabbitMQ Memory high watermark
## Ref: http://www.rabbitmq.com/memory.html
##
rabbitmqMemoryHighWatermark: 10256MB
rabbitmqMemoryHighWatermarkType: absolute

## EPMD port for peer discovery service used by RabbitMQ nodes and CLI tools
## Ref: https://www.rabbitmq.com/clustering.html
##
rabbitmqEpmdPort: 4369

## Node port
rabbitmqNodePort: 5672

## Manager port
rabbitmqManagerPort: 15672

## Set to true to precompile parts of RabbitMQ with HiPE, a just-in-time
## compiler for Erlang. This will increase server throughput at the cost of
## increased startup time. You might see 20-50% better performance at the cost
## of a few minutes delay at startup.
rabbitmqHipeCompile: false

## SSL certificates
## Red: http://www.rabbitmq.com/ssl.html
rabbitmqCert:
  enabled: false

  # Specifies an existing secret to be used for SSL Certs
  existingSecret: ""

  ## Create a new secret using these values
  cacertfile: |
  certfile: |
  keyfile: |
## Extra volumes for statefulset
extraVolumes: []

## Extra volume mounts for statefulset
extraVolumeMounts: []

## Authentication mechanism
## Ref: http://www.rabbitmq.com/authentication.html
rabbitmqAuth:
  enabled: false

  config: |
    # auth_mechanisms.1 = PLAIN
    # auth_mechanisms.2 = AMQPLAIN
    # auth_mechanisms.3 = EXTERNAL
## Automatic Partition Handling Strategy (split brain handling)
## Ref: https://www.rabbitmq.com/partitions.html#automatic-handling
## Note: pause-if-all-down is not supported without using a custom configmap since it requires extra
## configuration.

rabbitmqClusterPartitionHandling: autoheal

## Authentication backend
## Ref: https://github.com/rabbitmq/rabbitmq-auth-backend-http
rabbitmqAuthHTTP:
  enabled: false

  config: |
    # auth_backends.1 = http
    # auth_http.user_path     = http://some-server/auth/user
    # auth_http.vhost_path    = http://some-server/auth/vhost
    # auth_http.resource_path = http://some-server/auth/resource
    # auth_http.topic_path    = http://some-server/auth/topic
## LDAP Plugin
## Ref: http://www.rabbitmq.com/ldap.html
rabbitmqLDAPPlugin:
  enabled: false

  ## LDAP configuration:
  config: |
    # auth_backends.1 = ldap
    # auth_ldap.servers.1  = my-ldap-server
    # auth_ldap.user_dn_pattern = cn=${username},ou=People,dc=example,dc=com
    # auth_ldap.use_ssl    = false
    # auth_ldap.port       = 389
    # auth_ldap.log        = false
## MQTT Plugin
## Ref: http://www.rabbitmq.com/mqtt.html
rabbitmqMQTTPlugin:
  enabled: false

  ## MQTT configuration:
  config: |
    # mqtt.default_user     = guest
    # mqtt.default_pass     = guest
    # mqtt.allow_anonymous  = true
## Web MQTT Plugin
## Ref: http://www.rabbitmq.com/web-mqtt.html
rabbitmqWebMQTTPlugin:
  enabled: false

  ## Web MQTT configuration:
  config: |
    # web_mqtt.ssl.port       = 12345
    # web_mqtt.ssl.backlog    = 1024
    # web_mqtt.ssl.certfile   = /etc/cert/cacert.pem
    # web_mqtt.ssl.keyfile    = /etc/cert/cert.pem
    # web_mqtt.ssl.cacertfile = /etc/cert/key.pem
    # web_mqtt.ssl.password   = changeme
## STOMP Plugin
## Ref: http://www.rabbitmq.com/stomp.html
rabbitmqSTOMPPlugin:
  enabled: false

  ## STOMP configuration:
  config: |
    # stomp.default_user = guest
    # stomp.default_pass = guest
## Web STOMP Plugin
## Ref: http://www.rabbitmq.com/web-stomp.html
rabbitmqWebSTOMPPlugin:
  enabled: false

  ## Web STOMP configuration:
  config: |
    # web_stomp.ws_frame = binary
    # web_stomp.cowboy_opts.max_keepalive = 10
## Prometheus Plugin
## Ref: https://www.rabbitmq.com/prometheus.html
rabbitmqPrometheusPlugin:
  enabled: false

  ## NodePort
  nodePort: null

  ## metrics port, overrides configuration:
  ## prometheus.tcp.port
  port: 15692

  ## metrics path, overrides configuration:
  ## prometheus.path
  path: /metrics

  ## Prometheus configuration:
  ## https://github.com/rabbitmq/rabbitmq-prometheus
  config: |
   ## prometheus.path and prometheus.tcp.port can be set above
## AMQPS support
## Ref: http://www.rabbitmq.com/ssl.html
rabbitmqAmqpsSupport:
  enabled: false

  # NodePort
  amqpsNodePort: 5671

  # SSL configuration
  config: |
    # listeners.ssl.default             = 5671
    # ssl_options.cacertfile            = /etc/cert/cacert.pem
    # ssl_options.certfile              = /etc/cert/cert.pem
    # ssl_options.keyfile               = /etc/cert/key.pem
    # ssl_options.verify                = verify_peer
    # ssl_options.fail_if_no_peer_cert  = false
## Number of replicas
replicaCount: 3

image:
  repository: rabbitmq
  tag: 3.8.7-alpine
  pullPolicy: IfNotPresent
  ## Optionally specify an array of imagePullSecrets.
  ## Secrets must be manually created in the namespace.
  ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
  ##
  # pullSecrets:
  #   - myRegistrKeySecretName

busyboxImage:
  repository: busybox
  tag: 1.30.1
  pullPolicy: IfNotPresent

## Duration in seconds the pod needs to terminate gracefully
terminationGracePeriodSeconds: 10

service:
  annotations: {}
  clusterIP: None

  ## List of IP addresses at which the service is available
  ## Ref: https://kubernetes.io/docs/user-guide/services/#external-ips
  ##
  externalIPs: []

  loadBalancerIP: ""
  externalTrafficPolicy: ""
  loadBalancerSourceRanges: []
  type: ClusterIP

  ## Customize nodePort number when the service type is NodePort
  ### Ref: https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types
  ###
  epmdNodePort: null
  amqpNodePort: null
  managerNodePort: null

  ## Custom annotations for discovery service
  ## Will fallback to `service.annotations` while `separateAnnotations: false`
  ##
  discovery:
    separateAnnotations: false
    annotations: {}

podManagementPolicy: OrderedReady

## Statefulsets rolling update update strategy
## Ref: https://kubernetes.io/docs/tutorials/stateful-application/basic-stateful-set/#rolling-update
##
updateStrategy: OnDelete

## Statefulsets Pod Priority
## Ref: https://kubernetes.io/docs/concepts/configuration/pod-priority-preemption/#priorityclass
## priorityClassName: ""

## We usually recommend not to specify default resources and to leave this as
## a conscious choice for the user. This also increases chances charts run on
## environments with little resources, such as Minikube. If you do want to
## specify resources, uncomment the following lines, adjust them as necessary,
## and remove the curly braces after 'resources:'.
## If you decide to set the memory limit, make sure to also change the
## rabbitmqMemoryHighWatermark following the formula:
##   rabbitmqMemoryHighWatermark = 0.4 * resources.limits.memory
##
resources: {}
  # limits:
  #   cpu: 100m
  #   memory: 1Gi
  # requests:
  #   cpu: 100m
  #   memory: 1Gi
initContainer:
  enabled: true
  securityContext:
    runAsGroup: 0
    runAsNonRoot: false
    runAsUser: 0
  chownFiles: true
  resources: {}
  #   limits:
  #     cpu: 100m
  #     memory: 128Mi
  #   requests:
  #     cpu: 100m
  #     memory: 128Mi

## Additional init containers
extraInitContainers: []

## Additional containers
extraContainers: []

## Use an alternate scheduler, e.g. "stork".
## ref: https://kubernetes.io/docs/tasks/administer-cluster/configure-multiple-schedulers/
##
# schedulerName:

## Data Persistency
persistentVolume:
  enabled: false
  ## If defined, storageClassName: <storageClass>
  ## If set to "-", storageClassName: "", which disables dynamic provisioning
  ## If undefined (the default) or set to null, no storageClassName spec is
  ##   set, choosing the default provisioner.  (gp2 on AWS, standard on
  ##   GKE, AWS & OpenStack)
  ##
  # storageClass: "-"
  ## selector can be used to match an existing PersistentVolume
  selector: {}
  name: data
  accessModes:
    - ReadWriteOnce
  size: 8Gi
  annotations: {}
  labels: {}

## Node labels for pod assignment
## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector
##
nodeSelector: {}

## Node tolerations for pod assignment
## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#taints-and-tolerations-beta-feature
##
tolerations: []

## Extra Annotations to be added to pod
podAnnotations: {}

## Extra Annotations to be added to the StatefulSet
statefulSetAnnotations: {}

## Pod affinity
## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity
podAntiAffinity: soft
podAntiAffinityTopologyKey: "kubernetes.io/hostname"

## Affinity settings
## Defining 'affinity' will disable any podAntiAffinity settings.
## If you still need anti-affinity, you must include the configuration here.
##
affinity: {}

## Create default configMap
##
existingConfigMap: false

## Add additional labels to all resources
##
extraLabels: {}

## Role Based Access
## Ref: https://kubernetes.io/docs/admin/authorization/rbac/
##
rbac:
  create: true

## Service Account
## Ref: https://kubernetes.io/docs/admin/service-accounts-admin/
##
serviceAccount:
  create: true

  ## The name of the ServiceAccount to use.
  ## If not set and create is true, a name is generated using the fullname template
  # name:

  ## Automount API credentials for a service account.
  ## Ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/#use-the-default-service-account-to-access-the-api-server
  automountServiceAccountToken: true

ingress:
  ## Set to true to enable ingress record generation
  enabled: false

  path: /

  ## The list of hostnames to be covered with this ingress record.
  ## Most likely this will be just one host, but in the event more hosts are needed, this is an array
  ## hostName: foo.bar.com

  ## Set this to true in order to enable TLS on the ingress record
  tls: false

  ## If TLS is set to true, you must declare what secret will store the key/certificate for TLS
  tlsSecret: myTlsSecret

  ## Ingress annotations done as key:value pairs
  annotations: {}
  #  kubernetes.io/ingress.class: nginx

livenessProbe:
  initialDelaySeconds: 120
  periodSeconds: 10
  timeoutSeconds: 5
  failureThreshold: 6
  exec:
    command:
      - /bin/sh
      - -c
      - 'rabbitmqctl set_vhost_limits -p / {"max-connections": -1, "max-queues": -1} && timeout 5 wget -O - -q --header "Authorization: Basic `echo -n \"$RABBIT_MANAGEMENT_USER:$RABBIT_MANAGEMENT_PASSWORD\" | base64`" http://127.0.0.1:15672/api/healthchecks/node | grep -qF "{\"status\":\"ok\"}"'

readinessProbe:
  initialDelaySeconds: 20
  periodSeconds: 5
  timeoutSeconds: 3
  failureThreshold: 6
  exec:
    command:
      - /bin/sh
      - -c
      - 'timeout 3 wget -O - -q --header "Authorization: Basic `echo -n \"$RABBIT_MANAGEMENT_USER:$RABBIT_MANAGEMENT_PASSWORD\" | base64`" http://127.0.0.1:15672/api/healthchecks/node | grep -qF "{\"status\":\"ok\"}"'

# Specifies an existing secret to be used for RMQ password, management user password and Erlang Cookie
existingSecret: ""


## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/
##
securityContext:
  fsGroup: 101
  runAsGroup: 101
  runAsNonRoot: true
  runAsUser: 100

## Sets environment variables for the rabbitmq container
env: {}

prometheus:
  ## Configures Prometheus Exporter to expose and scrape stats.
  exporter:
    enabled: false
    env: {}
    image:
      repository: kbudde/rabbitmq-exporter
      tag: v0.29.0
      pullPolicy: IfNotPresent

    ## Port Prometheus scrapes for metrics
    port: 9090
    ## Comma-separated list of extended scraping capabilities supported by the target RabbitMQ server
    capabilities: "bert,no_sort"

    ## Allow overriding of container resources
    resources: {}
     # limits:
     #   cpu: 200m
     #   memory: 1Gi
     # requests:
     #   cpu: 100m
     #   memory: 100Mi

  ## Prometheus is using Operator.  Setting to true will create Operator specific resources like ServiceMonitors and Alerts
  operator:
    ## Are you using Prometheus Operator? [Blog Post](https://coreos.com/blog/the-prometheus-operator.html)
    enabled: true

    ## Configures Alerts, which will be setup via Prometheus Operator / ConfigMaps.
    alerts:
      ## Prometheus exporter must be enabled as well
      enabled: true

      ## Selector must be configured to match Prometheus Install, defaulting to whats done by Prometheus Operator
      ## See [CoreOS Prometheus Chart](https://github.com/coreos/prometheus-operator/tree/master/helm)
      selector:
        role: alert-rules
      labels: {}

    serviceMonitor:
      ## Interval at which Prometheus scrapes RabbitMQ Exporter
      interval: 10s

      # Namespace Prometheus is installed in
      namespace: monitoring

      ## Defaults to whats used if you follow CoreOS [Prometheus Install Instructions](https://github.com/coreos/prometheus-operator/tree/master/helm#tldr)
      ## [Prometheus Selector Label](https://github.com/coreos/prometheus-operator/blob/master/helm/prometheus/templates/prometheus.yaml#L65)
      ## [Kube Prometheus Selector Label](https://github.com/coreos/prometheus-operator/blob/master/helm/kube-prometheus/values.yaml#L298)
      selector:
        prometheus: kube-prometheus

## Kubernetes Cluster Domain
clusterDomain: cluster.local

## Pod Disruption Budget
podDisruptionBudget: {}
  # maxUnavailable: 1
  # minAvailable: 1

lifecycle: {}
	## RabbitMQ application credentials
	## Ref: http://rabbitmq.com/access-control.html
	##
	rabbitmqUsername: guest
	# rabbitmqPassword:

	## RabbitMQ Management user used for health checks
	managementUsername: management
	# managementPassword:

	## Place any additional key/value configuration to add to rabbitmq.conf
	## Ref: https://www.rabbitmq.com/configure.html#config-items
	extraConfig: \|
	# queue_master_locator = min-masters

	## Place advanced.config file in /etc/rabbitmq/advanced.config
	## Ref: https://www.rabbitmq.com/configure.html#advanced-config-file
	advancedConfig: \|
	## Definitions specification within the secret, will always be mounted
	## at /etc/definitions/defintions.json
	definitionsSource: definitions.json

	## Place any additional plugins to enable in /etc/rabbitmq/enabled_plugins
	## Ref: https://www.rabbitmq.com/plugins.html
	extraPlugins: \|
	rabbitmq_shovel,
	rabbitmq_shovel_management,
	rabbitmq_federation,
	rabbitmq_federation_management,
	definitions:
	globalParameters: \|-
	# {
	# "name": "cluster_name",
	# "value": "rabbitmq-ha"
	# }
	users: \|-
	# {
	# "name": "myUsername",
	# "password": "myPassword",
	# "tags": "administrator"
	# }
	vhosts: \|-
	# {
	# "name": "/rabbit"
	# }
	parameters: \|-
	# {
	# "value": {
	# "src-uri": "amqp://localhost",
	# "src-queue": "source",
	# "dest-uri": "amqp://localhost",
	# "dest-queue": "destination",
	# "add-forward-headers": false,
	# "ack-mode": "on-confirm",
	# "delete-after": "never"
	# },
	# "vhost": "/",
	# "component": "shovel",
	# "name": "test"
	# }
	permissions: \|-
	# {
	# "user": "myUsername",
	# "vhost": "/rabbit",
	# "configure": ".*",
	# "write": ".*",
	# "read": ".*"
	# }
	topicPermissions: \|-
	# {
	# "user": "myUsername",
	# "vhost": "/rabbit",
	# "exchange": "myexchange",
	# "write": ".*",
	# "read": ".*"
	# }
	queues: \|-
	# {
	# "name":"myName",
	# "vhost":"/rabbit",
	# "durable":true,
	# "auto_delete":false,
	# "arguments":{}
	# }
	exchanges: \|-
	# {
	# "name":"myName",
	# "vhost":"/rabbit",
	# "type":"direct",
	# "durable":true,
	# "auto_delete":false,
	# "internal":false,
	# "arguments":{}
	# }
	bindings: \|-
	# {
	# "source":"myName",
	# "vhost":"/rabbit",
	# "destination":"myName",
	# "destination_type":"queue",
	# "routing_key":"myKey",
	# "arguments":{}
	# }
	## Sets the policies in definitions.json. This can be used to control the high
	## availability of queues by mirroring them to multiple nodes.
	## Ref: https://www.rabbitmq.com/ha.html
	policies: \|
	{
	"name": "ha-all",
	"pattern": ".*",
	"vhost": "/",
	"definition": {
	"ha-mode": "all",
	"ha-sync-mode": "automatic",
	"ha-sync-batch-size": 1
	}
	}
	## Ref: https://www.rabbitmq.com/rabbitmqctl.8.html#force_boot
	forceBoot: true

	## RabbitMQ default VirtualHost
	## Ref: https://www.rabbitmq.com/vhosts.html
	##
	rabbitmqVhost: "/"

	## Erlang cookie to determine whether different nodes are allowed to communicate with each other
	## Ref: https://www.rabbitmq.com/clustering.html
	##
	# rabbitmqErlangCookie:

	## RabbitMQ Memory high watermark
	## Ref: http://www.rabbitmq.com/memory.html
	##
	rabbitmqMemoryHighWatermark: 10256MB
	rabbitmqMemoryHighWatermarkType: absolute

	## EPMD port for peer discovery service used by RabbitMQ nodes and CLI tools
	## Ref: https://www.rabbitmq.com/clustering.html
	##
	rabbitmqEpmdPort: 4369

	## Node port
	rabbitmqNodePort: 5672

	## Manager port
	rabbitmqManagerPort: 15672

	## Set to true to precompile parts of RabbitMQ with HiPE, a just-in-time
	## compiler for Erlang. This will increase server throughput at the cost of
	## increased startup time. You might see 20-50% better performance at the cost
	## of a few minutes delay at startup.
	rabbitmqHipeCompile: false

	## SSL certificates
	## Red: http://www.rabbitmq.com/ssl.html
	rabbitmqCert:
	enabled: false

	# Specifies an existing secret to be used for SSL Certs
	existingSecret: ""

	## Create a new secret using these values
	cacertfile: \|
	certfile: \|
	keyfile: \|
	## Extra volumes for statefulset
	extraVolumes: []

	## Extra volume mounts for statefulset
	extraVolumeMounts: []

	## Authentication mechanism
	## Ref: http://www.rabbitmq.com/authentication.html
	rabbitmqAuth:
	enabled: false

	config: \|
	# auth_mechanisms.1 = PLAIN
	# auth_mechanisms.2 = AMQPLAIN
	# auth_mechanisms.3 = EXTERNAL
	## Automatic Partition Handling Strategy (split brain handling)
	## Ref: https://www.rabbitmq.com/partitions.html#automatic-handling
	## Note: pause-if-all-down is not supported without using a custom configmap since it requires extra
	## configuration.

	rabbitmqClusterPartitionHandling: autoheal

	## Authentication backend
	## Ref: https://github.com/rabbitmq/rabbitmq-auth-backend-http
	rabbitmqAuthHTTP:
	enabled: false

	config: \|
	# auth_backends.1 = http
	# auth_http.user_path = http://some-server/auth/user
	# auth_http.vhost_path = http://some-server/auth/vhost
	# auth_http.resource_path = http://some-server/auth/resource
	# auth_http.topic_path = http://some-server/auth/topic
	## LDAP Plugin
	## Ref: http://www.rabbitmq.com/ldap.html
	rabbitmqLDAPPlugin:
	enabled: false

	## LDAP configuration:
	config: \|
	# auth_backends.1 = ldap
	# auth_ldap.servers.1 = my-ldap-server
	# auth_ldap.user_dn_pattern = cn=${username},ou=People,dc=example,dc=com
	# auth_ldap.use_ssl = false
	# auth_ldap.port = 389
	# auth_ldap.log = false
	## MQTT Plugin
	## Ref: http://www.rabbitmq.com/mqtt.html
	rabbitmqMQTTPlugin:
	enabled: false

	## MQTT configuration:
	config: \|
	# mqtt.default_user = guest
	# mqtt.default_pass = guest
	# mqtt.allow_anonymous = true
	## Web MQTT Plugin
	## Ref: http://www.rabbitmq.com/web-mqtt.html
	rabbitmqWebMQTTPlugin:
	enabled: false

	## Web MQTT configuration:
	config: \|
	# web_mqtt.ssl.port = 12345
	# web_mqtt.ssl.backlog = 1024
	# web_mqtt.ssl.certfile = /etc/cert/cacert.pem
	# web_mqtt.ssl.keyfile = /etc/cert/cert.pem
	# web_mqtt.ssl.cacertfile = /etc/cert/key.pem
	# web_mqtt.ssl.password = changeme
	## STOMP Plugin
	## Ref: http://www.rabbitmq.com/stomp.html
	rabbitmqSTOMPPlugin:
	enabled: false

	## STOMP configuration:
	config: \|
	# stomp.default_user = guest
	# stomp.default_pass = guest
	## Web STOMP Plugin
	## Ref: http://www.rabbitmq.com/web-stomp.html
	rabbitmqWebSTOMPPlugin:
	enabled: false

	## Web STOMP configuration:
	config: \|
	# web_stomp.ws_frame = binary
	# web_stomp.cowboy_opts.max_keepalive = 10
	## Prometheus Plugin
	## Ref: https://www.rabbitmq.com/prometheus.html
	rabbitmqPrometheusPlugin:
	enabled: false

	## NodePort
	nodePort: null

	## metrics port, overrides configuration:
	## prometheus.tcp.port
	port: 15692

	## metrics path, overrides configuration:
	## prometheus.path
	path: /metrics

	## Prometheus configuration:
	## https://github.com/rabbitmq/rabbitmq-prometheus
	config: \|
	## prometheus.path and prometheus.tcp.port can be set above
	## AMQPS support
	## Ref: http://www.rabbitmq.com/ssl.html
	rabbitmqAmqpsSupport:
	enabled: false

	# NodePort
	amqpsNodePort: 5671

	# SSL configuration
	config: \|
	# listeners.ssl.default = 5671
	# ssl_options.cacertfile = /etc/cert/cacert.pem
	# ssl_options.certfile = /etc/cert/cert.pem
	# ssl_options.keyfile = /etc/cert/key.pem
	# ssl_options.verify = verify_peer
	# ssl_options.fail_if_no_peer_cert = false
	## Number of replicas
	replicaCount: 3

	image:
	repository: rabbitmq
	tag: 3.8.7-alpine
	pullPolicy: IfNotPresent
	## Optionally specify an array of imagePullSecrets.
	## Secrets must be manually created in the namespace.
	## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
	##
	# pullSecrets:
	# - myRegistrKeySecretName

	busyboxImage:
	repository: busybox
	tag: 1.30.1
	pullPolicy: IfNotPresent

	## Duration in seconds the pod needs to terminate gracefully
	terminationGracePeriodSeconds: 10

	service:
	annotations: {}
	clusterIP: None

	## List of IP addresses at which the service is available
	## Ref: https://kubernetes.io/docs/user-guide/services/#external-ips
	##
	externalIPs: []

	loadBalancerIP: ""
	externalTrafficPolicy: ""
	loadBalancerSourceRanges: []
	type: ClusterIP

	## Customize nodePort number when the service type is NodePort
	### Ref: https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types
	###
	epmdNodePort: null
	amqpNodePort: null
	managerNodePort: null

	## Custom annotations for discovery service
	## Will fallback to `service.annotations` while `separateAnnotations: false`
	##
	discovery:
	separateAnnotations: false
	annotations: {}

	podManagementPolicy: OrderedReady

	## Statefulsets rolling update update strategy
	## Ref: https://kubernetes.io/docs/tutorials/stateful-application/basic-stateful-set/#rolling-update
	##
	updateStrategy: OnDelete

	## Statefulsets Pod Priority
	## Ref: https://kubernetes.io/docs/concepts/configuration/pod-priority-preemption/#priorityclass
	## priorityClassName: ""

	## We usually recommend not to specify default resources and to leave this as
	## a conscious choice for the user. This also increases chances charts run on
	## environments with little resources, such as Minikube. If you do want to
	## specify resources, uncomment the following lines, adjust them as necessary,
	## and remove the curly braces after 'resources:'.
	## If you decide to set the memory limit, make sure to also change the
	## rabbitmqMemoryHighWatermark following the formula:
	## rabbitmqMemoryHighWatermark = 0.4 * resources.limits.memory
	##
	resources: {}
	# limits:
	# cpu: 100m
	# memory: 1Gi
	# requests:
	# cpu: 100m
	# memory: 1Gi
	initContainer:
	enabled: true
	securityContext:
	runAsGroup: 0
	runAsNonRoot: false
	runAsUser: 0
	chownFiles: true
	resources: {}
	# limits:
	# cpu: 100m
	# memory: 128Mi
	# requests:
	# cpu: 100m
	# memory: 128Mi

	## Additional init containers
	extraInitContainers: []

	## Additional containers
	extraContainers: []

	## Use an alternate scheduler, e.g. "stork".
	## ref: https://kubernetes.io/docs/tasks/administer-cluster/configure-multiple-schedulers/
	##
	# schedulerName:

	## Data Persistency
	persistentVolume:
	enabled: false
	## If defined, storageClassName: <storageClass>
	## If set to "-", storageClassName: "", which disables dynamic provisioning
	## If undefined (the default) or set to null, no storageClassName spec is
	## set, choosing the default provisioner. (gp2 on AWS, standard on
	## GKE, AWS & OpenStack)
	##
	# storageClass: "-"
	## selector can be used to match an existing PersistentVolume
	selector: {}
	name: data
	accessModes:
	- ReadWriteOnce
	size: 8Gi
	annotations: {}
	labels: {}

	## Node labels for pod assignment
	## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector
	##
	nodeSelector: {}

	## Node tolerations for pod assignment
	## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#taints-and-tolerations-beta-feature
	##
	tolerations: []

	## Extra Annotations to be added to pod
	podAnnotations: {}

	## Extra Annotations to be added to the StatefulSet
	statefulSetAnnotations: {}

	## Pod affinity
	## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity
	podAntiAffinity: soft
	podAntiAffinityTopologyKey: "kubernetes.io/hostname"

	## Affinity settings
	## Defining 'affinity' will disable any podAntiAffinity settings.
	## If you still need anti-affinity, you must include the configuration here.
	##
	affinity: {}

	## Create default configMap
	##
	existingConfigMap: false

	## Add additional labels to all resources
	##
	extraLabels: {}

	## Role Based Access
	## Ref: https://kubernetes.io/docs/admin/authorization/rbac/
	##
	rbac:
	create: true

	## Service Account
	## Ref: https://kubernetes.io/docs/admin/service-accounts-admin/
	##
	serviceAccount:
	create: true

	## The name of the ServiceAccount to use.
	## If not set and create is true, a name is generated using the fullname template
	# name:

	## Automount API credentials for a service account.
	## Ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/#use-the-default-service-account-to-access-the-api-server
	automountServiceAccountToken: true

	ingress:
	## Set to true to enable ingress record generation
	enabled: false

	path: /

	## The list of hostnames to be covered with this ingress record.
	## Most likely this will be just one host, but in the event more hosts are needed, this is an array
	## hostName: foo.bar.com

	## Set this to true in order to enable TLS on the ingress record
	tls: false

	## If TLS is set to true, you must declare what secret will store the key/certificate for TLS
	tlsSecret: myTlsSecret

	## Ingress annotations done as key:value pairs
	annotations: {}
	# kubernetes.io/ingress.class: nginx

	livenessProbe:
	initialDelaySeconds: 120
	periodSeconds: 10
	timeoutSeconds: 5
	failureThreshold: 6
	exec:
	command:
	- /bin/sh
	- -c
	- 'rabbitmqctl set_vhost_limits -p / {"max-connections": -1, "max-queues": -1} && timeout 5 wget -O - -q --header "Authorization: Basic `echo -n \"$RABBIT_MANAGEMENT_USER:$RABBIT_MANAGEMENT_PASSWORD\" \| base64`" http://127.0.0.1:15672/api/healthchecks/node \| grep -qF "{\"status\":\"ok\"}"'

	readinessProbe:
	initialDelaySeconds: 20
	periodSeconds: 5
	timeoutSeconds: 3
	failureThreshold: 6
	exec:
	command:
	- /bin/sh
	- -c
	- 'timeout 3 wget -O - -q --header "Authorization: Basic `echo -n \"$RABBIT_MANAGEMENT_USER:$RABBIT_MANAGEMENT_PASSWORD\" \| base64`" http://127.0.0.1:15672/api/healthchecks/node \| grep -qF "{\"status\":\"ok\"}"'

	# Specifies an existing secret to be used for RMQ password, management user password and Erlang Cookie
	existingSecret: ""


	## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/
	##
	securityContext:
	fsGroup: 101
	runAsGroup: 101
	runAsNonRoot: true
	runAsUser: 100

	## Sets environment variables for the rabbitmq container
	env: {}

	prometheus:
	## Configures Prometheus Exporter to expose and scrape stats.
	exporter:
	enabled: false
	env: {}
	image:
	repository: kbudde/rabbitmq-exporter
	tag: v0.29.0
	pullPolicy: IfNotPresent

	## Port Prometheus scrapes for metrics
	port: 9090
	## Comma-separated list of extended scraping capabilities supported by the target RabbitMQ server
	capabilities: "bert,no_sort"

	## Allow overriding of container resources
	resources: {}
	# limits:
	# cpu: 200m
	# memory: 1Gi
	# requests:
	# cpu: 100m
	# memory: 100Mi

	## Prometheus is using Operator. Setting to true will create Operator specific resources like ServiceMonitors and Alerts
	operator:
	## Are you using Prometheus Operator? [Blog Post](https://coreos.com/blog/the-prometheus-operator.html)
	enabled: true

	## Configures Alerts, which will be setup via Prometheus Operator / ConfigMaps.
	alerts:
	## Prometheus exporter must be enabled as well
	enabled: true

	## Selector must be configured to match Prometheus Install, defaulting to whats done by Prometheus Operator
	## See [CoreOS Prometheus Chart](https://github.com/coreos/prometheus-operator/tree/master/helm)
	selector:
	role: alert-rules
	labels: {}

	serviceMonitor:
	## Interval at which Prometheus scrapes RabbitMQ Exporter
	interval: 10s

	# Namespace Prometheus is installed in
	namespace: monitoring

	## Defaults to whats used if you follow CoreOS [Prometheus Install Instructions](https://github.com/coreos/prometheus-operator/tree/master/helm#tldr)
	## [Prometheus Selector Label](https://github.com/coreos/prometheus-operator/blob/master/helm/prometheus/templates/prometheus.yaml#L65)
	## [Kube Prometheus Selector Label](https://github.com/coreos/prometheus-operator/blob/master/helm/kube-prometheus/values.yaml#L298)
	selector:
	prometheus: kube-prometheus

	## Kubernetes Cluster Domain
	clusterDomain: cluster.local

	## Pod Disruption Budget
	podDisruptionBudget: {}
	# maxUnavailable: 1
	# minAvailable: 1

	lifecycle: {}