Last active
June 14, 2021 10:31
-
-
Save hakanbaysal/0402d2e4a857fdcd899c820208276372 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
## RabbitMQ application credentials | |
## Ref: http://rabbitmq.com/access-control.html | |
## | |
rabbitmqUsername: guest | |
# rabbitmqPassword: | |
## RabbitMQ Management user used for health checks | |
managementUsername: management | |
# managementPassword: | |
## Place any additional key/value configuration to add to rabbitmq.conf | |
## Ref: https://www.rabbitmq.com/configure.html#config-items | |
extraConfig: | | |
# queue_master_locator = min-masters | |
## Place advanced.config file in /etc/rabbitmq/advanced.config | |
## Ref: https://www.rabbitmq.com/configure.html#advanced-config-file | |
advancedConfig: | | |
## Definitions specification within the secret, will always be mounted | |
## at /etc/definitions/defintions.json | |
definitionsSource: definitions.json | |
## Place any additional plugins to enable in /etc/rabbitmq/enabled_plugins | |
## Ref: https://www.rabbitmq.com/plugins.html | |
extraPlugins: | | |
rabbitmq_shovel, | |
rabbitmq_shovel_management, | |
rabbitmq_federation, | |
rabbitmq_federation_management, | |
definitions: | |
globalParameters: |- | |
# { | |
# "name": "cluster_name", | |
# "value": "rabbitmq-ha" | |
# } | |
users: |- | |
# { | |
# "name": "myUsername", | |
# "password": "myPassword", | |
# "tags": "administrator" | |
# } | |
vhosts: |- | |
# { | |
# "name": "/rabbit" | |
# } | |
parameters: |- | |
# { | |
# "value": { | |
# "src-uri": "amqp://localhost", | |
# "src-queue": "source", | |
# "dest-uri": "amqp://localhost", | |
# "dest-queue": "destination", | |
# "add-forward-headers": false, | |
# "ack-mode": "on-confirm", | |
# "delete-after": "never" | |
# }, | |
# "vhost": "/", | |
# "component": "shovel", | |
# "name": "test" | |
# } | |
permissions: |- | |
# { | |
# "user": "myUsername", | |
# "vhost": "/rabbit", | |
# "configure": ".*", | |
# "write": ".*", | |
# "read": ".*" | |
# } | |
topicPermissions: |- | |
# { | |
# "user": "myUsername", | |
# "vhost": "/rabbit", | |
# "exchange": "myexchange", | |
# "write": ".*", | |
# "read": ".*" | |
# } | |
queues: |- | |
# { | |
# "name":"myName", | |
# "vhost":"/rabbit", | |
# "durable":true, | |
# "auto_delete":false, | |
# "arguments":{} | |
# } | |
exchanges: |- | |
# { | |
# "name":"myName", | |
# "vhost":"/rabbit", | |
# "type":"direct", | |
# "durable":true, | |
# "auto_delete":false, | |
# "internal":false, | |
# "arguments":{} | |
# } | |
bindings: |- | |
# { | |
# "source":"myName", | |
# "vhost":"/rabbit", | |
# "destination":"myName", | |
# "destination_type":"queue", | |
# "routing_key":"myKey", | |
# "arguments":{} | |
# } | |
## Sets the policies in definitions.json. This can be used to control the high | |
## availability of queues by mirroring them to multiple nodes. | |
## Ref: https://www.rabbitmq.com/ha.html | |
policies: | | |
{ | |
"name": "ha-all", | |
"pattern": ".*", | |
"vhost": "/", | |
"definition": { | |
"ha-mode": "all", | |
"ha-sync-mode": "automatic", | |
"ha-sync-batch-size": 1 | |
} | |
} | |
## Ref: https://www.rabbitmq.com/rabbitmqctl.8.html#force_boot | |
forceBoot: true | |
## RabbitMQ default VirtualHost | |
## Ref: https://www.rabbitmq.com/vhosts.html | |
## | |
rabbitmqVhost: "/" | |
## Erlang cookie to determine whether different nodes are allowed to communicate with each other | |
## Ref: https://www.rabbitmq.com/clustering.html | |
## | |
# rabbitmqErlangCookie: | |
## RabbitMQ Memory high watermark | |
## Ref: http://www.rabbitmq.com/memory.html | |
## | |
rabbitmqMemoryHighWatermark: 10256MB | |
rabbitmqMemoryHighWatermarkType: absolute | |
## EPMD port for peer discovery service used by RabbitMQ nodes and CLI tools | |
## Ref: https://www.rabbitmq.com/clustering.html | |
## | |
rabbitmqEpmdPort: 4369 | |
## Node port | |
rabbitmqNodePort: 5672 | |
## Manager port | |
rabbitmqManagerPort: 15672 | |
## Set to true to precompile parts of RabbitMQ with HiPE, a just-in-time | |
## compiler for Erlang. This will increase server throughput at the cost of | |
## increased startup time. You might see 20-50% better performance at the cost | |
## of a few minutes delay at startup. | |
rabbitmqHipeCompile: false | |
## SSL certificates | |
## Red: http://www.rabbitmq.com/ssl.html | |
rabbitmqCert: | |
enabled: false | |
# Specifies an existing secret to be used for SSL Certs | |
existingSecret: "" | |
## Create a new secret using these values | |
cacertfile: | | |
certfile: | | |
keyfile: | | |
## Extra volumes for statefulset | |
extraVolumes: [] | |
## Extra volume mounts for statefulset | |
extraVolumeMounts: [] | |
## Authentication mechanism | |
## Ref: http://www.rabbitmq.com/authentication.html | |
rabbitmqAuth: | |
enabled: false | |
config: | | |
# auth_mechanisms.1 = PLAIN | |
# auth_mechanisms.2 = AMQPLAIN | |
# auth_mechanisms.3 = EXTERNAL | |
## Automatic Partition Handling Strategy (split brain handling) | |
## Ref: https://www.rabbitmq.com/partitions.html#automatic-handling | |
## Note: pause-if-all-down is not supported without using a custom configmap since it requires extra | |
## configuration. | |
rabbitmqClusterPartitionHandling: autoheal | |
## Authentication backend | |
## Ref: https://github.com/rabbitmq/rabbitmq-auth-backend-http | |
rabbitmqAuthHTTP: | |
enabled: false | |
config: | | |
# auth_backends.1 = http | |
# auth_http.user_path = http://some-server/auth/user | |
# auth_http.vhost_path = http://some-server/auth/vhost | |
# auth_http.resource_path = http://some-server/auth/resource | |
# auth_http.topic_path = http://some-server/auth/topic | |
## LDAP Plugin | |
## Ref: http://www.rabbitmq.com/ldap.html | |
rabbitmqLDAPPlugin: | |
enabled: false | |
## LDAP configuration: | |
config: | | |
# auth_backends.1 = ldap | |
# auth_ldap.servers.1 = my-ldap-server | |
# auth_ldap.user_dn_pattern = cn=${username},ou=People,dc=example,dc=com | |
# auth_ldap.use_ssl = false | |
# auth_ldap.port = 389 | |
# auth_ldap.log = false | |
## MQTT Plugin | |
## Ref: http://www.rabbitmq.com/mqtt.html | |
rabbitmqMQTTPlugin: | |
enabled: false | |
## MQTT configuration: | |
config: | | |
# mqtt.default_user = guest | |
# mqtt.default_pass = guest | |
# mqtt.allow_anonymous = true | |
## Web MQTT Plugin | |
## Ref: http://www.rabbitmq.com/web-mqtt.html | |
rabbitmqWebMQTTPlugin: | |
enabled: false | |
## Web MQTT configuration: | |
config: | | |
# web_mqtt.ssl.port = 12345 | |
# web_mqtt.ssl.backlog = 1024 | |
# web_mqtt.ssl.certfile = /etc/cert/cacert.pem | |
# web_mqtt.ssl.keyfile = /etc/cert/cert.pem | |
# web_mqtt.ssl.cacertfile = /etc/cert/key.pem | |
# web_mqtt.ssl.password = changeme | |
## STOMP Plugin | |
## Ref: http://www.rabbitmq.com/stomp.html | |
rabbitmqSTOMPPlugin: | |
enabled: false | |
## STOMP configuration: | |
config: | | |
# stomp.default_user = guest | |
# stomp.default_pass = guest | |
## Web STOMP Plugin | |
## Ref: http://www.rabbitmq.com/web-stomp.html | |
rabbitmqWebSTOMPPlugin: | |
enabled: false | |
## Web STOMP configuration: | |
config: | | |
# web_stomp.ws_frame = binary | |
# web_stomp.cowboy_opts.max_keepalive = 10 | |
## Prometheus Plugin | |
## Ref: https://www.rabbitmq.com/prometheus.html | |
rabbitmqPrometheusPlugin: | |
enabled: false | |
## NodePort | |
nodePort: null | |
## metrics port, overrides configuration: | |
## prometheus.tcp.port | |
port: 15692 | |
## metrics path, overrides configuration: | |
## prometheus.path | |
path: /metrics | |
## Prometheus configuration: | |
## https://github.com/rabbitmq/rabbitmq-prometheus | |
config: | | |
## prometheus.path and prometheus.tcp.port can be set above | |
## AMQPS support | |
## Ref: http://www.rabbitmq.com/ssl.html | |
rabbitmqAmqpsSupport: | |
enabled: false | |
# NodePort | |
amqpsNodePort: 5671 | |
# SSL configuration | |
config: | | |
# listeners.ssl.default = 5671 | |
# ssl_options.cacertfile = /etc/cert/cacert.pem | |
# ssl_options.certfile = /etc/cert/cert.pem | |
# ssl_options.keyfile = /etc/cert/key.pem | |
# ssl_options.verify = verify_peer | |
# ssl_options.fail_if_no_peer_cert = false | |
## Number of replicas | |
replicaCount: 3 | |
image: | |
repository: rabbitmq | |
tag: 3.8.7-alpine | |
pullPolicy: IfNotPresent | |
## Optionally specify an array of imagePullSecrets. | |
## Secrets must be manually created in the namespace. | |
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ | |
## | |
# pullSecrets: | |
# - myRegistrKeySecretName | |
busyboxImage: | |
repository: busybox | |
tag: 1.30.1 | |
pullPolicy: IfNotPresent | |
## Duration in seconds the pod needs to terminate gracefully | |
terminationGracePeriodSeconds: 10 | |
service: | |
annotations: {} | |
clusterIP: None | |
## List of IP addresses at which the service is available | |
## Ref: https://kubernetes.io/docs/user-guide/services/#external-ips | |
## | |
externalIPs: [] | |
loadBalancerIP: "" | |
externalTrafficPolicy: "" | |
loadBalancerSourceRanges: [] | |
type: ClusterIP | |
## Customize nodePort number when the service type is NodePort | |
### Ref: https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types | |
### | |
epmdNodePort: null | |
amqpNodePort: null | |
managerNodePort: null | |
## Custom annotations for discovery service | |
## Will fallback to `service.annotations` while `separateAnnotations: false` | |
## | |
discovery: | |
separateAnnotations: false | |
annotations: {} | |
podManagementPolicy: OrderedReady | |
## Statefulsets rolling update update strategy | |
## Ref: https://kubernetes.io/docs/tutorials/stateful-application/basic-stateful-set/#rolling-update | |
## | |
updateStrategy: OnDelete | |
## Statefulsets Pod Priority | |
## Ref: https://kubernetes.io/docs/concepts/configuration/pod-priority-preemption/#priorityclass | |
## priorityClassName: "" | |
## We usually recommend not to specify default resources and to leave this as | |
## a conscious choice for the user. This also increases chances charts run on | |
## environments with little resources, such as Minikube. If you do want to | |
## specify resources, uncomment the following lines, adjust them as necessary, | |
## and remove the curly braces after 'resources:'. | |
## If you decide to set the memory limit, make sure to also change the | |
## rabbitmqMemoryHighWatermark following the formula: | |
## rabbitmqMemoryHighWatermark = 0.4 * resources.limits.memory | |
## | |
resources: {} | |
# limits: | |
# cpu: 100m | |
# memory: 1Gi | |
# requests: | |
# cpu: 100m | |
# memory: 1Gi | |
initContainer: | |
enabled: true | |
securityContext: | |
runAsGroup: 0 | |
runAsNonRoot: false | |
runAsUser: 0 | |
chownFiles: true | |
resources: {} | |
# limits: | |
# cpu: 100m | |
# memory: 128Mi | |
# requests: | |
# cpu: 100m | |
# memory: 128Mi | |
## Additional init containers | |
extraInitContainers: [] | |
## Additional containers | |
extraContainers: [] | |
## Use an alternate scheduler, e.g. "stork". | |
## ref: https://kubernetes.io/docs/tasks/administer-cluster/configure-multiple-schedulers/ | |
## | |
# schedulerName: | |
## Data Persistency | |
persistentVolume: | |
enabled: false | |
## If defined, storageClassName: <storageClass> | |
## If set to "-", storageClassName: "", which disables dynamic provisioning | |
## If undefined (the default) or set to null, no storageClassName spec is | |
## set, choosing the default provisioner. (gp2 on AWS, standard on | |
## GKE, AWS & OpenStack) | |
## | |
# storageClass: "-" | |
## selector can be used to match an existing PersistentVolume | |
selector: {} | |
name: data | |
accessModes: | |
- ReadWriteOnce | |
size: 8Gi | |
annotations: {} | |
labels: {} | |
## Node labels for pod assignment | |
## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector | |
## | |
nodeSelector: {} | |
## Node tolerations for pod assignment | |
## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#taints-and-tolerations-beta-feature | |
## | |
tolerations: [] | |
## Extra Annotations to be added to pod | |
podAnnotations: {} | |
## Extra Annotations to be added to the StatefulSet | |
statefulSetAnnotations: {} | |
## Pod affinity | |
## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity | |
podAntiAffinity: soft | |
podAntiAffinityTopologyKey: "kubernetes.io/hostname" | |
## Affinity settings | |
## Defining 'affinity' will disable any podAntiAffinity settings. | |
## If you still need anti-affinity, you must include the configuration here. | |
## | |
affinity: {} | |
## Create default configMap | |
## | |
existingConfigMap: false | |
## Add additional labels to all resources | |
## | |
extraLabels: {} | |
## Role Based Access | |
## Ref: https://kubernetes.io/docs/admin/authorization/rbac/ | |
## | |
rbac: | |
create: true | |
## Service Account | |
## Ref: https://kubernetes.io/docs/admin/service-accounts-admin/ | |
## | |
serviceAccount: | |
create: true | |
## The name of the ServiceAccount to use. | |
## If not set and create is true, a name is generated using the fullname template | |
# name: | |
## Automount API credentials for a service account. | |
## Ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/#use-the-default-service-account-to-access-the-api-server | |
automountServiceAccountToken: true | |
ingress: | |
## Set to true to enable ingress record generation | |
enabled: false | |
path: / | |
## The list of hostnames to be covered with this ingress record. | |
## Most likely this will be just one host, but in the event more hosts are needed, this is an array | |
## hostName: foo.bar.com | |
## Set this to true in order to enable TLS on the ingress record | |
tls: false | |
## If TLS is set to true, you must declare what secret will store the key/certificate for TLS | |
tlsSecret: myTlsSecret | |
## Ingress annotations done as key:value pairs | |
annotations: {} | |
# kubernetes.io/ingress.class: nginx | |
livenessProbe: | |
initialDelaySeconds: 120 | |
periodSeconds: 10 | |
timeoutSeconds: 5 | |
failureThreshold: 6 | |
exec: | |
command: | |
- /bin/sh | |
- -c | |
- 'rabbitmqctl set_vhost_limits -p / {"max-connections": -1, "max-queues": -1} && timeout 5 wget -O - -q --header "Authorization: Basic `echo -n \"$RABBIT_MANAGEMENT_USER:$RABBIT_MANAGEMENT_PASSWORD\" | base64`" http://127.0.0.1:15672/api/healthchecks/node | grep -qF "{\"status\":\"ok\"}"' | |
readinessProbe: | |
initialDelaySeconds: 20 | |
periodSeconds: 5 | |
timeoutSeconds: 3 | |
failureThreshold: 6 | |
exec: | |
command: | |
- /bin/sh | |
- -c | |
- 'timeout 3 wget -O - -q --header "Authorization: Basic `echo -n \"$RABBIT_MANAGEMENT_USER:$RABBIT_MANAGEMENT_PASSWORD\" | base64`" http://127.0.0.1:15672/api/healthchecks/node | grep -qF "{\"status\":\"ok\"}"' | |
# Specifies an existing secret to be used for RMQ password, management user password and Erlang Cookie | |
existingSecret: "" | |
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ | |
## | |
securityContext: | |
fsGroup: 101 | |
runAsGroup: 101 | |
runAsNonRoot: true | |
runAsUser: 100 | |
## Sets environment variables for the rabbitmq container | |
env: {} | |
prometheus: | |
## Configures Prometheus Exporter to expose and scrape stats. | |
exporter: | |
enabled: false | |
env: {} | |
image: | |
repository: kbudde/rabbitmq-exporter | |
tag: v0.29.0 | |
pullPolicy: IfNotPresent | |
## Port Prometheus scrapes for metrics | |
port: 9090 | |
## Comma-separated list of extended scraping capabilities supported by the target RabbitMQ server | |
capabilities: "bert,no_sort" | |
## Allow overriding of container resources | |
resources: {} | |
# limits: | |
# cpu: 200m | |
# memory: 1Gi | |
# requests: | |
# cpu: 100m | |
# memory: 100Mi | |
## Prometheus is using Operator. Setting to true will create Operator specific resources like ServiceMonitors and Alerts | |
operator: | |
## Are you using Prometheus Operator? [Blog Post](https://coreos.com/blog/the-prometheus-operator.html) | |
enabled: true | |
## Configures Alerts, which will be setup via Prometheus Operator / ConfigMaps. | |
alerts: | |
## Prometheus exporter must be enabled as well | |
enabled: true | |
## Selector must be configured to match Prometheus Install, defaulting to whats done by Prometheus Operator | |
## See [CoreOS Prometheus Chart](https://github.com/coreos/prometheus-operator/tree/master/helm) | |
selector: | |
role: alert-rules | |
labels: {} | |
serviceMonitor: | |
## Interval at which Prometheus scrapes RabbitMQ Exporter | |
interval: 10s | |
# Namespace Prometheus is installed in | |
namespace: monitoring | |
## Defaults to whats used if you follow CoreOS [Prometheus Install Instructions](https://github.com/coreos/prometheus-operator/tree/master/helm#tldr) | |
## [Prometheus Selector Label](https://github.com/coreos/prometheus-operator/blob/master/helm/prometheus/templates/prometheus.yaml#L65) | |
## [Kube Prometheus Selector Label](https://github.com/coreos/prometheus-operator/blob/master/helm/kube-prometheus/values.yaml#L298) | |
selector: | |
prometheus: kube-prometheus | |
## Kubernetes Cluster Domain | |
clusterDomain: cluster.local | |
## Pod Disruption Budget | |
podDisruptionBudget: {} | |
# maxUnavailable: 1 | |
# minAvailable: 1 | |
lifecycle: {} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment