Skip to content

Commit 20a0ea8

Browse files
committed
feat(helm): support password-protected rabbitmq (#847)
1 parent be12076 commit 20a0ea8

6 files changed

+70
-0
lines changed

helm/reana/README.md

+2
Original file line numberDiff line numberDiff line change
@@ -107,6 +107,8 @@ This Helm automatically prefixes all names using the release name to avoid colli
107107
| `secrets.gitlab.REANA_GITLAB_OAUTH_APP_ID` | GitLab OAuth application id | None |
108108
| `secrets.gitlab.REANA_GITLAB_OAUTH_APP_SECRET` | **[Do not use in production, use secrets instead]** GitLab OAuth application secret | None |
109109
| `secrets.login` | **[Do not use in production, use secrets instead]** Third-party Keycloak identity provider consumer key and secret ([configuration details](https://docs.reana.io/administration/configuration/configuring-access/#keycloak-single-sign-on-configuration)) | `{}` |
110+
| `secrets.message_broker.user` | Message broker (RabbitMQ) username. | test |
111+
| `secrets.message_broker.password` | **[Do not use in production, use secrets instead]** Message broker (RabbitMQ) password | 1234 |
110112
| `secrets.reana.REANA_SECRET_KEY` | **[Do not use in production, use secrets instead]** REANA encryption secret key | None |
111113
| `serviceAccount.create` | Create a service account for the REANA system user | true |
112114
| `serviceAccount.name` | Service account name | reana |

helm/reana/templates/reana-message-broker.yaml

+15
Original file line numberDiff line numberDiff line change
@@ -45,11 +45,26 @@ spec:
4545
- name: message-broker
4646
image: {{ .Values.components.reana_message_broker.image }}
4747
imagePullPolicy: {{ .Values.components.reana_message_broker.imagePullPolicy }}
48+
env:
49+
- name: RABBIT_MQ_USER
50+
valueFrom:
51+
secretKeyRef:
52+
name: {{ include "reana.prefix" . }}-message-broker-secrets
53+
key: user
54+
- name: RABBIT_MQ_PASS
55+
valueFrom:
56+
secretKeyRef:
57+
name: {{ include "reana.prefix" . }}-message-broker-secrets
58+
key: password
4859
ports:
4960
- containerPort: 5672
5061
name: tcp
5162
- containerPort: 15672
5263
name: management
64+
command:
65+
- "/start.sh"
66+
- "$(RABBIT_MQ_USER)"
67+
- "$(RABBIT_MQ_PASS)"
5368
volumeMounts:
5469
- mountPath: /var/lib/rabbitmq/mnesia
5570
subPath: rabbitmq/mnesia

helm/reana/templates/reana-server.yaml

+20
Original file line numberDiff line numberDiff line change
@@ -156,6 +156,16 @@ spec:
156156
secretKeyRef:
157157
name: {{ include "reana.prefix" . }}-cache-secrets
158158
key: password
159+
- name: RABBIT_MQ_USER
160+
valueFrom:
161+
secretKeyRef:
162+
name: {{ include "reana.prefix" . }}-message-broker-secrets
163+
key: user
164+
- name: RABBIT_MQ_PASS
165+
valueFrom:
166+
secretKeyRef:
167+
name: {{ include "reana.prefix" . }}-message-broker-secrets
168+
key: password
159169
{{- if .Values.debug.enabled }}
160170
# Disable CORS in development environment, for example
161171
# to connect from an external React application.
@@ -282,6 +292,16 @@ spec:
282292
name: {{ include "reana.prefix" $ }}-login-provider-secrets
283293
key: PROVIDER_SECRETS
284294
{{- end }}
295+
- name: RABBIT_MQ_USER
296+
valueFrom:
297+
secretKeyRef:
298+
name: {{ include "reana.prefix" . }}-message-broker-secrets
299+
key: user
300+
- name: RABBIT_MQ_PASS
301+
valueFrom:
302+
secretKeyRef:
303+
name: {{ include "reana.prefix" . }}-message-broker-secrets
304+
key: password
285305
volumes:
286306
- name: reana-shared-volume
287307
{{- if not (eq .Values.shared_storage.backend "hostpath") }}

helm/reana/templates/reana-workflow-controller.yaml

+20
Original file line numberDiff line numberDiff line change
@@ -206,6 +206,16 @@ spec:
206206
name: {{ include "reana.prefix" . }}-db-secrets
207207
key: password
208208
{{ end }}
209+
- name: RABBIT_MQ_USER
210+
valueFrom:
211+
secretKeyRef:
212+
name: {{ include "reana.prefix" . }}-message-broker-secrets
213+
key: user
214+
- name: RABBIT_MQ_PASS
215+
valueFrom:
216+
secretKeyRef:
217+
name: {{ include "reana.prefix" . }}-message-broker-secrets
218+
key: password
209219
- name: job-status-consumer
210220
image: {{ .Values.components.reana_workflow_controller.image }}
211221
imagePullPolicy: {{ .Values.components.reana_workflow_controller.imagePullPolicy }}
@@ -269,6 +279,16 @@ spec:
269279
secretKeyRef:
270280
name: {{ include "reana.prefix" . }}-cern-gitlab-secrets
271281
key: REANA_GITLAB_HOST
282+
- name: RABBIT_MQ_USER
283+
valueFrom:
284+
secretKeyRef:
285+
name: {{ include "reana.prefix" . }}-message-broker-secrets
286+
key: user
287+
- name: RABBIT_MQ_PASS
288+
valueFrom:
289+
secretKeyRef:
290+
name: {{ include "reana.prefix" . }}-message-broker-secrets
291+
key: password
272292
volumes:
273293
- name: reana-shared-volume
274294
{{- if not (eq .Values.shared_storage.backend "hostpath") }}

helm/reana/templates/secrets.yaml

+12
Original file line numberDiff line numberDiff line change
@@ -24,6 +24,18 @@ data:
2424
---
2525
apiVersion: v1
2626
kind: Secret
27+
metadata:
28+
name: {{ include "reana.prefix" . }}-message-broker-secrets
29+
namespace: {{ .Release.Namespace }}
30+
annotations:
31+
"helm.sh/resource-policy": keep
32+
type: Opaque
33+
data:
34+
user: {{ .Values.secrets.message_broker.user | default "test" | b64enc | quote }}
35+
password: {{ .Values.secrets.message_broker.password | default "1234" | b64enc | quote }}
36+
---
37+
apiVersion: v1
38+
kind: Secret
2739
metadata:
2840
name: {{ include "reana.prefix" . }}-cern-sso-secrets
2941
namespace: {{ .Release.Namespace }}

helm/reana/values.yaml

+1
Original file line numberDiff line numberDiff line change
@@ -50,6 +50,7 @@ infrastructure_storage: {}
5050
secrets:
5151
database: {}
5252
cache: {}
53+
message_broker: {}
5354
gitlab: {}
5455
cern:
5556
sso: {}

0 commit comments

Comments
 (0)