Rabbitmq cluster operator changes

.yamllint

@@ -40,11 +40,9 @@ ignore: |
   roles/infrastructure/templates/cronjob-postgres-backup-weekly.yaml.j2
   roles/infrastructure/templates/pvc-postgres.yaml.j2
   roles/infrastructure/templates/pvc-postgres-backup.yaml.j2
-  roles/infrastructure/templates/pvc-rabbitmq-data.yaml.j2
-  roles/infrastructure/templates/pvc-rabbitmq-log.yaml.j2
   roles/infrastructure/templates/serviceaccount-im-infra.yaml.j2
   roles/infrastructure/templates/statefulset-keycloak.yaml.j2
   roles/infrastructure/templates/statefulset-postgres.yaml.j2
-  roles/infrastructure/templates/statefulset-rabbitmq.yaml.j2
+  roles/infrastructure/templates/rabbitmqcluster.yaml.j2
   roles/infrastructure/templates/ingress-keycloak.yaml.j2
   provisioning/ingress-controller/ingress-nginx-2.9.1.yaml

roles/infrastructure/defaults/main.yaml

@@ -109,6 +109,10 @@ kc_admin_password: "{{ lookup('password', '/dev/null length=12 chars=ascii_lette
 # the Keycloak DB is (at the moment) part of the core database installation.
 rabbitmq_state: present
 
+# The RabbitMQ management server version to deploy,
+# the version will have '-management' automatically applied as a postfix.
+rabbitmq_version: 4.2.1
+
 # The hostname of the server that will host Keycloak,
 # devoid of the protocol (i.e. 'https://' assumed so just 'example.com').
 # If not set (blank) no ingress is created.
@@ -122,7 +126,7 @@ rabbitmq_cert_issuer: production
 rabbitmq_user: admin
 rabbitmq_user_password: "{{ lookup('password', '/dev/null length=12 chars=ascii_letters') }}"
 
+rabbitmq_replicas: 2
+
 rabbitmq_vol_storageclass: " "
 rabbitmq_vol_size_g: 1
-rabbitmq_log_vol_storageclass: " "
-rabbitmq_log_vol_size_g: 1

roles/infrastructure/tasks/deploy-rabbitmq.yaml

@@ -16,40 +16,6 @@
   ansible.builtin.assert:
     that: n_result.resources | length == 1
 
-# Secrets (RabbitMQ) ----------------------------------------------------------
-
-- name: Create RabbitMQ Secret
-  when: rabbitmq_state|string == 'present'
-  block:
-
-  - name: Check RabbitMQ secrets
-    kubernetes.core.k8s_info:
-      kind: Secret
-      api_version: v1
-      namespace: "{{ infra_namespace }}"
-      name: im-rabbitmq
-    register: rmq_s_result
-
-  - name: Set RabbitMQ secret facts
-    ansible.builtin.set_fact:
-      rabbitmq_user_fact: "{{ rabbitmq_user }}"
-      rabbitmq_user_password_fact: "{{ rabbitmq_user_password }}"
-      rabbitmq_erlang_cookie_fact: "{{ rabbitmq_erlang_cookie }}"
-    when: rmq_s_result.resources | length == 0
-
-  - name: Set RabbitMQ secret facts (pre-deployed secrets)
-    ansible.builtin.set_fact:
-      rabbitmq_user_fact: "{{ rmq_s_result.resources[0].data.user | b64decode }}"
-      rabbitmq_user_password_fact: "{{ rmq_s_result.resources[0].data.password | b64decode }}"
-      rabbitmq_erlang_cookie_fact: "{{ rmq_s_result.resources[0].data.erlang_cookie | b64decode }}"
-    when: rmq_s_result.resources | length == 1
-
-  - name: Write RabbitMQ secrets
-    kubernetes.core.k8s:
-      definition: "{{ lookup('template', 'secret-rabbitmq.yaml.j2') }}"
-      wait: yes
-    when: rmq_s_result.resources | length == 0
-
 # RabbitMQ --------------------------------------------------------------------
 
 - name: Deploy RabbitMQ
@@ -60,68 +26,25 @@
       that:
       - kc_cert_issuer in cert_issuer_set
 
-  - name: Get {{ rabbitmq_vol_storageclass }} StorageClass
-    kubernetes.core.k8s_info:
-      kind: StorageClass
-      name: "{{ rabbitmq_vol_storageclass }}"
-    register: sc_result
-    when: rabbitmq_vol_storageclass != " "
-
-  - name: Assert {{ pg_vol_storageclass }} StorageClass
-    ansible.builtin.assert:
-      that: sc_result.resources | length == 1
-      fail_msg: The {{ rabbitmq_vol_storageclass }} StorageClass must be available on the cluster
-    when: rabbitmq_vol_storageclass != " "
-
-  - name: Create RabbitMQ volume claims
-    kubernetes.core.k8s:
-      definition: "{{ lookup('template', item) }}"
-      wait: yes
-      wait_timeout: "{{ wait_timeout }}"
-    loop:
-    - pvc-rabbitmq-data.yaml.j2
-    - pvc-rabbitmq-log.yaml.j2
-
-  # Best practice ... wait for the PVC to bind.
-  # e.g. wait until resources[0].status.phase == Bound (initially Pending)
-
-  - name: Wait for RabbitMQ volume claim to bind
-    kubernetes.core.k8s_info:
-      kind: PersistentVolumeClaim
-      name: rabbitmq-data
-      namespace: "{{ infra_namespace }}"
-    register: rabbitmq_pvc_result
-    until: >-
-      rabbitmq_pvc_result.resources | length > 0
-      and rabbitmq_pvc_result.resources[0].status is defined
-      and rabbitmq_pvc_result.resources[0].status.phase is defined
-      and rabbitmq_pvc_result.resources[0].status.phase == 'Bound'
-    delay: 5
-    retries: "{{ (bind_timeout | int / 5) | int }}"
-    when: wait_for_bind | bool
-
   - name: RabbitMQ
     kubernetes.core.k8s:
       definition: "{{ lookup('template', item) }}"
       wait: yes
       wait_timeout: "{{ wait_timeout }}"
     loop:
-    - configmap-rabbitmq-conf.yaml.j2
-    - configmap-rabbitmq-plugins.yaml.j2
-    - service-rabbitmq.yaml.j2
-    - statefulset-rabbitmq.yaml.j2
+    - rabbitmqcluster.yaml.j2
 
   - name: Wait for RabbitMQ to become Ready ({{ wait_timeout }} seconds)
     kubernetes.core.k8s_info:
       kind: Pod
-      name: rabbitmq-0
+      name: rabbit-server-0
       namespace: "{{ infra_namespace }}"
     register: rabbitmq_result
     until: >-
-      rabbitmq_result.resources | length == 1
+      rabbitmq_result.resources | length > 0
       and rabbitmq_result.resources[0].status is defined
       and rabbitmq_result.resources[0].status.containerStatuses is defined
-      and rabbitmq_result.resources[0].status.containerStatuses | length == 1
+      and rabbitmq_result.resources[0].status.containerStatuses | length > 0
       and rabbitmq_result.resources[0].status.containerStatuses[0].ready
     delay: 30
     retries: "{{ (wait_timeout | int / 30) | int }}"

roles/infrastructure/templates/ingress-rabbitmq.yaml.j2

@@ -20,6 +20,6 @@ spec:
         pathType: Prefix
         backend:
           service:
-            name: rabbitmq
+            name: rabbit
             port:
-              name: http
+              name: management

roles/infrastructure/templates/rabbitmqcluster.yaml.j2

@@ -0,0 +1,47 @@
+---
+apiVersion: rabbitmq.com/v1beta1
+kind: RabbitmqCluster
+metadata:
+  # The instance name can be called pretty-much anything...
+  # except rabbitmq!?
+  name: rabbit
+  namespace: {{ infra_namespace }}
+spec:
+  image: rabbitmq:{{ rabbitmq_version }}-management
+  replicas: {{ rabbitmq_replicas }}
+  rabbitmq:
+    additionalPlugins:
+    - rabbitmq_management
+    - rabbitmq_peer_discovery_k8s
+    - rabbitmq_prometheus
+    - rabbitmq_stream
+    - rabbitmq_stream_management
+  resources:
+{% if rabbitmq_cpu_request or rabbitmq_mem_request %}
+    requests:
+{% if rabbitmq_cpu_request %}
+      cpu: {{ rabbitmq_cpu_request }}
+{% endif %}
+{% if rabbitmq_mem_request %}
+      memory: {{ rabbitmq_mem_request }}
+{% endif %}
+{% endif %}
+{% if rabbitmq_cpu_limit or rabbitmq_mem_limit %}
+    limits:
+{% if rabbitmq_cpu_limit %}
+      cpu: {{ rabbitmq_cpu_limit }}
+{% endif %}
+{% if rabbitmq_mem_limit %}
+      memory: {{ rabbitmq_mem_limit }}
+{% endif %}
+{% endif %}
+  persistence:
+    storageClassName: {{ rabbitmq_vol_storageclass }}
+    storage: {{ rabbitmq_vol_size_g }}Gi
+  override:
+    statefulSet:
+      spec:
+        template:
+          spec:
+            containers: []
+            priorityClassName: im-application-high