Drop rabbitmq-cluster-operator dependency and manage RabbitMQ directly

Remove the dependency on the external rabbitmq-cluster-operator and have
the infra-operator manage RabbitMQ StatefulSets, Services, ConfigMaps,
and Secrets directly.

Core controller changes:
- Direct StatefulSet management with proper volume mounts, config
  generation, and TLS support (both client and inter-node)
- Service creation for client (AMQP/AMQPS) and headless node discovery
- ConfigMap generation for server config, plugins, and config-data
- Secret management for default-user credentials and Erlang cookie
- PodDisruptionBudget for multi-replica deployments
- Fix stale ownerReferences in volumeClaimTemplates from adopted
  StatefulSets (orphan-delete + recreate with annotation-based storage
  class preservation)
- Set skipPreStopChecks label on pods before StatefulSet deletion
  (storage wipe and CR deletion) to prevent 7-day termination hangs

Version upgrade workflow (3.x to 4.x):
- State machine with phases: DeletingResources -> WaitingForCluster
- Detects targetVersion changes and triggers storage wipe when crossing
  major versions (required by RabbitMQ for 3.x -> 4.x upgrades)
- Sets wipeReason=VersionUpgrade in status to track upgrade progress
- Cleans up StatefulSet PVCs before recreating with new version image
- Tracks currentVersion in status after successful upgrade

Queue type migration (Mirrored to Quorum):
- Supports migrating from classic mirrored (ha-all policy) queues to
  quorum queues via spec.queueType change
- Triggers storage wipe with wipeReason=QueueTypeMigration
- Manages ha-all policy lifecycle: applies for Mirrored (replicas > 1),
  removes when transitioning away from Mirrored
- Defaulting webhook forces queueType from Mirrored to Quorum when
  targetVersion is 4.x+, since mirrored queues are not supported in
  RabbitMQ 4.x. This enables the openstack-operator to upgrade from
  3.x (Mirrored) to 4.x and have the migration handled automatically
- Validation webhook rejects Mirrored+4.x as a safety net after
  defaulting

AMQP proxy sidecar:
- Python-based TCP proxy injected as a sidecar container when
  status.proxyRequired is true (after version upgrade or queue migration)
- Listens on port 5672 (plain) or 5671 (TLS) depending on TLS config
- Forwards connections to RabbitMQ backend on port 5673
- Removed via clients-reconfigured annotation once consumers reconnect
- Includes liveness/readiness probes and TLS certificate mounting

Migration from rabbitmq-cluster-operator:
- Adoption logic reparents existing StatefulSets, Services, and Secrets
  from old RabbitmqCluster owner to new RabbitMq CR
- Cleans up old RabbitmqCluster CR after successful adoption
- Fixes stale volumeClaimTemplate ownerReferences that cause new PVCs
  to be garbage-collected when scaling up adopted StatefulSets

Testing:
- Comprehensive kuttl tests covering cluster deployment, TLS, scale-up,
  version upgrade (with and without TLS), queue migration, Mirrored-to-
  Quorum upgrade with version change, resource management
  (vhost/user/policy), and migration scenarios
- Updated functional tests for the new controller logic including
  VCT fix, combined version+queue migration, and proxy sidecar

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

Author: lmiccini

Makefile

@@ -121,11 +121,18 @@ tidy: ## Run go mod tidy on every mod file in the repo
 PROCS?=$(shell expr $(shell nproc --ignore 2) / 2)
 PROC_CMD = --procs ${PROCS}
 
+# Skip instanceha tests if --focus or --skip is used (focused test run)
+ifeq (,$(findstring --focus,$(GINKGO_ARGS))$(findstring --skip,$(GINKGO_ARGS)))
+INSTANCEHA_DEP = test-instanceha
+else
+INSTANCEHA_DEP =
+endif
+
 .PHONY: test
-test: manifests generate gowork fmt vet envtest ginkgo test-instanceha ## Run tests.
+test: manifests generate gowork fmt vet envtest ginkgo $(INSTANCEHA_DEP) ## Run tests.
 	KUBEBUILDER_ASSETS="$(shell $(ENVTEST) -v debug --bin-dir $(LOCALBIN) use $(ENVTEST_K8S_VERSION) -p path)" \
 	OPERATOR_TEMPLATES="$(PWD)/templates" \
-	$(GINKGO) --trace --cover --coverpkg=./pkg/...,./internal/...,./apis/network/v1beta1/...,./apis/rabbitmq/v1beta1/... --coverprofile cover.out --covermode=atomic ${PROC_CMD} $(GINKGO_ARGS) ./test/... ./apis/network/... ./apis/rabbitmq/... ./internal/webhook/...
+	$(GINKGO) --trace --cover --coverpkg=./pkg/...,./internal/...,./apis/network/v1beta1/...,./apis/rabbitmq/v1beta1/... --coverprofile cover.out --covermode=atomic ${PROC_CMD} $(GINKGO_ARGS) ./test/... ./apis/network/... ./apis/rabbitmq/... ./internal/webhook/... ./internal/controller/...
 
 .PHONY: test-instanceha
 test-instanceha: ## Run instanceha tests.

apis/bases/rabbitmq.openstack.org_rabbitmqs.yaml

@@ -4,9 +4,8 @@ go 1.24.4
 
 require (
 	github.com/go-logr/logr v1.4.3
-	github.com/onsi/gomega v1.39.1
-	github.com/openstack-k8s-operators/lib-common/modules/common v0.6.1-0.20260310070607-b96da8dd520e
-	github.com/rabbitmq/cluster-operator/v2 v2.16.0
+	github.com/onsi/gomega v1.39.0
+	github.com/openstack-k8s-operators/lib-common/modules/common v0.6.1-0.20260205083029-d03e9df035ef
 	k8s.io/api v0.31.14
 	k8s.io/apiextensions-apiserver v0.33.2
 	k8s.io/apimachinery v0.31.14
@@ -19,6 +18,7 @@ require (
 	github.com/cespare/xxhash/v2 v2.3.0 // indirect
 	github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc // indirect
 	github.com/emicklei/go-restful/v3 v3.12.2 // indirect
+	github.com/evanphx/json-patch v5.9.11+incompatible // indirect
 	github.com/evanphx/json-patch/v5 v5.9.11 // indirect
 	github.com/fsnotify/fsnotify v1.9.0 // indirect
 	github.com/fxamacker/cbor/v2 v2.9.0 // indirect
@@ -40,13 +40,13 @@ require (
 	github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd // indirect
 	github.com/modern-go/reflect2 v1.0.3-0.20250322232337-35a7c28c31ee // indirect
 	github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 // indirect
+	github.com/onsi/ginkgo/v2 v2.28.1 // indirect
 	github.com/openshift/api v3.9.0+incompatible // indirect
 	github.com/pkg/errors v0.9.1 // indirect
 	github.com/prometheus/client_golang v1.22.0 // indirect
 	github.com/prometheus/client_model v0.6.2 // indirect
 	github.com/prometheus/common v0.65.0 // indirect
 	github.com/prometheus/procfs v0.16.1 // indirect
-	github.com/rogpeppe/go-internal v1.13.1 // indirect
 	github.com/spf13/pflag v1.0.7 // indirect
 	github.com/x448/float16 v0.8.4 // indirect
 	go.yaml.in/yaml/v2 v2.4.2 // indirect
@@ -90,9 +90,6 @@ replace k8s.io/code-generator => k8s.io/code-generator v0.31.14 //allow-merging
 
 replace k8s.io/component-base => k8s.io/component-base v0.31.14 //allow-merging
 
-// custom RabbitmqClusterSpecCore for OpenStackControlplane (v2.16.0_patches)
-replace github.com/rabbitmq/cluster-operator/v2 => github.com/openstack-k8s-operators/rabbitmq-cluster-operator/v2 v2.6.1-0.20250929174222-a0d328fa4dec //allow-merging
-
 replace k8s.io/kube-openapi => k8s.io/kube-openapi v0.0.0-20250627150254-e9823e99808e //allow-merging
 
 replace github.com/cert-manager/cmctl/v2 => github.com/cert-manager/cmctl/v2 v2.1.2-0.20241127223932-88edb96860cf //allow-merging

apis/go.mod

@@ -1,4 +1,3 @@
-github.com/Masterminds/semver v1.5.0 h1:H65muMkzWKEuNDnfl9d70GUjFniHKHRbFPGBuZ3QEww=
 github.com/Masterminds/semver/v3 v3.4.0 h1:Zog+i5UMtVoCU8oKka5P7i9q9HgrJeGzI9SA1Xbatp0=
 github.com/Masterminds/semver/v3 v3.4.0/go.mod h1:4V+yj/TJE1HU9XfppCwVMZq3I84lprf4nC11bSS5beM=
 github.com/beorn7/perks v1.0.1 h1:VlbKKnNfV8bJzeqoa4cOKqO6bYr3WgKZxO8Z16+hsOM=
@@ -77,17 +76,14 @@ github.com/modern-go/reflect2 v1.0.3-0.20250322232337-35a7c28c31ee h1:W5t00kpgFd
 github.com/modern-go/reflect2 v1.0.3-0.20250322232337-35a7c28c31ee/go.mod h1:yWuevngMOJpCy52FWWMvUC8ws7m/LJsjYzDa0/r8luk=
 github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 h1:C3w9PqII01/Oq1c1nUAm88MOHcQC9l5mIlSMApZMrHA=
 github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822/go.mod h1:+n7T8mK8HuQTcFwEeznm/DIxMOiR9yIdICNftLE1DvQ=
-github.com/onsi/ginkgo v1.16.5 h1:8xi0RTUf59SOSfEtZMvwTvXYMzG4gV23XVHOZiXNtnE=
 github.com/onsi/ginkgo/v2 v2.28.1 h1:S4hj+HbZp40fNKuLUQOYLDgZLwNUVn19N3Atb98NCyI=
 github.com/onsi/ginkgo/v2 v2.28.1/go.mod h1:CLtbVInNckU3/+gC8LzkGUb9oF+e8W8TdUsxPwvdOgE=
-github.com/onsi/gomega v1.39.1 h1:1IJLAad4zjPn2PsnhH70V4DKRFlrCzGBNrNaru+Vf28=
-github.com/onsi/gomega v1.39.1/go.mod h1:hL6yVALoTOxeWudERyfppUcZXjMwIMLnuSfruD2lcfg=
+github.com/onsi/gomega v1.39.0 h1:y2ROC3hKFmQZJNFeGAMeHZKkjBL65mIZcvrLQBF9k6Q=
+github.com/onsi/gomega v1.39.0/go.mod h1:ZCU1pkQcXDO5Sl9/VVEGlDyp+zm0m1cmeG5TOzLgdh4=
 github.com/openshift/api v0.0.0-20250711200046-c86d80652a9e h1:E1OdwSpqWuDPCedyUt0GEdoAE+r5TXy7YS21yNEo+2U=
 github.com/openshift/api v0.0.0-20250711200046-c86d80652a9e/go.mod h1:Shkl4HanLwDiiBzakv+con/aMGnVE2MAGvoKp5oyYUo=
-github.com/openstack-k8s-operators/lib-common/modules/common v0.6.1-0.20260310070607-b96da8dd520e h1:EXpPxBaSHBDyAXhDApotNd9AZOm/DQfvAKdrWO5W4XA=
-github.com/openstack-k8s-operators/lib-common/modules/common v0.6.1-0.20260310070607-b96da8dd520e/go.mod h1:+vcGsjqibpMUz3y/g0B5YIXNotlTvQdMB6f92siiwKM=
-github.com/openstack-k8s-operators/rabbitmq-cluster-operator/v2 v2.6.1-0.20250929174222-a0d328fa4dec h1:saovr368HPAKHN0aRPh8h8n9s9dn3d8Frmfua0UYRlc=
-github.com/openstack-k8s-operators/rabbitmq-cluster-operator/v2 v2.6.1-0.20250929174222-a0d328fa4dec/go.mod h1:Nh2NEePLjovUQof2krTAg4JaAoLacqtPTZQXK6izNfg=
+github.com/openstack-k8s-operators/lib-common/modules/common v0.6.1-0.20260205083029-d03e9df035ef h1:SgzLekXtZuApbRylC3unCXnMaUClT5FPuqsxzIjt3Go=
+github.com/openstack-k8s-operators/lib-common/modules/common v0.6.1-0.20260205083029-d03e9df035ef/go.mod h1:ndqfy1KbVorHH6+zlUFPIrCRhMSxO3ImYJUGaooE0x0=
 github.com/pkg/errors v0.9.1 h1:FEBLx1zS214owpjy7qsBeixbURkuhQAwrK5UwLGTwt4=
 github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
 github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=

apis/go.sum

@@ -0,0 +1,167 @@
+/*
+Copyright 2025.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package v1beta1
+
+// DEPRECATED TYPES
+// These types are local mirrors of the old rabbitmq-cluster-operator types,
+// kept only for backward compatibility with existing CRs during migration.
+// They will be removed in a future release once all CRs have been migrated
+// to use the new explicit fields in RabbitMqSpecCore.
+
+import (
+	appsv1 "k8s.io/api/apps/v1"
+	corev1 "k8s.io/api/core/v1"
+	"k8s.io/apimachinery/pkg/api/resource"
+	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+	"k8s.io/apimachinery/pkg/runtime"
+)
+
+// DeprecatedOverride mirrors the old rabbitmq-cluster-operator OverrideTrimmed type.
+// +kubebuilder:pruning:PreserveUnknownFields
+type DeprecatedOverride struct {
+	// Override configuration for the RabbitMQ StatefulSet.
+	StatefulSet *runtime.RawExtension `json:"statefulSet,omitempty"`
+	// Override configuration for the Service created to serve traffic to the cluster.
+	Service *DeprecatedServiceOverride `json:"service,omitempty"`
+}
+
+// DeprecatedServiceOverride mirrors the old rabbitmq-cluster-operator Service type.
+type DeprecatedServiceOverride struct {
+	// +optional
+	*DeprecatedEmbeddedLabelsAnnotations `json:"metadata,omitempty"`
+	// Spec defines the behavior of a Service.
+	// +optional
+	Spec *corev1.ServiceSpec `json:"spec,omitempty"`
+}
+
+// DeprecatedEmbeddedLabelsAnnotations mirrors the old rabbitmq-cluster-operator EmbeddedLabelsAnnotations type.
+type DeprecatedEmbeddedLabelsAnnotations struct {
+	// +optional
+	Labels map[string]string `json:"labels,omitempty"`
+	// +optional
+	Annotations map[string]string `json:"annotations,omitempty"`
+}
+
+// DeprecatedStatefulSetOverride mirrors the old rabbitmq-cluster-operator StatefulSet type.
+// Used for webhook validation of the override.statefulSet JSON field.
+type DeprecatedStatefulSetOverride struct {
+	// +optional
+	*DeprecatedEmbeddedLabelsAnnotations `json:"metadata,omitempty"`
+	// +optional
+	Spec *DeprecatedStatefulSetSpec `json:"spec,omitempty"`
+}
+
+// DeprecatedStatefulSetSpec mirrors a subset of the old rabbitmq-cluster-operator StatefulSetSpec type.
+type DeprecatedStatefulSetSpec struct {
+	// +optional
+	Replicas *int32 `json:"replicas,omitempty"`
+	// +optional
+	Selector *metav1.LabelSelector `json:"selector,omitempty"`
+	// +optional
+	Template *DeprecatedPodTemplateSpec `json:"template,omitempty"`
+	// +optional
+	VolumeClaimTemplates []corev1.PersistentVolumeClaim `json:"volumeClaimTemplates,omitempty"`
+	// +optional
+	ServiceName string `json:"serviceName,omitempty"`
+	// +optional
+	PodManagementPolicy appsv1.PodManagementPolicyType `json:"podManagementPolicy,omitempty"`
+	// +optional
+	UpdateStrategy *appsv1.StatefulSetUpdateStrategy `json:"updateStrategy,omitempty"`
+	// +optional
+	MinReadySeconds int32 `json:"minReadySeconds,omitempty"`
+	// +optional
+	PersistentVolumeClaimRetentionPolicy *appsv1.StatefulSetPersistentVolumeClaimRetentionPolicy `json:"persistentVolumeClaimRetentionPolicy,omitempty"`
+}
+
+// DeprecatedPodTemplateSpec mirrors the old rabbitmq-cluster-operator PodTemplateSpec type.
+type DeprecatedPodTemplateSpec struct {
+	// +optional
+	*DeprecatedEmbeddedObjectMeta `json:"metadata,omitempty"`
+	// +optional
+	Spec *corev1.PodSpec `json:"spec,omitempty"`
+}
+
+// DeprecatedEmbeddedObjectMeta mirrors the old rabbitmq-cluster-operator EmbeddedObjectMeta type.
+type DeprecatedEmbeddedObjectMeta struct {
+	// +optional
+	Name string `json:"name,omitempty"`
+	// +optional
+	Namespace string `json:"namespace,omitempty"`
+	// +optional
+	Labels map[string]string `json:"labels,omitempty"`
+	// +optional
+	Annotations map[string]string `json:"annotations,omitempty"`
+}
+
+// DeprecatedPersistenceSpec mirrors the old rabbitmq-cluster-operator RabbitmqClusterPersistenceSpec type.
+type DeprecatedPersistenceSpec struct {
+	// The name of the StorageClass to claim a PersistentVolume from.
+	StorageClassName *string `json:"storageClassName,omitempty"`
+	// The requested size of the persistent volume.
+	// +kubebuilder:default:="10Gi"
+	Storage *resource.Quantity `json:"storage,omitempty"`
+}
+
+// DeprecatedRabbitmqConfigSpec mirrors the old rabbitmq-cluster-operator RabbitmqClusterConfigurationSpec type.
+type DeprecatedRabbitmqConfigSpec struct {
+	// +optional
+	AdditionalPlugins []string `json:"additionalPlugins,omitempty"`
+	// +optional
+	AdditionalConfig string `json:"additionalConfig,omitempty"`
+	// +optional
+	AdvancedConfig string `json:"advancedConfig,omitempty"`
+	// +optional
+	EnvConfig string `json:"envConfig,omitempty"`
+	// +optional
+	ErlangInetConfig string `json:"erlangInetConfig,omitempty"`
+}
+
+// DeprecatedSecretBackendSpec mirrors the old rabbitmq-cluster-operator SecretBackend type.
+type DeprecatedSecretBackendSpec struct {
+	// +optional
+	ExternalSecret *corev1.LocalObjectReference `json:"externalSecret,omitempty"`
+	// +optional
+	Vault *DeprecatedVaultSpec `json:"vault,omitempty"`
+}
+
+// DeprecatedVaultSpec mirrors the old rabbitmq-cluster-operator VaultSpec type.
+type DeprecatedVaultSpec struct {
+	// +optional
+	Role string `json:"role,omitempty"`
+	// +optional
+	Annotations map[string]string `json:"annotations,omitempty"`
+	// +optional
+	DefaultUserPath string `json:"defaultUserPath,omitempty"`
+	// +optional
+	DefaultUserUpdaterImage string `json:"defaultUserUpdaterImage,omitempty"`
+	// +optional
+	TLS *DeprecatedVaultTLSSpec `json:"tls,omitempty"`
+}
+
+// DeprecatedVaultTLSSpec mirrors the old rabbitmq-cluster-operator VaultSpec TLS fields.
+type DeprecatedVaultTLSSpec struct {
+	// +optional
+	PkiIssuerPath string `json:"pkiIssuerPath,omitempty"`
+	// +optional
+	PkiRootPath string `json:"pkiRootPath,omitempty"`
+	// +optional
+	AltNames string `json:"altNames,omitempty"`
+	// +optional
+	CommonName string `json:"commonName,omitempty"`
+	// +optional
+	IpSans string `json:"ipSans,omitempty"`
+}