Drop rabbitmq-cluster-operator dependency and manage RabbitMQ directly

.gitignore

@@ -45,3 +45,7 @@ go.work.sum
 .coverage
 __pycache__/
 *.pyc
+
+# claude and AI tools
+.claude
+CLAUDE.md

Makefile

@@ -121,11 +121,18 @@ tidy: ## Run go mod tidy on every mod file in the repo
 PROCS?=$(shell expr $(shell nproc --ignore 2) / 2)
 PROC_CMD = --procs ${PROCS}
 
+# Skip instanceha tests if --focus or --skip is used (focused test run)
+ifeq (,$(findstring --focus,$(GINKGO_ARGS))$(findstring --skip,$(GINKGO_ARGS)))
+INSTANCEHA_DEP = test-instanceha
+else
+INSTANCEHA_DEP =
+endif
+
 .PHONY: test
-test: manifests generate gowork fmt vet envtest ginkgo test-instanceha ## Run tests.
+test: manifests generate gowork fmt vet envtest ginkgo $(INSTANCEHA_DEP) ## Run tests.
 	KUBEBUILDER_ASSETS="$(shell $(ENVTEST) -v debug --bin-dir $(LOCALBIN) use $(ENVTEST_K8S_VERSION) -p path)" \
 	OPERATOR_TEMPLATES="$(PWD)/templates" \
-	$(GINKGO) --trace --cover --coverpkg=./pkg/...,./internal/...,./apis/network/v1beta1/...,./apis/rabbitmq/v1beta1/... --coverprofile cover.out --covermode=atomic ${PROC_CMD} $(GINKGO_ARGS) ./test/... ./apis/network/... ./apis/rabbitmq/... ./internal/webhook/...
+	$(GINKGO) --trace --cover --coverpkg=./pkg/...,./internal/...,./apis/network/v1beta1/...,./apis/rabbitmq/v1beta1/... --coverprofile cover.out --covermode=atomic ${PROC_CMD} $(GINKGO_ARGS) ./test/... ./apis/network/... ./apis/rabbitmq/... ./internal/webhook/... ./internal/controller/...
 
 .PHONY: test-instanceha
 test-instanceha: ## Run instanceha tests.

apis/go.mod

@@ -6,7 +6,6 @@ require (
 	github.com/go-logr/logr v1.4.3
 	github.com/onsi/gomega v1.39.1
 	github.com/openstack-k8s-operators/lib-common/modules/common v0.6.1-0.20260331122750-ecff41ebb61d
-	github.com/rabbitmq/cluster-operator/v2 v2.16.0
 	k8s.io/api v0.31.14
 	k8s.io/apiextensions-apiserver v0.33.2
 	k8s.io/apimachinery v0.31.14
@@ -19,6 +18,7 @@ require (
 	github.com/cespare/xxhash/v2 v2.3.0 // indirect
 	github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc // indirect
 	github.com/emicklei/go-restful/v3 v3.12.2 // indirect
+	github.com/evanphx/json-patch v5.9.11+incompatible // indirect
 	github.com/evanphx/json-patch/v5 v5.9.11 // indirect
 	github.com/fsnotify/fsnotify v1.9.0 // indirect
 	github.com/fxamacker/cbor/v2 v2.9.0 // indirect
@@ -90,9 +90,6 @@ replace k8s.io/code-generator => k8s.io/code-generator v0.31.14 //allow-merging
 
 replace k8s.io/component-base => k8s.io/component-base v0.31.14 //allow-merging
 
-// custom RabbitmqClusterSpecCore for OpenStackControlplane (v2.16.0_patches)
-replace github.com/rabbitmq/cluster-operator/v2 => github.com/openstack-k8s-operators/rabbitmq-cluster-operator/v2 v2.6.1-0.20250929174222-a0d328fa4dec //allow-merging
-
 replace k8s.io/kube-openapi => k8s.io/kube-openapi v0.0.0-20250627150254-e9823e99808e //allow-merging
 
 replace github.com/cert-manager/cmctl/v2 => github.com/cert-manager/cmctl/v2 v2.1.2-0.20241127223932-88edb96860cf //allow-merging

apis/go.sum

@@ -1,4 +1,3 @@
-github.com/Masterminds/semver v1.5.0 h1:H65muMkzWKEuNDnfl9d70GUjFniHKHRbFPGBuZ3QEww=
 github.com/Masterminds/semver/v3 v3.4.0 h1:Zog+i5UMtVoCU8oKka5P7i9q9HgrJeGzI9SA1Xbatp0=
 github.com/Masterminds/semver/v3 v3.4.0/go.mod h1:4V+yj/TJE1HU9XfppCwVMZq3I84lprf4nC11bSS5beM=
 github.com/beorn7/perks v1.0.1 h1:VlbKKnNfV8bJzeqoa4cOKqO6bYr3WgKZxO8Z16+hsOM=
@@ -86,8 +85,6 @@ github.com/openshift/api v0.0.0-20250711200046-c86d80652a9e h1:E1OdwSpqWuDPCedyU
 github.com/openshift/api v0.0.0-20250711200046-c86d80652a9e/go.mod h1:Shkl4HanLwDiiBzakv+con/aMGnVE2MAGvoKp5oyYUo=
 github.com/openstack-k8s-operators/lib-common/modules/common v0.6.1-0.20260331122750-ecff41ebb61d h1:qbH09BzypLy1+N133JVgfkRmDZaQKpDLwi/InqqOzGM=
 github.com/openstack-k8s-operators/lib-common/modules/common v0.6.1-0.20260331122750-ecff41ebb61d/go.mod h1:XUUV+h1nZC4kra5oF+cXPkviWYJ3ELhccHxnVO7CvQQ=
-github.com/openstack-k8s-operators/rabbitmq-cluster-operator/v2 v2.6.1-0.20250929174222-a0d328fa4dec h1:saovr368HPAKHN0aRPh8h8n9s9dn3d8Frmfua0UYRlc=
-github.com/openstack-k8s-operators/rabbitmq-cluster-operator/v2 v2.6.1-0.20250929174222-a0d328fa4dec/go.mod h1:Nh2NEePLjovUQof2krTAg4JaAoLacqtPTZQXK6izNfg=
 github.com/pkg/errors v0.9.1 h1:FEBLx1zS214owpjy7qsBeixbURkuhQAwrK5UwLGTwt4=
 github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
 github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=

apis/rabbitmq/v1beta1/conditions.go

@@ -19,6 +19,14 @@ import (
 	condition "github.com/openstack-k8s-operators/lib-common/modules/common/condition"
 )
 
+// RabbitMQ Condition Types used by API objects.
+const (
+	// RabbitMQProxyActiveCondition indicates that the AMQP proxy sidecar is running.
+	// Status=True means the proxy is active and must be cleared by setting the
+	// clients-reconfigured annotation. Status=False means no proxy is running.
+	RabbitMQProxyActiveCondition condition.Type = "RabbitMQProxyActive"
+)
+
 // TransportURL Condition Types used by API objects.
 const (
 	// TransportURLReadyCondition Status=True condition which indicates if TransportURL is configured and operational
@@ -39,6 +47,17 @@ const ()
 
 // Common Messages used by API objects.
 const (
+	//
+	// RabbitMQProxyActive condition messages
+	//
+
+	// RabbitMQProxyActiveMessage is the message when the proxy is active
+	RabbitMQProxyActiveMessage = "AMQP proxy sidecar is active for queue migration. " +
+		"To remove it, set annotation '%s: \"true\"' on the RabbitMq CR after all clients have been reconfigured for quorum queues"
+
+	// RabbitMQProxyInactiveMessage is the message when the proxy is not active
+	RabbitMQProxyInactiveMessage = "AMQP proxy sidecar is not active"
+
 	//
 	// TransportURLReady condition messages
 	//

apis/rabbitmq/v1beta1/rabbitmq_deprecated_types.go

@@ -0,0 +1,214 @@
+/*
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package v1beta1
+
+// DEPRECATED TYPES
+// These types are local mirrors of the old rabbitmq-cluster-operator types,
+// kept only for backward compatibility with existing CRs during migration.
+// They will be removed in a future release once all CRs have been migrated
+// to use the new explicit fields in RabbitMqSpecCore.
+
+import (
+	appsv1 "k8s.io/api/apps/v1"
+	corev1 "k8s.io/api/core/v1"
+	"k8s.io/apimachinery/pkg/api/resource"
+	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+)
+
+// DeprecatedEmbeddedLabelsAnnotations is an embedded subset of the fields included in
+// k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta. Only labels and annotations are included.
+type DeprecatedEmbeddedLabelsAnnotations struct {
+	// Map of string keys and values that can be used to organize and categorize (scope and select) objects.
+	// +optional
+	Labels map[string]string `json:"labels,omitempty"`
+	// Annotations is an unstructured key value map stored with a resource.
+	// +optional
+	Annotations map[string]string `json:"annotations,omitempty"`
+}
+
+// DeprecatedStatefulSetOverride mirrors the old rabbitmq-cluster-operator StatefulSet type.
+// Used for webhook validation of the override.statefulSet JSON field.
+type DeprecatedStatefulSetOverride struct {
+	// +optional
+	*DeprecatedEmbeddedLabelsAnnotations `json:"metadata,omitempty"`
+	// +optional
+	Spec *DeprecatedStatefulSetSpec `json:"spec,omitempty"`
+}
+
+// DeprecatedStatefulSetSpec mirrors a subset of the old rabbitmq-cluster-operator StatefulSetSpec type.
+type DeprecatedStatefulSetSpec struct {
+	// +optional
+	Replicas *int32 `json:"replicas,omitempty"`
+	// +optional
+	Selector *metav1.LabelSelector `json:"selector,omitempty"`
+	// +optional
+	Template *DeprecatedPodTemplateSpec `json:"template,omitempty"`
+	// +optional
+	VolumeClaimTemplates []corev1.PersistentVolumeClaim `json:"volumeClaimTemplates,omitempty"`
+	// +optional
+	ServiceName string `json:"serviceName,omitempty"`
+	// +optional
+	PodManagementPolicy appsv1.PodManagementPolicyType `json:"podManagementPolicy,omitempty"`
+	// +optional
+	UpdateStrategy *appsv1.StatefulSetUpdateStrategy `json:"updateStrategy,omitempty"`
+	// +optional
+	MinReadySeconds int32 `json:"minReadySeconds,omitempty"`
+	// +optional
+	PersistentVolumeClaimRetentionPolicy *appsv1.StatefulSetPersistentVolumeClaimRetentionPolicy `json:"persistentVolumeClaimRetentionPolicy,omitempty"`
+}
+
+// DeprecatedPodTemplateSpec mirrors the old rabbitmq-cluster-operator PodTemplateSpec type.
+type DeprecatedPodTemplateSpec struct {
+	// +optional
+	*DeprecatedEmbeddedObjectMeta `json:"metadata,omitempty"`
+	// +optional
+	Spec *corev1.PodSpec `json:"spec,omitempty"`
+}
+
+// DeprecatedEmbeddedObjectMeta mirrors the old rabbitmq-cluster-operator EmbeddedObjectMeta type.
+type DeprecatedEmbeddedObjectMeta struct {
+	// +optional
+	Name string `json:"name,omitempty"`
+	// +optional
+	Namespace string `json:"namespace,omitempty"`
+	// +optional
+	Labels map[string]string `json:"labels,omitempty"`
+	// +optional
+	Annotations map[string]string `json:"annotations,omitempty"`
+}
+
+// DeprecatedRabbitMQServiceSpec mirrors the old top-level service configuration.
+// DEPRECATED: Use Override.Service instead.
+type DeprecatedRabbitMQServiceSpec struct {
+	// +kubebuilder:default:="ClusterIP"
+	// +kubebuilder:validation:Enum=ClusterIP;LoadBalancer;NodePort
+	// Type of Service to create for the cluster. Must be one of: ClusterIP, LoadBalancer, NodePort.
+	// For more info see https://pkg.go.dev/k8s.io/api/core/v1#ServiceType
+	// +optional
+	Type corev1.ServiceType `json:"type,omitempty"`
+	// Annotations to add to the Service.
+	// +optional
+	Annotations map[string]string `json:"annotations,omitempty"`
+	// +optional
+	Labels map[string]string `json:"labels,omitempty"`
+	// +kubebuilder:validation:Enum=SingleStack;PreferDualStack;RequireDualStack
+	// IPFamilyPolicy represents the dual-stack-ness requested or required by a Service
+	// See also: https://pkg.go.dev/k8s.io/api/core/v1#IPFamilyPolicy
+	// +optional
+	IPFamilyPolicy *corev1.IPFamilyPolicy `json:"ipFamilyPolicy,omitempty"`
+}
+
+// DeprecatedPersistenceSpec mirrors the old rabbitmq-cluster-operator RabbitmqClusterPersistenceSpec type.
+type DeprecatedPersistenceSpec struct {
+	// The name of the StorageClass to claim a PersistentVolume from.
+	StorageClassName *string `json:"storageClassName,omitempty"`
+	// The requested size of the persistent volume attached to each Pod in the RabbitmqCluster.
+	// The format of this field matches that defined by kubernetes/apimachinery.
+	// See https://pkg.go.dev/k8s.io/apimachinery/pkg/api/resource#Quantity for more info on the format of this field.
+	// +kubebuilder:default:="10Gi"
+	Storage *resource.Quantity `json:"storage,omitempty"`
+}
+
+// DeprecatedRabbitmqConfigSpec mirrors the old rabbitmq-cluster-operator RabbitmqClusterConfigurationSpec type.
+type DeprecatedRabbitmqConfigSpec struct {
+	// List of plugins to enable in addition to essential plugins: rabbitmq_management,
+	// rabbitmq_prometheus, and rabbitmq_peer_discovery_k8s.
+	// +optional
+	// +kubebuilder:validation:MaxItems=100
+	AdditionalPlugins []RabbitMQPlugin `json:"additionalPlugins,omitempty"`
+	// Modify to add to the rabbitmq.conf file in addition to default configurations set by the operator.
+	// Modifying this property on an existing RabbitmqCluster will trigger a StatefulSet rolling restart
+	// and will cause rabbitmq downtime.
+	// For more information on this config, see https://www.rabbitmq.com/configure.html#config-file
+	// +optional
+	// +kubebuilder:validation:MaxLength=100000
+	AdditionalConfig string `json:"additionalConfig,omitempty"`
+	// Specify any rabbitmq advanced.config configurations to apply to the cluster.
+	// For more information on advanced config, see https://www.rabbitmq.com/configure.html#advanced-config-file
+	// +optional
+	// +kubebuilder:validation:MaxLength=100000
+	AdvancedConfig string `json:"advancedConfig,omitempty"`
+	// Modify to add to the rabbitmq-env.conf file. Modifying this property on an existing
+	// RabbitmqCluster will trigger a StatefulSet rolling restart and will cause rabbitmq downtime.
+	// For more information on env config, see https://www.rabbitmq.com/man/rabbitmq-env.conf.5.html
+	// +optional
+	// +kubebuilder:validation:MaxLength=100000
+	EnvConfig string `json:"envConfig,omitempty"`
+	// Erlang Inet configuration to apply to the Erlang VM running rabbit.
+	// See also: https://www.erlang.org/doc/apps/erts/inet_cfg.html
+	// +optional
+	// +kubebuilder:validation:MaxLength=2000
+	ErlangInetConfig string `json:"erlangInetConfig,omitempty"`
+}
+
+// DeprecatedSecretBackendSpec mirrors the old rabbitmq-cluster-operator SecretBackend type.
+type DeprecatedSecretBackendSpec struct {
+	// +optional
+	ExternalSecret *corev1.LocalObjectReference `json:"externalSecret,omitempty"`
+	// +optional
+	Vault *DeprecatedVaultSpec `json:"vault,omitempty"`
+}
+
+// DeprecatedVaultSpec mirrors the old rabbitmq-cluster-operator VaultSpec type.
+// VaultSpec will add Vault annotations (see https://www.vaultproject.io/docs/platform/k8s/injector/annotations)
+// to RabbitMQ Pods. It requires a Vault Agent Sidecar Injector
+// (https://www.vaultproject.io/docs/platform/k8s/injector) to be installed in the K8s cluster.
+type DeprecatedVaultSpec struct {
+	// Role in Vault.
+	// If vault.defaultUserPath is set, this role must have capability to read the pre-created default user
+	// credential in Vault.
+	// If vault.tls is set, this role must have capability to create and update certificates in the Vault PKI
+	// engine for the domains "<namespace>" and "<namespace>.svc".
+	// +optional
+	Role string `json:"role,omitempty"`
+	// Vault annotations that override the Vault annotations set by the cluster-operator.
+	// For a list of valid Vault annotations, see
+	// https://www.vaultproject.io/docs/platform/k8s/injector/annotations
+	// +optional
+	Annotations map[string]string `json:"annotations,omitempty"`
+	// Path in Vault to access a KV (Key-Value) secret with the fields username and password
+	// for the default user. For example "secret/data/rabbitmq/config".
+	// +optional
+	DefaultUserPath string `json:"defaultUserPath,omitempty"`
+	// Sidecar container that updates the default user's password in RabbitMQ when it changes in Vault.
+	// Additionally, it updates /var/lib/rabbitmq/.rabbitmqadmin.conf (used by rabbitmqadmin CLI).
+	// Set to empty string to disable the sidecar container.
+	// +optional
+	DefaultUserUpdaterImage string `json:"defaultUserUpdaterImage,omitempty"`
+	// +optional
+	TLS *DeprecatedVaultTLSSpec `json:"tls,omitempty"`
+}
+
+// DeprecatedVaultTLSSpec mirrors the old rabbitmq-cluster-operator VaultSpec TLS fields.
+type DeprecatedVaultTLSSpec struct {
+	// Path in Vault PKI engine. For example "pki/issue/hashicorp-com". Required.
+	// +optional
+	PkiIssuerPath string `json:"pkiIssuerPath,omitempty"`
+	// Specifies an optional path to retrieve the root CA from vault.
+	// Useful if certificates are issued by an intermediate CA.
+	// +optional
+	PkiRootPath string `json:"pkiRootPath,omitempty"`
+	// Specifies the requested Subject Alternative Names (SANs), in a comma-delimited list.
+	// These will be appended to the SANs added by the cluster-operator.
+	// +optional
+	AltNames string `json:"altNames,omitempty"`
+	// Specifies the requested certificate Common Name (CN).
+	// Defaults to <serviceName>.<namespace>.svc if not provided.
+	// +optional
+	CommonName string `json:"commonName,omitempty"`
+	// Specifies the requested IP Subject Alternative Names, in a comma-delimited list.
+	// +optional
+	IpSans string `json:"ipSans,omitempty"`
+}