From b2d45ee0c482576906c541aad5aec3cdf14e7b39 Mon Sep 17 00:00:00 2001 From: Marko Oldenburg Date: Tue, 18 Mar 2025 08:30:01 +0100 Subject: [PATCH] ``` Rename artemis-broker to artemis-broker-primary This commit renames and refactors the Helm chart for the artemis-broker. The original files in the artemis-broker directory are renamed and moved to artemis-broker-primary. The purpose of this change is to enable a clear distinction between the primary broker configuration and any backup or alternative configurations. Additionally, the configuration has been updated to support enhancements in TLS setup, metrics services, and users, allowing for a more robust and flexible deployment. This change introduces new templates and scripts needed for managing various aspects of the broker's functions, including improved user authentication and logging. No breaking changes were introduced, but users must update their references to the chart paths as they now point to the new directory structure. ``` --- .../.gitignore | 0 .../Chart.yaml | 0 .../conf/artemis-roles.properties | 0 .../conf/artemis-users.properties | 0 .../conf/bootstrap.xml | 0 .../conf/broker.xml | 0 .../conf/jgroups-ping.xml | 0 .../conf/login.config | 0 .../configure_custom_config.sh | 0 .../scripts-override/drain.sh | 0 .../scripts-override/launch.sh | 0 .../templates/_drain.tpl | 0 .../templates/_pod.tpl | 0 .../templates/configmap.yaml | 0 .../templates/deployment.yaml | 0 .../templates/ingress.yaml | 0 .../templates/nodeport.yaml | 0 .../templates/persistentvolume.yaml | 0 .../templates/rbac.yaml | 0 .../templates/route.yaml | 0 .../templates/secrets.yaml | 0 .../templates/servicemonitor.yaml | 0 .../templates/services.yaml | 0 .../templates/statefulset.yaml | 0 .../tls/ingress_console.crt | 0 .../tls/ingress_console.key | 0 .../tls/keystore.ks | 0 .../tls/keystore.ts | 0 .../values.yaml | 0 .../values_helmChart__backup.yaml | 0 artemis-broker-primary/.gitignore | 3 + artemis-broker-primary/Chart.yaml | 14 + .../conf/artemis-roles.properties | 49 ++ .../conf/artemis-users.properties | 28 ++ artemis-broker-primary/conf/bootstrap.xml | 43 ++ artemis-broker-primary/conf/broker.xml | 258 ++++++++++ artemis-broker-primary/conf/jgroups-ping.xml | 34 ++ artemis-broker-primary/conf/login.config | 23 + .../configure_custom_config.sh | 37 ++ .../scripts-override/drain.sh | 75 +++ .../scripts-override/launch.sh | 444 ++++++++++++++++++ artemis-broker-primary/templates/_drain.tpl | 132 ++++++ artemis-broker-primary/templates/_pod.tpl | 183 ++++++++ .../templates/configmap.yaml | 14 + .../templates/deployment.yaml | 35 ++ artemis-broker-primary/templates/ingress.yaml | 64 +++ .../templates/nodeport.yaml | 26 + .../templates/persistentvolume.yaml | 13 + artemis-broker-primary/templates/rbac.yaml | 56 +++ artemis-broker-primary/templates/route.yaml | 65 +++ artemis-broker-primary/templates/secrets.yaml | 42 ++ .../templates/servicemonitor.yaml | 16 + .../templates/services.yaml | 57 +++ .../templates/statefulset.yaml | 50 ++ .../tls/ingress_console.crt | 1 + .../tls/ingress_console.key | 1 + artemis-broker-primary/tls/keystore.ks | 1 + artemis-broker-primary/tls/keystore.ts | 1 + artemis-broker-primary/values.yaml | 237 ++++++++++ .../values_helmChart__primary.yaml | 0 60 files changed, 2002 insertions(+) rename {artemis-broker => artemis-broker-backup}/.gitignore (100%) rename {artemis-broker => artemis-broker-backup}/Chart.yaml (100%) rename {artemis-broker => artemis-broker-backup}/conf/artemis-roles.properties (100%) rename {artemis-broker => artemis-broker-backup}/conf/artemis-users.properties (100%) rename {artemis-broker => artemis-broker-backup}/conf/bootstrap.xml (100%) rename {artemis-broker => artemis-broker-backup}/conf/broker.xml (100%) rename {artemis-broker => artemis-broker-backup}/conf/jgroups-ping.xml (100%) rename {artemis-broker => artemis-broker-backup}/conf/login.config (100%) rename {artemis-broker => artemis-broker-backup}/scripts-override/configure_custom_config.sh (100%) rename {artemis-broker => artemis-broker-backup}/scripts-override/drain.sh (100%) rename {artemis-broker => artemis-broker-backup}/scripts-override/launch.sh (100%) rename {artemis-broker => artemis-broker-backup}/templates/_drain.tpl (100%) rename {artemis-broker => artemis-broker-backup}/templates/_pod.tpl (100%) rename {artemis-broker => artemis-broker-backup}/templates/configmap.yaml (100%) rename {artemis-broker => artemis-broker-backup}/templates/deployment.yaml (100%) rename {artemis-broker => artemis-broker-backup}/templates/ingress.yaml (100%) rename {artemis-broker => artemis-broker-backup}/templates/nodeport.yaml (100%) rename {artemis-broker => artemis-broker-backup}/templates/persistentvolume.yaml (100%) rename {artemis-broker => artemis-broker-backup}/templates/rbac.yaml (100%) rename {artemis-broker => artemis-broker-backup}/templates/route.yaml (100%) rename {artemis-broker => artemis-broker-backup}/templates/secrets.yaml (100%) rename {artemis-broker => artemis-broker-backup}/templates/servicemonitor.yaml (100%) rename {artemis-broker => artemis-broker-backup}/templates/services.yaml (100%) rename {artemis-broker => artemis-broker-backup}/templates/statefulset.yaml (100%) rename {artemis-broker => artemis-broker-backup}/tls/ingress_console.crt (100%) rename {artemis-broker => artemis-broker-backup}/tls/ingress_console.key (100%) rename {artemis-broker => artemis-broker-backup}/tls/keystore.ks (100%) rename {artemis-broker => artemis-broker-backup}/tls/keystore.ts (100%) rename {artemis-broker => artemis-broker-backup}/values.yaml (100%) rename values_helmChart__backup.yaml => artemis-broker-backup/values_helmChart__backup.yaml (100%) create mode 100644 artemis-broker-primary/.gitignore create mode 100644 artemis-broker-primary/Chart.yaml create mode 100644 artemis-broker-primary/conf/artemis-roles.properties create mode 100644 artemis-broker-primary/conf/artemis-users.properties create mode 100644 artemis-broker-primary/conf/bootstrap.xml create mode 100644 artemis-broker-primary/conf/broker.xml create mode 100644 artemis-broker-primary/conf/jgroups-ping.xml create mode 100644 artemis-broker-primary/conf/login.config create mode 100755 artemis-broker-primary/scripts-override/configure_custom_config.sh create mode 100755 artemis-broker-primary/scripts-override/drain.sh create mode 100755 artemis-broker-primary/scripts-override/launch.sh create mode 100644 artemis-broker-primary/templates/_drain.tpl create mode 100644 artemis-broker-primary/templates/_pod.tpl create mode 100644 artemis-broker-primary/templates/configmap.yaml create mode 100644 artemis-broker-primary/templates/deployment.yaml create mode 100644 artemis-broker-primary/templates/ingress.yaml create mode 100644 artemis-broker-primary/templates/nodeport.yaml create mode 100644 artemis-broker-primary/templates/persistentvolume.yaml create mode 100644 artemis-broker-primary/templates/rbac.yaml create mode 100644 artemis-broker-primary/templates/route.yaml create mode 100644 artemis-broker-primary/templates/secrets.yaml create mode 100644 artemis-broker-primary/templates/servicemonitor.yaml create mode 100644 artemis-broker-primary/templates/services.yaml create mode 100644 artemis-broker-primary/templates/statefulset.yaml create mode 100644 artemis-broker-primary/tls/ingress_console.crt create mode 100644 artemis-broker-primary/tls/ingress_console.key create mode 100644 artemis-broker-primary/tls/keystore.ks create mode 100644 artemis-broker-primary/tls/keystore.ts create mode 100644 artemis-broker-primary/values.yaml rename values_helmChart__primary.yaml => artemis-broker-primary/values_helmChart__primary.yaml (100%) diff --git a/artemis-broker/.gitignore b/artemis-broker-backup/.gitignore similarity index 100% rename from artemis-broker/.gitignore rename to artemis-broker-backup/.gitignore diff --git a/artemis-broker/Chart.yaml b/artemis-broker-backup/Chart.yaml similarity index 100% rename from artemis-broker/Chart.yaml rename to artemis-broker-backup/Chart.yaml diff --git a/artemis-broker/conf/artemis-roles.properties b/artemis-broker-backup/conf/artemis-roles.properties similarity index 100% rename from artemis-broker/conf/artemis-roles.properties rename to artemis-broker-backup/conf/artemis-roles.properties diff --git a/artemis-broker/conf/artemis-users.properties b/artemis-broker-backup/conf/artemis-users.properties similarity index 100% rename from artemis-broker/conf/artemis-users.properties rename to artemis-broker-backup/conf/artemis-users.properties diff --git a/artemis-broker/conf/bootstrap.xml b/artemis-broker-backup/conf/bootstrap.xml similarity index 100% rename from artemis-broker/conf/bootstrap.xml rename to artemis-broker-backup/conf/bootstrap.xml diff --git a/artemis-broker/conf/broker.xml b/artemis-broker-backup/conf/broker.xml similarity index 100% rename from artemis-broker/conf/broker.xml rename to artemis-broker-backup/conf/broker.xml diff --git a/artemis-broker/conf/jgroups-ping.xml b/artemis-broker-backup/conf/jgroups-ping.xml similarity index 100% rename from artemis-broker/conf/jgroups-ping.xml rename to artemis-broker-backup/conf/jgroups-ping.xml diff --git a/artemis-broker/conf/login.config b/artemis-broker-backup/conf/login.config similarity index 100% rename from artemis-broker/conf/login.config rename to artemis-broker-backup/conf/login.config diff --git a/artemis-broker/scripts-override/configure_custom_config.sh b/artemis-broker-backup/scripts-override/configure_custom_config.sh similarity index 100% rename from artemis-broker/scripts-override/configure_custom_config.sh rename to artemis-broker-backup/scripts-override/configure_custom_config.sh diff --git a/artemis-broker/scripts-override/drain.sh b/artemis-broker-backup/scripts-override/drain.sh similarity index 100% rename from artemis-broker/scripts-override/drain.sh rename to artemis-broker-backup/scripts-override/drain.sh diff --git a/artemis-broker/scripts-override/launch.sh b/artemis-broker-backup/scripts-override/launch.sh similarity index 100% rename from artemis-broker/scripts-override/launch.sh rename to artemis-broker-backup/scripts-override/launch.sh diff --git a/artemis-broker/templates/_drain.tpl b/artemis-broker-backup/templates/_drain.tpl similarity index 100% rename from artemis-broker/templates/_drain.tpl rename to artemis-broker-backup/templates/_drain.tpl diff --git a/artemis-broker/templates/_pod.tpl b/artemis-broker-backup/templates/_pod.tpl similarity index 100% rename from artemis-broker/templates/_pod.tpl rename to artemis-broker-backup/templates/_pod.tpl diff --git a/artemis-broker/templates/configmap.yaml b/artemis-broker-backup/templates/configmap.yaml similarity index 100% rename from artemis-broker/templates/configmap.yaml rename to artemis-broker-backup/templates/configmap.yaml diff --git a/artemis-broker/templates/deployment.yaml b/artemis-broker-backup/templates/deployment.yaml similarity index 100% rename from artemis-broker/templates/deployment.yaml rename to artemis-broker-backup/templates/deployment.yaml diff --git a/artemis-broker/templates/ingress.yaml b/artemis-broker-backup/templates/ingress.yaml similarity index 100% rename from artemis-broker/templates/ingress.yaml rename to artemis-broker-backup/templates/ingress.yaml diff --git a/artemis-broker/templates/nodeport.yaml b/artemis-broker-backup/templates/nodeport.yaml similarity index 100% rename from artemis-broker/templates/nodeport.yaml rename to artemis-broker-backup/templates/nodeport.yaml diff --git a/artemis-broker/templates/persistentvolume.yaml b/artemis-broker-backup/templates/persistentvolume.yaml similarity index 100% rename from artemis-broker/templates/persistentvolume.yaml rename to artemis-broker-backup/templates/persistentvolume.yaml diff --git a/artemis-broker/templates/rbac.yaml b/artemis-broker-backup/templates/rbac.yaml similarity index 100% rename from artemis-broker/templates/rbac.yaml rename to artemis-broker-backup/templates/rbac.yaml diff --git a/artemis-broker/templates/route.yaml b/artemis-broker-backup/templates/route.yaml similarity index 100% rename from artemis-broker/templates/route.yaml rename to artemis-broker-backup/templates/route.yaml diff --git a/artemis-broker/templates/secrets.yaml b/artemis-broker-backup/templates/secrets.yaml similarity index 100% rename from artemis-broker/templates/secrets.yaml rename to artemis-broker-backup/templates/secrets.yaml diff --git a/artemis-broker/templates/servicemonitor.yaml b/artemis-broker-backup/templates/servicemonitor.yaml similarity index 100% rename from artemis-broker/templates/servicemonitor.yaml rename to artemis-broker-backup/templates/servicemonitor.yaml diff --git a/artemis-broker/templates/services.yaml b/artemis-broker-backup/templates/services.yaml similarity index 100% rename from artemis-broker/templates/services.yaml rename to artemis-broker-backup/templates/services.yaml diff --git a/artemis-broker/templates/statefulset.yaml b/artemis-broker-backup/templates/statefulset.yaml similarity index 100% rename from artemis-broker/templates/statefulset.yaml rename to artemis-broker-backup/templates/statefulset.yaml diff --git a/artemis-broker/tls/ingress_console.crt b/artemis-broker-backup/tls/ingress_console.crt similarity index 100% rename from artemis-broker/tls/ingress_console.crt rename to artemis-broker-backup/tls/ingress_console.crt diff --git a/artemis-broker/tls/ingress_console.key b/artemis-broker-backup/tls/ingress_console.key similarity index 100% rename from artemis-broker/tls/ingress_console.key rename to artemis-broker-backup/tls/ingress_console.key diff --git a/artemis-broker/tls/keystore.ks b/artemis-broker-backup/tls/keystore.ks similarity index 100% rename from artemis-broker/tls/keystore.ks rename to artemis-broker-backup/tls/keystore.ks diff --git a/artemis-broker/tls/keystore.ts b/artemis-broker-backup/tls/keystore.ts similarity index 100% rename from artemis-broker/tls/keystore.ts rename to artemis-broker-backup/tls/keystore.ts diff --git a/artemis-broker/values.yaml b/artemis-broker-backup/values.yaml similarity index 100% rename from artemis-broker/values.yaml rename to artemis-broker-backup/values.yaml diff --git a/values_helmChart__backup.yaml b/artemis-broker-backup/values_helmChart__backup.yaml similarity index 100% rename from values_helmChart__backup.yaml rename to artemis-broker-backup/values_helmChart__backup.yaml diff --git a/artemis-broker-primary/.gitignore b/artemis-broker-primary/.gitignore new file mode 100644 index 0000000..ac09cfc --- /dev/null +++ b/artemis-broker-primary/.gitignore @@ -0,0 +1,3 @@ +values.test +tls/broker* +tls/client* diff --git a/artemis-broker-primary/Chart.yaml b/artemis-broker-primary/Chart.yaml new file mode 100644 index 0000000..f269393 --- /dev/null +++ b/artemis-broker-primary/Chart.yaml @@ -0,0 +1,14 @@ +apiVersion: v2 +name: artemis-broker +version: 7.12.3-test2 +description: An unified Helm Chart that deploys an Artemis MQ Broker with optional SSL support and Optional Disk Persistence. Clustered setups are also supported. +type: application +keywords: + - activemq + - artemismq + - amq-broker + - ssl-endpoint + - amq-cluster +home: https://access.redhat.com/products/red-hat-amq/ +sources: + - https://git.cooltux.net/marko/amq-broker-helm diff --git a/artemis-broker-primary/conf/artemis-roles.properties b/artemis-broker-primary/conf/artemis-roles.properties new file mode 100644 index 0000000..145d37c --- /dev/null +++ b/artemis-broker-primary/conf/artemis-roles.properties @@ -0,0 +1,49 @@ +## --------------------------------------------------------------------------- +## Licensed to the Apache Software Foundation (ASF) under one or more +## contributor license agreements. See the NOTICE file distributed with +## this work for additional information regarding copyright ownership. +## The ASF licenses this file to You under the Apache License, Version 2.0 +## (the "License"); you may not use this file except in compliance with +## the License. You may obtain a copy of the License at +## +## http://www.apache.org/licenses/LICENSE-2.0 +## +## Unless required by applicable law or agreed to in writing, software +## distributed under the License is distributed on an "AS IS" BASIS, +## WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +## See the License for the specific language governing permissions and +## limitations under the License. +## --------------------------------------------------------------------------- +## CUSTOMCONFIG + +# syntax is role = list of users + +# ADMIN ROLE MAPPING +{{- $admins := list -}} +{{- $admins = printf "%s" $.Values.admin.user | append $admins -}} +{{- range $currentUser := $.Values.users }} +{{- if has ($.Values.admin.role) $currentUser.roles }} +{{- $admins = printf "%s" (toString $currentUser.name) | append $admins -}} +{{- end }} +{{- end }} +{{ $.Values.admin.role }} = {{ $admins | join "," }} + +{{- $declared_roles := list }} +{{- range .Values.users }} +{{- range .roles }} + {{- if and (not (has (toString .) $declared_roles)) (not (eq (toString .) ($.Values.admin.role))) }} + {{- $declared_roles = printf "%s" (toString .) | append $declared_roles }} + {{- end }} +{{- end }} +{{- end }} + +# ADDITIONAL ROLE MAPPING +{{- range $current_role := $declared_roles }} + {{- $users_in_role := list -}} + {{- range $currentUser := $.Values.users }} + {{- if has $current_role $currentUser.roles }} + {{- $users_in_role = printf "%s" (toString $currentUser.name) | append $users_in_role -}} + {{- end }} + {{- end }} +{{ $current_role }} = {{ $users_in_role | join "," }} +{{- end }} diff --git a/artemis-broker-primary/conf/artemis-users.properties b/artemis-broker-primary/conf/artemis-users.properties new file mode 100644 index 0000000..c719f76 --- /dev/null +++ b/artemis-broker-primary/conf/artemis-users.properties @@ -0,0 +1,28 @@ +{{- if .Values.security.createSecret }} +## --------------------------------------------------------------------------- +## Licensed to the Apache Software Foundation (ASF) under one or more +## contributor license agreements. See the NOTICE file distributed with +## this work for additional information regarding copyright ownership. +## The ASF licenses this file to You under the Apache License, Version 2.0 +## (the "License"); you may not use this file except in compliance with +## the License. You may obtain a copy of the License at +## +## http://www.apache.org/licenses/LICENSE-2.0 +## +## Unless required by applicable law or agreed to in writing, software +## distributed under the License is distributed on an "AS IS" BASIS, +## WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +## See the License for the specific language governing permissions and +## limitations under the License. +## --------------------------------------------------------------------------- +## CUSTOMCONFIG + +# ADMIN USER +{{ .Values.admin.user }} = {{ .Values.admin.password }} + +# ADDITIONAL USERS +{{- range .Values.users }} +{{ .name }} = {{ .password }} +{{- end }} + +{{- end }} diff --git a/artemis-broker-primary/conf/bootstrap.xml b/artemis-broker-primary/conf/bootstrap.xml new file mode 100644 index 0000000..9ab76fa --- /dev/null +++ b/artemis-broker-primary/conf/bootstrap.xml @@ -0,0 +1,43 @@ +{{- $jolokia_ssl := and (.Values.parameters.tls_enabled) (.Values.parameters.jolokia_passthrough) }} + + + + + + + + + + + + +{{- if $jolokia_ssl }} + +{{- else }} + +{{- end }} + + + + + + + + + diff --git a/artemis-broker-primary/conf/broker.xml b/artemis-broker-primary/conf/broker.xml new file mode 100644 index 0000000..b6c9af6 --- /dev/null +++ b/artemis-broker-primary/conf/broker.xml @@ -0,0 +1,258 @@ + + + + + ${AMQ_NAME} + {{- if and .Values.application.persistent (or .Values.clustered .Values.ha_ap) }} + true + + {{ .Values.application.journal_type }} + ${AMQ_DATA_DIR}/paging + ${AMQ_DATA_DIR}/bindings + ${AMQ_DATA_DIR}/journal + ${AMQ_DATA_DIR}/large-messages + {{- else }} + false + + NIO + ./data/paging + ./data/bindings + ./data/journal + ./data/large-messages + {{- end }} + true + 2 + 10 + 10M + + 9524000 + + 4096 + + + + + + + + + + + + 5000 + + 90 + + true + 120000 + 60000 + HALT + + + + + + + {{- if .Values.parameters.tls_enabled }} + {{- range .Values.service.acceptors }} + {{- $extra_args := list -}} + {{- range .acceptor_params }} + {{- $extra_args = printf "%s=%s" (toString .key) (toString .value) | append $extra_args }} + {{- end }} + {{- if or (.use_tls) (eq (.use_tls | toString) "") }} + tcp://${BROKER_IP}:{{ .port }}?tcpSendBufferSize=1048576;tcpReceiveBufferSize=1048576;protocols={{ default $.Values.parameters.amq_protocols .amq_protocols }};useEpoll=true;amqpCredits=1000;amqpLowCredits=300;anycastPrefix=${AMQ_ANYCAST_PREFIX};multicastPrefix=${AMQ_MULTICAST_PREFIX};connectionsAllowed={{ .max_connections }};sslEnabled=true;keyStorePath=${AMQ_KEYSTORE_TRUSTSTORE_DIR}/{{ $.Values.tls.keystore }};keyStorePassword=${AMQ_KEYSTORE_PASSWORD};trustStorePath=${AMQ_KEYSTORE_TRUSTSTORE_DIR}/{{ $.Values.tls.truststore }};trustStorePassword=${AMQ_TRUSTSTORE_PASSWORD};sslProvider={{ $.Values.parameters.ssl_provider }};{{ $extra_args | join ";" }} + {{- else }} + tcp://${BROKER_IP}:{{ .port }}?tcpSendBufferSize=1048576;tcpReceiveBufferSize=1048576;protocols={{ default $.Values.parameters.amq_protocols .amq_protocols }};useEpoll=true;amqpCredits=1000;amqpLowCredits=300;anycastPrefix=${AMQ_ANYCAST_PREFIX};multicastPrefix=${AMQ_MULTICAST_PREFIX};{{ $extra_args | join ";" }} + {{- end }} + {{- end }} + {{- else }} + {{- range .Values.service.acceptors }} + {{- $extra_args := list -}} + {{- range .acceptor_params }} + {{- $extra_args = printf "%s=%s" (toString .key) (toString .value) | append $extra_args }} + {{- end }} + tcp://${BROKER_IP}:{{ .port }}?tcpSendBufferSize=1048576;tcpReceiveBufferSize=1048576;protocols={{ default $.Values.parameters.amq_protocols .amq_protocols }};useEpoll=true;amqpCredits=1000;amqpLowCredits=300;anycastPrefix=${AMQ_ANYCAST_PREFIX};multicastPrefix=${AMQ_MULTICAST_PREFIX};{{ $extra_args | join ";" }} + {{- end }} + {{- end }} + + {{ .Values.security.enabled }} + + {{- range .Values.queues.addresses }} + + {{- range .permissions }} + + {{- end }} + + {{- end }} + + + + + + + + + + + + + + + + + + DLQ + ExpiryQueue + 0 + + -1 + 10 + PAGE + + + + DLQ + ExpiryQueue + {{ .Values.queues.defaults.maxDeliveryAttempts }} + {{ .Values.queues.defaults.redeliveryDelay }} + {{ .Values.queues.defaults.redeliveryDelayMultiplier }} + {{ .Values.queues.defaults.maxRedeliveryDelay }} + + {{ .Values.queues.defaults.maxSizeBytes }} + {{ .Values.queues.defaults.messageCounterHistoryDayLimit }} + {{ .Values.queues.defaults.addressFullPolicy }} + {{- if .Values.parameters.amq_force_addresses_cleanup }} + FORCE + FORCE + {{- end }} + + {{- range .Values.queues.addresses }} + + {{- if .dlq_address }} + {{ .dlq_address }} + {{- end }} + {{- if .expiry_address }} + {{ .expiry_address }} + {{- end }} + {{ default $.Values.queues.defaults.maxDeliveryAttempts .maxDeliveryAttempts }} + {{ default $.Values.queues.defaults.redeliveryDelay .redeliveryDelay }} + {{ default $.Values.queues.defaults.redeliveryDelayMultiplier .redeliveryDelayMultiplier }} + {{ default $.Values.queues.defaults.maxRedeliveryDelay .maxRedeliveryDelay }} + {{ default $.Values.queues.defaults.maxSizeBytes .maxSizeBytes }} + {{ default $.Values.queues.defaults.messageCounterHistoryDayLimit .messageCounterHistoryDayLimit }} + {{ default $.Values.queues.defaults.addressFullPolicy .addressFullPolicy }} + + {{- end }} + + +
+ + + +
+
+ + + +
+ {{- range .Values.queues.addresses }} +
+ {{- $isMulticast := "" }} + {{- if ( .type ) }}{{- if eq .type "multicast" }} + {{- $isMulticast = print "true" }} + {{- end }}{{- end }} + {{- if $isMulticast }} + + {{- else }} + + + + {{- end }} +
+ {{- if .dlq_address }} +
+ + + +
+ {{- end }} + {{- if .expiry_address }} +
+ + + +
+ {{- end }} + {{- end }} + + {{- if .Values.metrics.enabled }} + + {{ .Values.metrics.jvm_memory }} + {{ .Values.metrics.jvm_gc }} + {{ .Values.metrics.jvm_threads }} + + + {{- end }} + {{- if .Values.clustered }} + {{- if .Values.cluster.ha_ap_mode }} + + tcp://${BROKER_IP}:{{ .Values.ha_ap.connector.port }} + tcp://{{ .Values.ha_ap.connector.static.ref }}-svc:{{ .Values.ha_ap.connector.static.port }} + + + + {{ .Values.ha_ap.connector.ref }} + + {{ .Values.ha_ap.connector.static.ref }} + + + + + + {{- if eq .Values.ha_ap.mode "primary" }} + + true + + {{- else }} + + true + + {{- end }} + + + {{- else }} + + tcp://${BROKER_IP}:{{ .Values.cluster.connector.port }} + + + + {{ .Values.cluster.jgroupsCfg }} + activemq_broadcast_channel + {{ .Values.cluster.refreshTimeout }} + + + + + {{ .Values.cluster.jgroupsCfg }} + activemq_broadcast_channel + {{ .Values.cluster.connector.ref }} + + + + + {{ .Values.cluster.connector.ref }} + 1000 + 2 + 32000 + 20 + 10 + true + ON_DEMAND + 1 + + + + {{- end }} + {{- end }} + + \ No newline at end of file diff --git a/artemis-broker-primary/conf/jgroups-ping.xml b/artemis-broker-primary/conf/jgroups-ping.xml new file mode 100644 index 0000000..569b39d --- /dev/null +++ b/artemis-broker-primary/conf/jgroups-ping.xml @@ -0,0 +1,34 @@ + + + + + + + + + + + + + + + + + + + diff --git a/artemis-broker-primary/conf/login.config b/artemis-broker-primary/conf/login.config new file mode 100644 index 0000000..830252e --- /dev/null +++ b/artemis-broker-primary/conf/login.config @@ -0,0 +1,23 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +activemq { + org.apache.activemq.artemis.spi.core.security.jaas.PropertiesLoginModule requisite + reload=true + org.apache.activemq.jaas.properties.user="{{ .Values.security.jaasUsers.key }}" + org.apache.activemq.jaas.properties.role="artemis-roles.properties"; +}; diff --git a/artemis-broker-primary/scripts-override/configure_custom_config.sh b/artemis-broker-primary/scripts-override/configure_custom_config.sh new file mode 100755 index 0000000..0c181a2 --- /dev/null +++ b/artemis-broker-primary/scripts-override/configure_custom_config.sh @@ -0,0 +1,37 @@ +#!/bin/bash +set -e + +INSTANCE_DIR=$1 + +declare -a CONFIG_FILES=("bootstrap.xml" "broker.xml" "logging.properties") + +function swapVars() { + # Requires bash v4+ + declare -A SUBSTITUTIONS + + while read -r SUBVAR + do + SUBSTITUTIONS[$SUBVAR]=1 + done < <( awk '{ + while( match($0, /\$\{[a-zA-Z_0-9][a-zA-Z_0-9]*\}/) ) { + print substr($0, RSTART, RLENGTH) + sub(/\$\{[a-zA-Z_0-9][a-zA-Z_0-9]*\}/, "matched", $0) + } + }' $1 ) + + echo "Found placeholder variables: \"${!SUBSTITUTIONS[@]}\". Customizing configuration.." + + for var in "${!SUBSTITUTIONS[@]}"; do + sed -i "s#$var#$(eval echo \"$var\")#g" $1 + done +} + +for config_file in ${CONFIG_FILES[@]}; +do + # Swap env vars into configuration file + if [[ -e $INSTANCE_DIR/etc/$config_file ]]; then + echo "Patching Custom Configuration file '$config_file'" + swapVars $INSTANCE_DIR/etc/$config_file + fi +done + diff --git a/artemis-broker-primary/scripts-override/drain.sh b/artemis-broker-primary/scripts-override/drain.sh new file mode 100755 index 0000000..b969c69 --- /dev/null +++ b/artemis-broker-primary/scripts-override/drain.sh @@ -0,0 +1,75 @@ +#!/bin/sh + +export BROKER_IP=`hostname -f` + +instanceDir="${HOME}/${AMQ_NAME}" + +ENDPOINT_NAME="${HEADLESS_ENDPOINT}" +if [ "$HEADLESS_SVC_NAME" ]; then + ENDPOINT_NAME=$HEADLESS_SVC_NAME +fi + +endpointsUrl="https://${KUBERNETES_SERVICE_HOST:-kubernetes.default.svc}:${KUBERNETES_SERVICE_PORT:-443}/api/v1/namespaces/${POD_NAMESPACE}/" +endpointsAuth="Authorization: Bearer $(cat /var/run/secrets/kubernetes.io/serviceaccount/token)" + +function waitForJolokia() { + while : ; + do + sleep 5 + curl -s -o /dev/null -G -k http://${AMQ_USER}:${AMQ_PASSWORD}@${BROKER_IP}:8161/console/jolokia + if [ $? -eq 0 ]; then + break + fi + done +} + + +endpointsCode=$(curl -s -o /dev/null -w "%{http_code}" -G -k -H "${endpointsAuth}" ${endpointsUrl}) +if [ $endpointsCode -ne 200 ]; then + echo "Can't find endpoints with ips status <${endpointsCode}>" + exit 1 +fi + +ENDPOINTS=$(curl -s -X GET -G -k -H "${endpointsAuth}" ${endpointsUrl}"endpoints/${ENDPOINT_NAME}") +echo $ENDPOINTS +count=0 +while [ 1 ]; do + ip=$(echo $ENDPOINTS | python -c "import sys, json; print json.load(sys.stdin)['subsets'][0]['addresses'][${count}]['ip']") + if [ $? -ne 0 ]; then + echo "Can't find ip to scale down to tried ${count} ips" + exit + fi + + echo "got ip ${ip} broker ip is ${BROKER_IP}" + if [ "$ip" != "$BROKER_IP" ]; then + break + fi + + count=$(( count + 1 )) +done + +source /opt/amq/bin/launch.sh nostart + +SCALE_TO_BROKER_IP=$ip + +# Add connector to the pod to scale down to +connector="tcp:\/\/${SCALE_TO_BROKER_IP}:61616<\/connector>" +sed -i "/<\/connectors>/ s/.*/${connector}\n&/" ${instanceDir}/etc/broker.xml + +# Remove the acceptors +#sed -i -ne "// {p; " -e ":a; n; /<\/acceptors>/ {p; b}; ba}; p" ${instanceDir}/etc/broker.xml +acceptor="tcp:\/\/${BROKER_IP}:61616?protocols=CORE<\/acceptor>" +sed -i -ne "// {p; i $acceptor" -e ":a; n; /<\/acceptors>/ {p; b}; ba}; p" ${instanceDir}/etc/broker.xml + +#start the broker and issue the scaledown command to drain the messages. +${instanceDir}/bin/artemis-service start + +if [ "$AMQ_DATA_DIR_LOGGING" = "true" ]; then + tail -n 100 -f ${AMQ_DATA_DIR}/log/artemis.log & +else + tail -n 100 -f ${AMQ_NAME}/log/artemis.log & +fi + +waitForJolokia +curl -s -o /dev/null -G -k http://${AMQ_USER}:${AMQ_PASSWORD}@${BROKER_IP}:8161/console/jolokia/exec/org.apache.activemq.artemis:broker=%22${AMQ_NAME}%22/scaleDown/scaledownconnector + diff --git a/artemis-broker-primary/scripts-override/launch.sh b/artemis-broker-primary/scripts-override/launch.sh new file mode 100755 index 0000000..91f1db8 --- /dev/null +++ b/artemis-broker-primary/scripts-override/launch.sh @@ -0,0 +1,444 @@ +#!/bin/bash + +if [ "${SCRIPT_DEBUG}" = "true" ] ; then + set -x + echo "Script debugging is enabled, allowing bash commands and their arguments to be printed as they are executed" +fi + + +export BROKER_IP=`hostname -I` +CONFIG_TEMPLATES=/config_templates + +#GC Option conflicts with the one already configured. +echo "Removing provided -XX:+UseParallelOldGC in favour of artemis.profile provided option" +JAVA_OPTS=$(echo $JAVA_OPTS | sed -e "s/-XX:+UseParallelOldGC/ /") +PLATFORM=`uname -m` +echo "Platform is ${PLATFORM}" +if [ "${PLATFORM}" = "s390x" ] ; then + #GC Option found to be a problem on s390x + echo "Removing -XX:+UseG1GC as per recommendation to use default GC" + JAVA_OPTS=$(echo $JAVA_OPTS | sed -e "s/-XX:+UseG1GC/ /") + #JDK11 related warnings removal + echo "Adding -Dcom.sun.xml.bind.v2.bytecode.ClassTailor.noOptimize=true as per ENTMQBR-1932" + JAVA_OPTS="-Dcom.sun.xml.bind.v2.bytecode.ClassTailor.noOptimize=true ${JAVA_OPTS}" +fi +JAVA_OPTS="-Djava.net.preferIPv4Stack=true ${JAVA_OPTS}" + +if [ "$AMQ_ENABLE_JOLOKIA_AGENT" = "true" ]; then + echo "Define jolokia jvm agent options" + + if [ -z ${AMQ_JOLOKIA_AGENT_OPTS} ]; then + if [ -f "/var/run/secrets/kubernetes.io/serviceaccount/service-ca.crt" ]; then + AMQ_JOLOKIA_AGENT_OPTS='realm=activemq,caCert=/var/run/secrets/kubernetes.io/serviceaccount/service-ca.crt,clientPrincipal.1=cn=system:master-proxy,clientPrincipal.2=cn=hawtio-online.hawtio.svc,clientPrincipal.3=cn=fuse-console.fuse.svc' + else + AMQ_JOLOKIA_AGENT_OPTS='realm=activemq,clientPrincipal.1=cn=system:master-proxy,clientPrincipal.2=cn=hawtio-online.hawtio.svc,clientPrincipal.3=cn=fuse-console.fuse.svc' + fi + fi + + export AB_JOLOKIA_USER=$AMQ_JOLOKIA_AGENT_USER + export AB_JOLOKIA_PASSWORD_RANDOM=false + export AB_JOLOKIA_PASSWORD=$AMQ_JOLOKIA_AGENT_PASSWORD + export AB_JOLOKIA_OPTS="${AMQ_JOLOKIA_AGENT_OPTS}" + JOLOKIA_OPTS="$(/opt/jolokia/jolokia-opts)" + echo "JOLOKIA_OPTS: $JOLOKIA_OPTS" +fi + +function sslPartial() { + [ -n "$AMQ_KEYSTORE_TRUSTSTORE_DIR" -o -n "$AMQ_KEYSTORE" -o -n "$AMQ_TRUSTSTORE" -o -n "$AMQ_KEYSTORE_PASSWORD" -o -n "$AMQ_TRUSTSTORE_PASSWORD" ] +} + +function sslEnabled() { + [ -n "$AMQ_KEYSTORE_TRUSTSTORE_DIR" -a -n "$AMQ_KEYSTORE" -a -n "$AMQ_TRUSTSTORE" -a -n "$AMQ_KEYSTORE_PASSWORD" -a -n "$AMQ_TRUSTSTORE_PASSWORD" ] +} + +# Finds the environment variable and returns its value if found. +# Otherwise returns the default value if provided. +# +# Arguments: +# $1 env variable name to check +# $2 default value if environemnt variable was not set +function find_env() { + var=${!1} + echo "${var:-$2}" +} + +function configureUserAuthentication() { + if [ -n "${AMQ_USER}" -a -n "${AMQ_PASSWORD}" ] ; then + AMQ_ARGS="$AMQ_ARGS --user $AMQ_USER --password $AMQ_PASSWORD " + else + echo "Required variable missing: both AMQ_USER and AMQ_PASSWORD are required." + exit 1 + fi + if [ "$AMQ_REQUIRE_LOGIN" = "true" ]; then + AMQ_ARGS="$AMQ_ARGS --require-login" + else + AMQ_ARGS="$AMQ_ARGS --allow-anonymous" + fi +} + +function configureLogging() { + instanceDir=$1 + if [ "$AMQ_DATA_DIR_LOGGING" = "true" ]; then + echo "Configuring logging directory to be ${AMQ_DATA_DIR}/log" + sed -i 's@${artemis.instance}@'"$AMQ_DATA_DIR"'@' ${instanceDir}/etc/logging.properties + fi +} + +function configureNetworking() { + if [ "$AMQ_CLUSTERED" = "true" ]; then + echo "Broker will be clustered" + AMQ_ARGS="$AMQ_ARGS --clustered --cluster-user $AMQ_CLUSTER_USER --cluster-password $AMQ_CLUSTER_PASSWORD --host $BROKER_IP" + ACCEPTOR_IP=$BROKER_IP + else + AMQ_ARGS="$AMQ_ARGS --host 0.0.0.0" + ACCEPTOR_IP="0.0.0.0" + fi +} + +function configureRedistributionDelay() { + instanceDir=$1 + echo "Setting redistribution-delay to zero." + sed -i "s//&\n 0<\/redistribution-delay>/g" ${instanceDir}/etc/broker.xml +} + +function configureSSL() { + sslDir=$(find_env "AMQ_KEYSTORE_TRUSTSTORE_DIR" "") + keyStoreFile=$(find_env "AMQ_KEYSTORE" "") + trustStoreFile=$(find_env "AMQ_TRUSTSTORE" "") + + if sslEnabled ; then + keyStorePassword=$(find_env "AMQ_KEYSTORE_PASSWORD" "") + trustStorePassword=$(find_env "AMQ_TRUSTSTORE_PASSWORD" "") + + keyStorePath="$sslDir/$keyStoreFile" + trustStorePath="$sslDir/$trustStoreFile" + + AMQ_ARGS="$AMQ_ARGS --ssl-key $keyStorePath" + AMQ_ARGS="$AMQ_ARGS --ssl-key-password $keyStorePassword" + + AMQ_ARGS="$AMQ_ARGS --ssl-trust $trustStorePath" + AMQ_ARGS="$AMQ_ARGS --ssl-trust-password $trustStorePassword" + elif sslPartial ; then + log_warning "Partial ssl configuration, the ssl context WILL NOT be configured." + fi +} + +function updateAcceptorsForSSL() { + instanceDir=$1 + + if sslEnabled ; then + + echo "keystore filepath: $keyStorePath" + + IFS=',' read -a protocols <<< $(find_env "AMQ_TRANSPORTS" "openwire,amqp,stomp,mqtt,hornetq") + connectionsAllowed=$(find_env "AMQ_MAX_CONNECTIONS" "1000") + + sslProvider=$(find_env "AMQ_SSL_PROVIDER" "") + + if [ -z "${sslProvider}" ] ; then + SSL_OPS="sslEnabled=true;keyStorePath=${keyStorePath};keyStorePassword=${keyStorePassword}" + else + SSL_OPS="sslEnabled=true;keyStorePath=${keyStorePath};keyStorePassword=${keyStorePassword};sslProvider=${sslProvider}" + fi + + if [ "${#protocols[@]}" -ne "0" ]; then + acceptors="" + for protocol in ${protocols[@]}; do + case "${protocol}" in + "openwire") + acceptors="${acceptors} tcp://${ACCEPTOR_IP}:61617?tcpSendBufferSize=1048576;tcpReceiveBufferSize=1048576;protocols=CORE,AMQP,STOMP,HORNETQ,MQTT,OPENWIRE;useEpoll=true;amqpCredits=1000;amqpLowCredits=300;connectionsAllowed=${connectionsAllowed};${SSL_OPS}\n" + ;; + "mqtt") + acceptors="${acceptors} tcp://${ACCEPTOR_IP}:8883?tcpSendBufferSize=1048576;tcpReceiveBufferSize=1048576;protocols=MQTT;useEpoll=true;connectionsAllowed=${connectionsAllowed};${SSL_OPS}\n" + ;; + "amqp") + acceptors="${acceptors} tcp://${ACCEPTOR_IP}:5671?tcpSendBufferSize=1048576;tcpReceiveBufferSize=1048576;protocols=AMQP;useEpoll=true;amqpCredits=1000;amqpMinCredits=300;connectionsAllowed=${connectionsAllowed};${SSL_OPS}\n" + ;; + "stomp") + acceptors="${acceptors} tcp://${ACCEPTOR_IP}:61612?tcpSendBufferSize=1048576;tcpReceiveBufferSize=1048576;protocols=STOMP;useEpoll=true;connectionsAllowed=${connectionsAllowed};${SSL_OPS}\n" + ;; +esac + done + fi + safeAcceptors=$(echo "${acceptors}" | sed 's/\//\\\//g') + sed -i "/<\/acceptors>/ s/.*/${safeAcceptors}\n&/" ${instanceDir}/etc/broker.xml + fi +} + +function updateAcceptorsForPrefixing() { + instanceDir=$1 + + if [ -n "$AMQ_MULTICAST_PREFIX" ]; then + echo "Setting multicastPrefix to ${AMQ_MULTICAST_PREFIX}" + sed -i "s/:61616?/&multicastPrefix=${AMQ_MULTICAST_PREFIX};/g" ${instanceDir}/etc/broker.xml + sed -i "s/:61617?/&multicastPrefix=${AMQ_MULTICAST_PREFIX};/g" ${instanceDir}/etc/broker.xml + fi + + if [ -n "$AMQ_ANYCAST_PREFIX" ]; then + echo "Setting anycastPrefix to ${AMQ_ANYCAST_PREFIX}" + sed -i "s/:61616?/&anycastPrefix=${AMQ_ANYCAST_PREFIX};/g" ${instanceDir}/etc/broker.xml + sed -i "s/:61617?/&anycastPrefix=${AMQ_ANYCAST_PREFIX};/g" ${instanceDir}/etc/broker.xml + fi +} + +function appendAcceptorsFromEnv() { + instanceDir=$1 + + if [ -n "$AMQ_ACCEPTORS" ]; then + echo "Using acceptors from environment and removing existing entries" + sed -i "/acceptor name=/d" ${instanceDir}/etc/broker.xml + acceptorsFromEnv=$(find_env "AMQ_ACCEPTORS" "") + # As AMQ_ACCEPTORS was introduced from the operator, the operator makes a safe string for here + safeAcceptorsFromEnv=$(echo "${acceptorsFromEnv}") + sed -i "/<\/acceptors>/ s/.*/${safeAcceptorsFromEnv}\n&/g" ${instanceDir}/etc/broker.xml + sed -i "s/ACCEPTOR_IP/${ACCEPTOR_IP}/g" ${instanceDir}/etc/broker.xml + fi +} + +function appendConnectorsFromEnv() { + instanceDir=$1 + + if [ -n "$AMQ_CONNECTORS" ]; then + echo "Appending connectors from environment" + connectorsFromEnv=$(find_env "AMQ_CONNECTORS" "") + # As AMQ_CONNECTORS was introduced from the operator, the operator makes a safe string for here + safeConnectorsFromEnv=$(echo "${connectorsFromEnv}") + endConnectorsCount=`grep -c '' ${instanceDir}/etc/broker.xml` + if [ ${endConnectorsCount} -ne 0 ]; then + sed -i "/<\/connectors>/ s/.*/\t\t${safeConnectorsFromEnv}\n&/" ${instanceDir}/etc/broker.xml + else + sed -i "/<\/acceptors>/ s/.*/&\n\t\n\t\t${safeConnectorsFromEnv}\n\t<\/connectors>\n/" ${instanceDir}/etc/broker.xml + fi + fi +} + +function appendJournalType() { + instanceDir=$1 + + if [ -n "$AMQ_JOURNAL_TYPE" ]; then + echo "Setting journal type to ${AMQ_JOURNAL_TYPE}" + if [[ $(removeWhiteSpace ${AMQ_JOURNAL_TYPE}) != *"nio"* ]]; then + AMQ_ARGS="$AMQ_ARGS --aio" + fi + if [[ $(removeWhiteSpace ${AMQ_JOURNAL_TYPE}) != *"aio"* ]]; then + AMQ_ARGS="$AMQ_ARGS --nio" + fi + fi +} + +function modifyDiscovery() { + discoverygroup="" + discoverygroup="${discoverygroup} " + discoverygroup="${discoverygroup} jgroups-ping.xml" + discoverygroup="${discoverygroup} activemq_broadcast_channel" + discoverygroup="${discoverygroup} 10000" + discoverygroup="${discoverygroup} " + sed -i -ne "// {p; i $discoverygroup" -e ":a; n; /<\/discovery-groups>/ {p; b}; ba}; p" ${instanceDir}/etc/broker.xml + + #generate jgroups-ping.xml + echo "Generating jgroups-ping.xml, current dir is: $PWD, AMQHOME: $AMQ_HOME" + + if [ -z "${PING_SVC_NAME+x}" ]; then + echo "PING_SERVICE is not set" + PING_SVC_NAME=ping + fi + + if [ -z "${APPLICATION_NAME+x}" ]; then + echo "APPLICATION_NAME is not set" + sed -i -e "s/\${APPLICATION_NAME}-\${PING_SVC_NAME}/${PING_SVC_NAME}/" $AMQ_HOME/conf/jgroups-ping.xml + else + echo "APPLICATION_NAME is set" + sed -i -e "s/\${APPLICATION_NAME}-\${PING_SVC_NAME}/${APPLICATION_NAME}-${PING_SVC_NAME}/" $AMQ_HOME/conf/jgroups-ping.xml + fi + + broadcastgroup="" + broadcastgroup="${broadcastgroup} " + broadcastgroup="${broadcastgroup} jgroups-ping.xml" + broadcastgroup="${broadcastgroup} activemq_broadcast_channel" + broadcastgroup="${broadcastgroup} artemis" + broadcastgroup="${broadcastgroup} " + sed -i -ne "// {p; i $broadcastgroup" -e ":a; n; /<\/broadcast-groups>/ {p; b}; ba}; p" ${instanceDir}/etc/broker.xml + + clusterconnections="" + clusterconnections="${clusterconnections} " + clusterconnections="${clusterconnections} artemis" + clusterconnections="${clusterconnections} 1000" + clusterconnections="${clusterconnections} 2" + clusterconnections="${clusterconnections} 32000" + clusterconnections="${clusterconnections} 20" + clusterconnections="${clusterconnections} 10" + clusterconnections="${clusterconnections} true" + clusterconnections="${clusterconnections} ON_DEMAND" + clusterconnections="${clusterconnections} 1" + clusterconnections="${clusterconnections} " + clusterconnections="${clusterconnections} " + sed -i -ne "// {p; i $clusterconnections" -e ":a; n; /<\/cluster-connections>/ {p; b}; ba}; p" ${instanceDir}/etc/broker.xml +} + +function configureJAVA_ARGSMemory() { + instanceDir=$1 + echo "Removing hardcoded -Xms -Xmx from artemis.profile in favour of JAVA_OPTS in log above" + sed -i "s/\-Xms[0-9]*[mMgG] \-Xmx[0-9]*[mMgG] \-Dhawtio/\ -Dhawtio/g" ${instanceDir}/etc/artemis.profile +} + +function configureJolokiaJVMAgent() { + instanceDir=$1 + if [ "$AMQ_ENABLE_JOLOKIA_AGENT" = "true" ]; then + echo "Configure jolokia jvm agent" + echo "JOLOKIA_OPTS: $JOLOKIA_OPTS" + echo '' >> ${instanceDir}/etc/artemis.profile + echo "if [ \"\$1\" = \"run\" ]; then JAVA_ARGS=\"\$JAVA_ARGS $JOLOKIA_OPTS\"; fi" >> ${instanceDir}/etc/artemis.profile + echo '' >> ${instanceDir}/etc/artemis.profile + fi +} + +function injectMetricsPlugin() { + instanceDir=$1 + echo "Adding artemis metrics plugin" + sed -i "s/^\([[:blank:]]*\)<\\/core>/\1\1\\n\1<\\/core>/" $instanceDir/etc/broker.xml + + if ! grep -q 'metrics' $instanceDir/etc/bootstrap.xml; then + sed -i 's~~~' $instanceDir/etc/bootstrap.xml + fi + +} + +function checkBeforeRun() { + instanceDir=$1 + if [ "$AMQ_ENABLE_METRICS_PLUGIN" = "true" ]; then + pluginStr="com.redhat.amq.broker.core.server.metrics.plugins.ArtemisPrometheusMetricsPlugin" + grep -q "$pluginStr" ${instanceDir}/etc/broker.xml + result=$? + if [[ $result == 0 ]]; then + echo "The Prometheus plugin already configured." + else + echo "Need to inject Prometheus plugin" + injectMetricsPlugin ${instanceDir} + fi + fi + + if [[ "${JAVA_ARGS_APPEND}" == *"-Dlog4j2.configurationFile"* ]]; then + echo "There is a custom logger configuration defined in JAVA_ARGS_APPEND: ${JAVA_ARGS_APPEND}" + else + echo "Using default logging configuration(console only)" + defaultLoggingConfigFile=${instanceDir}/etc/log4j2.properties + sed -i "s/rootLogger = INFO, console, log_file/rootLogger = INFO, console/g" $defaultLoggingConfigFile + fi +} + +function configure() { + instanceDir=$1 + + export CONTAINER_ID=$HOSTNAME + if [ ! -d ${instanceDir} -o "$AMQ_RESET_CONFIG" = "true" -o ! -f ${instanceDir}/bin/artemis ]; then + AMQ_ARGS="--silent --role $AMQ_ROLE --name $AMQ_NAME --http-host $BROKER_IP --java-options=-Djava.net.preferIPv4Stack=true " + configureUserAuthentication + if [ -n "$AMQ_DATA_DIR" ]; then + AMQ_ARGS="$AMQ_ARGS --data ${AMQ_DATA_DIR}" + fi + if [ -n "$AMQ_QUEUES" ]; then + AMQ_ARGS="$AMQ_ARGS --queues $(removeWhiteSpace $AMQ_QUEUES)" + fi + if [ -n "$AMQ_ADDRESSES" ]; then + AMQ_ARGS="$AMQ_ARGS --addresses $(removeWhiteSpace $AMQ_ADDRESSES)" + fi + if [ -n "$AMQ_ACCEPTORS" ]; then + AMQ_ARGS="$AMQ_ARGS --no-amqp-acceptor --no-hornetq-acceptor --no-mqtt-acceptor --no-stomp-acceptor" + else + if [ -n "$AMQ_TRANSPORTS" ]; then + if [[ $(removeWhiteSpace ${AMQ_TRANSPORTS}) != *"hornetq"* ]]; then + AMQ_ARGS="$AMQ_ARGS --no-hornetq-acceptor" + fi + if [[ $(removeWhiteSpace ${AMQ_TRANSPORTS}) != *"amqp"* ]]; then + AMQ_ARGS="$AMQ_ARGS --no-amqp-acceptor" + fi + if [[ $(removeWhiteSpace ${AMQ_TRANSPORTS}) != *"mqtt"* ]]; then + AMQ_ARGS="$AMQ_ARGS --no-mqtt-acceptor" + fi + if [[ $(removeWhiteSpace ${AMQ_TRANSPORTS}) != *"stomp"* ]]; then + AMQ_ARGS="$AMQ_ARGS --no-stomp-acceptor" + fi + fi + fi + if [ -n "$GLOBAL_MAX_SIZE" ]; then + AMQ_ARGS="$AMQ_ARGS --global-max-size $(removeWhiteSpace $GLOBAL_MAX_SIZE)" + fi + if [ "$AMQ_RESET_CONFIG" = "true" ]; then + AMQ_ARGS="$AMQ_ARGS --force" + fi + if [ "$AMQ_EXTRA_ARGS" ]; then + AMQ_ARGS="$AMQ_ARGS $AMQ_EXTRA_ARGS" + fi + configureNetworking + configureSSL + appendJournalType ${instanceDir} + + # mask sensitive values + PRINT_ARGS="${AMQ_ARGS/--password $AMQ_PASSWORD/--password XXXXX}" + PRINT_ARGS="${PRINT_ARGS/--user $AMQ_USER/--user XXXXX}" + PRINT_ARGS="${PRINT_ARGS/--cluster-user $AMQ_CLUSTER_USER/--cluster-user XXXXX}" + PRINT_ARGS="${PRINT_ARGS/--cluster-password $AMQ_CLUSTER_PASSWORD/--cluster-password XXXXX}" + PRINT_ARGS="${PRINT_ARGS/--ssl-key-password $AMQ_KEYSTORE_PASSWORD/--ssl-key-password XXXXX}" + PRINT_ARGS="${PRINT_ARGS/--ssl-trust-password $AMQ_TRUSTSTORE_PASSWORD/--ssl-trust-password XXXXX}" + + if [ "$AMQ_CONSOLE_ARGS" ]; then + AMQ_ARGS="$AMQ_ARGS $AMQ_CONSOLE_ARGS" + keypat='(.*)(--ssl-key-password).([[:alnum:]]*)(.*)' + [[ "$AMQ_CONSOLE_ARGS" =~ $keypat ]] + CONSOLE_ARGS_NO_KEYPASS="${BASH_REMATCH[1]} ${BASH_REMATCH[2]} XXXXX ${BASH_REMATCH[4]}" + trustpat='(.*)(--ssl-trust-password).([[:alnum:]]*)(.*)' + [[ "$CONSOLE_ARGS_NO_KEYPASS" =~ $trustpat ]] + CONSOLE_ARGS_NO_TRUSTPASS="${BASH_REMATCH[1]} ${BASH_REMATCH[2]} XXXXX ${BASH_REMATCH[4]}" + PRINT_ARGS="${PRINT_ARGS} ${CONSOLE_ARGS_NO_TRUSTPASS}" + fi + + + echo "Creating Broker with args $PRINT_ARGS" + $AMQ_HOME/bin/artemis create ${instanceDir} $AMQ_ARGS --java-options "$JAVA_OPTS" + + if [ "$AMQ_CLUSTERED" = "true" ]; then + modifyDiscovery + configureRedistributionDelay ${instanceDir} + fi + $AMQ_HOME/bin/configure_jolokia_access.sh ${instanceDir}/etc/jolokia-access.xml + if [ "$AMQ_KEYSTORE_TRUSTSTORE_DIR" ]; then + echo "Updating acceptors for SSL" + updateAcceptorsForSSL ${instanceDir} + fi + updateAcceptorsForPrefixing ${instanceDir} + appendAcceptorsFromEnv ${instanceDir} + appendConnectorsFromEnv ${instanceDir} + configureLogging ${instanceDir} + configureJAVA_ARGSMemory ${instanceDir} + configureJolokiaJVMAgent ${instanceDir} + + if [ "$AMQ_ENABLE_METRICS_PLUGIN" = "true" ]; then + echo "Enable artemis metrics plugin" + injectMetricsPlugin ${instanceDir} + fi + + $AMQ_HOME/bin/configure_s2i_files.sh ${instanceDir} + $AMQ_HOME/bin/configure_custom_config.sh ${instanceDir} + fi +} + +function removeWhiteSpace() { + echo $*|tr -s ''| tr -d [[:space:]] +} + +function runServer() { + + echo "Configuring Broker" + instanceDir="${HOME}/${AMQ_NAME}" + + configure $instanceDir + + if [ "$1" != "nostart" ]; then + echo "Running Broker in ${instanceDir}" + checkBeforeRun ${instanceDir} + exec ${instanceDir}/bin/artemis run + fi +} + +runServer $1 + diff --git a/artemis-broker-primary/templates/_drain.tpl b/artemis-broker-primary/templates/_drain.tpl new file mode 100644 index 0000000..fed9650 --- /dev/null +++ b/artemis-broker-primary/templates/_drain.tpl @@ -0,0 +1,132 @@ +{{- define "drainer.pod" -}} +alpha.image.policy.openshift.io/resolve-names: "*" +statefulsets.kubernetes.io/drainer-pod-template: | + { + "metadata": { + "labels": { + "app": "{{ .Values.application.name }}-amq-drainer" + } + }, + "spec": { + "serviceAccount": "{{ tpl .Values.templates.service_account .}}", + "serviceAccountName": "{{ tpl .Values.templates.service_account .}}", + "terminationGracePeriodSeconds": 5, + "containers": [ + { + "env": [ + { + "name": "APPLICATION_NAME", + "value": "{{ .Values.application.name }}" + }, + { + "name": "HEADLESS_ENDPOINT", + "value": "{{ tpl .Values.templates.service . }}" + }, + { + "name": "PING_SVC_NAME", + "value": "{{ tpl .Values.ping_service.name . }}" + }, + { + "name": "AMQ_EXTRA_ARGS", + "value": "--no-autotune" + }, + { + "name": "AMQ_USER", + "valueFrom": { + "secretKeyRef": { + "name": "{{ tpl .Values.templates.app_secret . }}", + "key": "AMQ_USER" + } + } + }, + { + "name": "AMQ_PASSWORD", + "valueFrom": { + "secretKeyRef": { + "name": "{{ tpl .Values.templates.app_secret . }}", + "key": "AMQ_PASSWORD" + } + } + }, + { + "name": "AMQ_ROLE", + "value": "{{ .Values.admin.role }}" + }, + { + "name": "AMQ_NAME", + "value": "{{ .Values.parameters.amq_broker_name }}" + }, + { + "name": "AMQ_TRANSPORTS", + "value": "{{ .Values.parameters.amq_protocols }}" + }, + { + "name": "AMQ_GLOBAL_MAX_SIZE", + "value": "{{ .Values.parameters.amq_global_max_size }}" + }, + { + "name": "AMQ_ALLOW_ANONYMOUS", + "value": "{{ .Values.parameters.allow_anonymous }}" + }, + { + "name": "AMQ_DATA_DIR", + "value": "{{ .Values.parameters.amq_data_dir }}" + }, + { + "name": "AMQ_DATA_DIR_LOGGING", + "value": "{{ .Values.parameters.amq_data_dir_logging }}" + }, + { + "name": "AMQ_CLUSTERED", + "value": "{{ .Values.parameters.amq_clustered }}" + }, + { + "name": "AMQ_REPLICAS", + "value": "{{ .Values.application.replicas }}" + }, + { + "name": "AMQ_CLUSTER_USER", + "valueFrom": { + "secretKeyRef": { + "name": "{{ tpl .Values.templates.app_secret .}}", + "key": "AMQ_CLUSTER_USER" + } + } + }, + { + "name": "AMQ_CLUSTER_PASSWORD", + "valueFrom": { + "secretKeyRef": { + "name": "{{ tpl .Values.templates.app_secret .}}", + "key": "AMQ_CLUSTER_PASSWORD" + } + } + }, + { + "name": "POD_NAMESPACE", + "valueFrom": { + "fieldRef": { + "fieldPath": "metadata.namespace" + } + } + }, + { + "name": "OPENSHIFT_DNS_PING_SERVICE_PORT", + "value": "{{ .Values.ping_service.jgroups.bind_port }}" + } + ], + "image": "{{ tpl .Values.templates.broker_image .}}", + "name": "{{ .Values.application.name }}-amq-drainer-pod", + + "command": ["/bin/sh", "-c", "echo \"Starting the drainer\" ; /opt/amq/bin/drain.sh; echo \"Drain completed! Exit code $?\""], + "volumeMounts": [ + { + "name": "{{ tpl .Values.templates.pvc_name . }}", + "mountPath": "{{ .Values.parameters.amq_data_dir }}" + } + ] + } + ] + } + } +{{- end -}} diff --git a/artemis-broker-primary/templates/_pod.tpl b/artemis-broker-primary/templates/_pod.tpl new file mode 100644 index 0000000..fccab08 --- /dev/null +++ b/artemis-broker-primary/templates/_pod.tpl @@ -0,0 +1,183 @@ +{{- define "amq.pod" -}} +{{- if eq .Values.platform "kubernetes" -}} +{{- with .Values.affinity }} +affinity: +{{- toYaml . | nindent 2 -}} +{{- end }} +imagePullSecrets: + - name: {{ .Values.application.pullSecretName }} +{{- end }} +containers: +- env: +{{- if .Values.clustered }} + - name: APPLICATION_NAME + value: "{{ .Values.application.name }}" + - name: PING_SVC_NAME + value: "{{ tpl .Values.ping_service.name . }}" + - name: AMQ_CLUSTERED + value: "{{ .Values.clustered }}" + - name: AMQ_REPLICAS + value: "{{ .Values.application.replicas }}" + - name: AMQ_CLUSTER_USER + valueFrom: + secretKeyRef: + name: {{ tpl .Values.templates.app_secret . }} + key: AMQ_CLUSTER_USER + - name: AMQ_CLUSTER_PASSWORD + valueFrom: + secretKeyRef: + name: {{ tpl .Values.templates.app_secret . }} + key: AMQ_CLUSTER_PASSWORD + - name: OPENSHIFT_DNS_PING_SERVICE_PORT + value: "{{ .Values.ping_service.jgroups.bind_port }}" + - name: POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace +{{- end }} + - name: AMQ_USER + valueFrom: + secretKeyRef: + name: {{ tpl .Values.templates.app_secret . }} + key: AMQ_USER + - name: AMQ_PASSWORD + valueFrom: + secretKeyRef: + name: {{ tpl .Values.templates.app_secret . }} + key: AMQ_PASSWORD + - name: AMQ_ROLE + value: "{{ .Values.admin.role }}" + - name: AMQ_NAME + value: "{{ .Values.parameters.amq_broker_name }}" + - name: AMQ_TRANSPORTS + value: "{{ .Values.parameters.amq_protocols }}" + {{- if .Values.parameters.tls_enabled }} + - name: AB_JOLOKIA_HTTPS + value: "{{ .Values.parameters.jolokia_passthrough }}" + - name: AMQ_KEYSTORE_TRUSTSTORE_DIR + value: {{ .Values.tls.secret_mount_path }} + - name: AMQ_TRUSTSTORE + value: {{ .Values.tls.truststore }} + - name: AMQ_TRUSTSTORE_PASSWORD + valueFrom: + secretKeyRef: + name: {{ tpl .Values.templates.app_certificates . }} + key: AMQ_TRUSTSTORE_PASSWORD + - name: AMQ_KEYSTORE + value: {{ .Values.tls.keystore }} + - name: AMQ_KEYSTORE_PASSWORD + valueFrom: + secretKeyRef: + name: {{ tpl .Values.templates.app_certificates . }} + key: AMQ_KEYSTORE_PASSWORD + - name: AMQ_SSL_PROVIDER + value: {{ tpl .Values.parameters.ssl_provider . }} + {{- end }} + - name: AMQ_GLOBAL_MAX_SIZE + value: "{{ .Values.parameters.amq_global_max_size }}" + - name: AMQ_REQUIRE_LOGIN + value: "{{ .Values.parameters.amq_require_login }}" + {{- if .Values.application.persistent }} + - name: AMQ_DATA_DIR + value: "{{ .Values.parameters.amq_data_dir }}" + {{- end }} + - name: AMQ_EXTRA_ARGS + value: {{ if .Values.parameters.amq_extra_args }} "{{ .Values.parameters.amq_extra_args }}" {{ else }} "" {{ end }} + - name: AMQ_ANYCAST_PREFIX + value: {{ if .Values.parameters.amq_anycast_prefix }} "{{ .Values.parameters.amq_anycast_prefix }}" {{ else }} "jms.queue." {{ end }} + - name: AMQ_MULTICAST_PREFIX + value: {{ if .Values.parameters.amq_multicast_prefix }} "{{ .Values.parameters.amq_multicast_prefix }}" {{ else }} "jms.topic." {{ end }} + - name: AMQ_ENABLE_METRICS_PLUGIN + value: {{ .Values.metrics.enabled | quote }} + - name: AMQ_JOURNAL_TYPE + value: "{{ .Values.parameters.amq_journal_type }}" + image: {{ tpl .Values.templates.broker_image . }} + {{- with .Values.resources }} + resources: + {{- toYaml . | nindent 4 -}} + {{- end }} + imagePullPolicy: {{ .Values.application.pullPolicy }} + readinessProbe: + exec: + command: + - "/bin/bash" + - "-c" + - "/opt/amq/bin/readinessProbe.sh" + name: {{ tpl .Values.templates.deployment . }} + ports: + {{- range .Values.service.acceptors }} + - containerPort: {{ .port }} + name: {{ .name }} + protocol: {{ .protocol }} + {{- end }} + {{- range .Values.service.console }} + - containerPort: {{ .port }} + name: {{ .name }} + protocol: {{ .protocol }} + {{- end }} + volumeMounts: + {{- if .Values.application.persistent }} + - name: {{ tpl .Values.templates.pvc_name . }} + mountPath: {{ .Values.parameters.amq_data_dir }} + {{- end }} + - name: broker-config-script-custom + mountPath: /opt/amq/bin/configure_custom_config.sh + subPath: configure_custom_config.sh + readOnly: true + - name: broker-config-script-custom + mountPath: /opt/amq/bin/launch.sh + subPath: launch.sh + readOnly: true + {{- if .Values.clustered }} + - name: broker-config-script-custom + mountPath: /opt/amq/bin/drain.sh + subPath: drain.sh + readOnly: true + {{- end }} + - name: broker-config-volume + mountPath: "/opt/amq/conf" + readOnly: true + {{- if .Values.parameters.tls_enabled }} + - mountPath: {{ .Values.tls.secret_mount_path }} + name: broker-secret-volume + readOnly: true + {{- end }} +terminationGracePeriodSeconds: 60 +volumes: + {{- if .Values.parameters.tls_enabled }} + - name: broker-secret-volume + secret: + secretName: {{ tpl .Values.templates.app_certificates . }} + {{- end }} + - name: broker-config-script-custom + configMap: + name: {{ tpl .Values.templates.override_cm . }} + items: + - key: configure_custom_config.sh + path: configure_custom_config.sh + - key: launch.sh + path: launch.sh + {{- if .Values.clustered }} + - key: drain.sh + path: drain.sh + {{- end }} + defaultMode: 0550 + - name: broker-config-volume + projected: + sources: + - configMap: + name: {{ tpl .Values.templates.config_cm . }} + {{- range .Values.security.secrets }} + - secret: + name: {{ . }} + {{- end }} + {{- if and (eq .Values.kind "Deployment") (.Values.application.persistent) }} + - name: {{ tpl .Values.templates.pvc_name . }} + persistentVolumeClaim: + {{- if eq .Values.ha_ap.mode "primary" }} + claimName: {{ tpl .Values.templates.pvc_name . }} + {{- else }} + claimName: {{ .Values.ha_ap.connector.static.ref }}-persistent-volume + {{- end }} + {{- end }} +{{- end }} diff --git a/artemis-broker-primary/templates/configmap.yaml b/artemis-broker-primary/templates/configmap.yaml new file mode 100644 index 0000000..d557c55 --- /dev/null +++ b/artemis-broker-primary/templates/configmap.yaml @@ -0,0 +1,14 @@ +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ tpl .Values.templates.override_cm . }} +data: + {{- (.Files.Glob "scripts-override/**.sh").AsConfig | nindent 2 }} +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ tpl .Values.templates.config_cm . }} +data: + {{ tpl (.Files.Glob "conf/**").AsConfig . | nindent 2 }} \ No newline at end of file diff --git a/artemis-broker-primary/templates/deployment.yaml b/artemis-broker-primary/templates/deployment.yaml new file mode 100644 index 0000000..6652739 --- /dev/null +++ b/artemis-broker-primary/templates/deployment.yaml @@ -0,0 +1,35 @@ +{{- if eq .Values.kind "Deployment" }} +{{- if and .Values.clustered (not .Values.cluster.ha_ap_mode) }} + {{- fail ".Values.kind is set to Deployment but this is unsupported in a clustered environment. Use a StatefulSet" }} +{{- else }} +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + application: {{ .Values.application.name }} + name: {{ tpl .Values.templates.deployment . }} +{{- if .Values.clustered }} + annotations: + {{- include "drainer.pod" . | nindent 6 }} +{{- end }} +spec: + replicas: 1 + revisionHistoryLimit: 2 + selector: + matchLabels: + application: {{ .Values.application.name }} + strategy: + type: Recreate + template: + metadata: + # trigger deployments on config map changes + annotations: + configmap/checksum: {{ include (print $.Template.BasePath "/configmap.yaml") . | sha256sum }} + labels: + application: {{ .Values.application.name }} + deployment: {{ tpl .Values.templates.deployment . }} + name: {{ tpl .Values.templates.deployment . }} + spec: + {{- include "amq.pod" . | nindent 6 }} +{{- end }} +{{- end }} diff --git a/artemis-broker-primary/templates/ingress.yaml b/artemis-broker-primary/templates/ingress.yaml new file mode 100644 index 0000000..dde847b --- /dev/null +++ b/artemis-broker-primary/templates/ingress.yaml @@ -0,0 +1,64 @@ +{{- if eq .Values.platform "kubernetes" }} +{{- $route_name := tpl .Values.templates.route . }} +{{- $svc_name := tpl .Values.templates.service . }} +{{- if .Values.parameters.tls_enabled }} +{{- if not .Values.clustered }} +{{- if .Values.ingress.passthrough.enabled }} +{{- range .Values.service.acceptors }} +{{- $nm := toString .name }} +{{- if eq $nm $.Values.ingress.passthrough.service }} +--- +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: "{{ $route_name }}-passthrough" + annotations: + kubernetes.io/ingress.class: nginx + nginx.ingress.kubernetes.io/ssl-passthrough: "true" + nginx.ingress.kubernetes.io/ssl-redirect: "true" +spec: + ingressClassName: {{ $.Values.ingress.className }} + rules: + - host: "{{ $route_name }}-passthrough.{{ $.Values.ingress.domain }}" + http: + paths: + - path: "{{ $.Values.ingress.passthrough.path }}" + pathType: Prefix + backend: + service: + name: {{ $svc_name }} + port: + number: {{ .port }} +{{- end }} +{{- end }} +{{- end }} +{{- end }} +{{- end }} +{{- if .Values.ingress.console.enabled }} +{{- range .Values.service.console }} +--- +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: "{{ $route_name }}-console" +spec: + {{- if $.Values.ingress.console.tls }} + tls: + - hosts: + - "{{ $route_name }}-console.{{ $.Values.ingress.domain }}" + secretName: {{ $.Values.ingress.console.tlsSecretName }} + {{- end }} + rules: + - host: "{{ $route_name }}-console.{{ $.Values.ingress.domain }}" + http: + paths: + - path: "{{ $.Values.ingress.console.path }}" + pathType: Prefix + backend: + service: + name: {{ $svc_name }} + port: + number: {{ .port }} +{{- end }} +{{- end }} +{{- end }} diff --git a/artemis-broker-primary/templates/nodeport.yaml b/artemis-broker-primary/templates/nodeport.yaml new file mode 100644 index 0000000..993a15e --- /dev/null +++ b/artemis-broker-primary/templates/nodeport.yaml @@ -0,0 +1,26 @@ +{{- if .Values.nodeport.enabled }} +{{- $np_svc := .Values.nodeport }} +{{- range .Values.service.acceptors }} +{{- if eq .name $np_svc.service }} +--- +apiVersion: v1 +kind: Service +metadata: + labels: + application: {{ $.Values.application.name }} + name: {{ $.Values.application.name }}-nodeport-svc +spec: + ports: + - name: {{ quote .name }} + port: {{ .port }} + protocol: {{ quote .protocol }} + targetPort: {{ .port }} + nodePort: {{ $np_svc.port }} + publishNotReadyAddresses: true + selector: + application: {{ $.Values.application.name }} + sessionAffinity: None + type: NodePort +{{- end }} +{{- end }} +{{- end }} diff --git a/artemis-broker-primary/templates/persistentvolume.yaml b/artemis-broker-primary/templates/persistentvolume.yaml new file mode 100644 index 0000000..a90b74c --- /dev/null +++ b/artemis-broker-primary/templates/persistentvolume.yaml @@ -0,0 +1,13 @@ +{{- if and (eq .Values.kind "Deployment") (eq .Values.ha_ap.mode "primary") (.Values.application.persistent) }} +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: {{ tpl .Values.templates.pvc_name . }} +spec: + accessModes: + - "ReadWriteOnce" + resources: + requests: + storage: {{ .Values.application.volume_capacity }} + storageClassName: "{{ .Values.application.storageclass }}" +{{- end }} diff --git a/artemis-broker-primary/templates/rbac.yaml b/artemis-broker-primary/templates/rbac.yaml new file mode 100644 index 0000000..5378722 --- /dev/null +++ b/artemis-broker-primary/templates/rbac.yaml @@ -0,0 +1,56 @@ +{{- if .Values.clustered }} +{{- $service_account := tpl .Values.templates.service_account . }} +{{- $role := tpl .Values.templates.k8s_role . }} +{{- $rolebinding := tpl .Values.templates.k8s_rolebinding . }} +{{- with $app := .Values.application.name }} +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ $service_account }} + labels: + app: {{ $app }} +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: {{ $role }} + labels: + app: {{ $app }} +rules: +- apiGroups: + - "" + resources: + - endpoints + verbs: + - create + - delete + - deletecollection + - get + - list + - patch + - update + - watch +- apiGroups: + - "" + resources: + - namespaces + verbs: + - get + - list +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: {{ $rolebinding }} + labels: + app: {{ $app }} +subjects: + - kind: ServiceAccount + name: {{ $service_account }} +roleRef: + kind: Role + name: {{ $role }} + apiGroup: rbac.authorization.k8s.io +{{- end }} +{{- end }} diff --git a/artemis-broker-primary/templates/route.yaml b/artemis-broker-primary/templates/route.yaml new file mode 100644 index 0000000..c2dcdb8 --- /dev/null +++ b/artemis-broker-primary/templates/route.yaml @@ -0,0 +1,65 @@ +{{- if eq .Values.platform "openshift" }} +{{- $svc_name := tpl .Values.templates.service . }} +{{- $app_name := tpl .Values.application.name . }} +{{- $route_name := tpl .Values.templates.route . }} +{{- $jolokia_ssl := and (.Values.parameters.tls_enabled) (.Values.parameters.jolokia_passthrough) }} +{{- range .Values.service.console }} +--- +apiVersion: route.openshift.io/v1 +kind: Route +metadata: + labels: + application: {{ $app_name }} + name: {{ $route_name }}-console +spec: + {{- if $.Values.parameters.append_ns }} + host: {{ $route_name }}.{{ $.Release.Namespace }}.{{ $.Values.parameters.openshift_appdomain }} + {{- else }} + host: {{ $route_name }}.{{ $.Values.parameters.openshift_appdomain }} + {{- end }} + to: + kind: Service + name: {{ $svc_name }} + port: + targetPort: {{ .port }} + tls: +{{- if $jolokia_ssl }} + termination: passthrough +{{- else }} + termination: edge +{{- end }} + insecureEdgeTerminationPolicy: Redirect + wildcardPolicy: None +{{- end }} +{{- if not .Values.clustered }} +{{- if .Values.passthrough_route.enabled }} +{{- range .Values.service.acceptors }} +{{- $nm := toString .name }} +{{- if eq $nm $.Values.passthrough_route.service }} +--- +apiVersion: route.openshift.io/v1 +kind: Route +metadata: + labels: + application: {{ $app_name }} + name: {{ $route_name }}-passthrough +spec: + {{- if $.Values.parameters.append_ns }} + host: {{ $.Values.passthrough_route.hostname }}.{{ $.Release.Namespace }}.{{ $.Values.parameters.openshift_appdomain }} + {{- else }} + host: {{ $.Values.passthrough_route.hostname }}.{{ $.Values.parameters.openshift_appdomain }} + {{- end }} + to: + kind: Service + name: {{ $svc_name }} + port: + targetPort: {{ .port }} + tls: + termination: passthrough + insecureEdgeTerminationPolicy: Redirect + wildcardPolicy: None +{{- end }} +{{- end }} +{{- end }} +{{- end }} +{{- end }} diff --git a/artemis-broker-primary/templates/secrets.yaml b/artemis-broker-primary/templates/secrets.yaml new file mode 100644 index 0000000..22ed405 --- /dev/null +++ b/artemis-broker-primary/templates/secrets.yaml @@ -0,0 +1,42 @@ +{{- if .Values.security.createSecret }} +apiVersion: v1 +kind: Secret +metadata: + name: {{ tpl .Values.templates.app_secret .}} +type: Opaque +data: + AMQ_USER: {{ b64enc .Values.admin.user }} + AMQ_PASSWORD: {{ b64enc .Values.admin.password }} + {{- if .Values.clustered }} + AMQ_CLUSTER_USER: {{ b64enc .Values.admin.cluster_user }} + AMQ_CLUSTER_PASSWORD: {{ b64enc .Values.admin.cluster_password }} + {{- end }} +{{- end }} +{{- if .Values.parameters.tls_enabled }} +--- +apiVersion: v1 +kind: Secret +metadata: + name: {{ tpl .Values.templates.app_certificates . }} +type: Opaque +data: + AMQ_KEYSTORE_PASSWORD: {{ b64enc .Values.tls.keystore_password }} + AMQ_TRUSTSTORE_PASSWORD: {{ b64enc .Values.tls.truststore_password }} + {{- range tuple .Values.tls.keystore .Values.tls.truststore }} + {{ . }}: |- + {{ ( printf "%s%s" "tls/" . | $.Files.Get ) | b64enc }} + {{- end }} +{{- end }} +{{- if and (eq .Values.platform "kubernetes") (.Values.ingress.console.tls) }} +--- +apiVersion: v1 +kind: Secret +metadata: + name: {{ .Values.ingress.console.tlsSecretName }} +data: + tls.crt: |- + {{ ( printf "%s%s" "tls/" .Values.ingress.console.cert | $.Files.Get) | b64enc }} + tls.key: |- + {{ ( printf "%s%s" "tls/" .Values.ingress.console.key | $.Files.Get) | b64enc }} +type: kubernetes.io/tls +{{- end }} diff --git a/artemis-broker-primary/templates/servicemonitor.yaml b/artemis-broker-primary/templates/servicemonitor.yaml new file mode 100644 index 0000000..f8e90c3 --- /dev/null +++ b/artemis-broker-primary/templates/servicemonitor.yaml @@ -0,0 +1,16 @@ +{{- if .Values.metrics.enabled }} +apiVersion: monitoring.coreos.com/v1 +kind: ServiceMonitor +metadata: + name: {{ .Values.application.name }}-monitor + labels: + prometheus: prometheus-app +spec: + selector: + matchLabels: + application: {{ .Values.application.name }} + endpoints: + - targetPort: {{ .Values.metrics.servicemonitor.port }} + path: /metrics/ + interval: {{ .Values.metrics.servicemonitor.interval }} +{{- end }} \ No newline at end of file diff --git a/artemis-broker-primary/templates/services.yaml b/artemis-broker-primary/templates/services.yaml new file mode 100644 index 0000000..eb9ae10 --- /dev/null +++ b/artemis-broker-primary/templates/services.yaml @@ -0,0 +1,57 @@ +{{- $application_name := .Values.application.name }} +{{- $svc_name := tpl .Values.templates.service . }} +{{- $dc_name := tpl .Values.templates.deployment . }} +--- +apiVersion: v1 +kind: Service +metadata: + annotations: + {{- if eq .Values.kind "StatefulSet" }} + description: The broker's headless, non load balanced service + {{- else }} + description: AMQ Broker Service + {{- end }} + labels: + application: {{ $application_name }} + app: {{ $application_name }} + name: {{ $svc_name }} +spec: + {{- if eq .Values.kind "StatefulSet" }} + clusterIP: None + {{- end }} + type: ClusterIP + publishNotReadyAddresses: true + ports: + {{- range .Values.service.acceptors }} + - port: {{ .port }} + name: {{ .name }} + protocol: {{ .protocol }} + targetPort: {{ .port }} + {{- end }} + {{- range .Values.service.console }} + - port: {{ .port }} + name: {{ .name }} + protocol: {{ .protocol }} + targetPort: {{ .port }} + {{- end }} + selector: + deployment: {{ $dc_name }} +{{- if .Values.clustered }} +--- +apiVersion: v1 +kind: Service +metadata: + annotations: + description: The JGroups ping port for clustering. + service.alpha.kubernetes.io/tolerate-unready-endpoints: 'true' + labels: + application: {{ $application_name }} + name: {{ tpl .Values.ping_service.name . }} +spec: + clusterIP: None + ports: + - targetPort: {{ .Values.ping_service.port }} + port: {{ .Values.ping_service.port }} + selector: + deployment: {{ $dc_name }} +{{- end }} diff --git a/artemis-broker-primary/templates/statefulset.yaml b/artemis-broker-primary/templates/statefulset.yaml new file mode 100644 index 0000000..b3e08f4 --- /dev/null +++ b/artemis-broker-primary/templates/statefulset.yaml @@ -0,0 +1,50 @@ +{{- if eq .Values.kind "StatefulSet" }} +{{- $svc_name := tpl .Values.templates.service . }} +apiVersion: apps/v1 +kind: StatefulSet +metadata: + labels: + application: {{ .Values.application.name }} + name: {{ tpl .Values.templates.deployment . }} +{{- if .Values.clustered }} + annotations: + {{- include "drainer.pod" . | nindent 6 }} +{{- end }} +spec: + revisionHistoryLimit: 2 + selector: + matchLabels: + application: {{ .Values.application.name }} + {{- if .Values.clustered }} + podManagementPolicy: OrderedReady + replicas: {{ .Values.application.replicas }} + {{- else }} + replicas: 1 + {{- end }} + serviceName: {{ $svc_name }} + template: + metadata: + # trigger deployments on config map changes + annotations: + configmap/checksum: {{ include (print $.Template.BasePath "/configmap.yaml") . | sha256sum }} + labels: + application: {{ .Values.application.name }} + deployment: {{ tpl .Values.templates.deployment . }} + app: {{ .Values.application.name }} + name: {{ tpl .Values.templates.deployment . }} + spec: + {{- include "amq.pod" . | nindent 6 }} + {{- if .Values.application.persistent }} + volumeClaimTemplates: + - apiVersion: v1 + kind: PersistentVolumeClaim + metadata: + name: {{ tpl .Values.templates.pvc_name . }} + spec: + accessModes: [ "ReadWriteOnce" ] + resources: + requests: + storage: {{ .Values.application.volume_capacity }} + storageClassName: "{{ .Values.application.storageclass }}" + {{- end }} +{{- end }} diff --git a/artemis-broker-primary/tls/ingress_console.crt b/artemis-broker-primary/tls/ingress_console.crt new file mode 100644 index 0000000..4f2e970 --- /dev/null +++ b/artemis-broker-primary/tls/ingress_console.crt @@ -0,0 +1 @@ +PLACEHOLDER diff --git a/artemis-broker-primary/tls/ingress_console.key b/artemis-broker-primary/tls/ingress_console.key new file mode 100644 index 0000000..4f2e970 --- /dev/null +++ b/artemis-broker-primary/tls/ingress_console.key @@ -0,0 +1 @@ +PLACEHOLDER diff --git a/artemis-broker-primary/tls/keystore.ks b/artemis-broker-primary/tls/keystore.ks new file mode 100644 index 0000000..4f2e970 --- /dev/null +++ b/artemis-broker-primary/tls/keystore.ks @@ -0,0 +1 @@ +PLACEHOLDER diff --git a/artemis-broker-primary/tls/keystore.ts b/artemis-broker-primary/tls/keystore.ts new file mode 100644 index 0000000..4f2e970 --- /dev/null +++ b/artemis-broker-primary/tls/keystore.ts @@ -0,0 +1 @@ +PLACEHOLDER diff --git a/artemis-broker-primary/values.yaml b/artemis-broker-primary/values.yaml new file mode 100644 index 0000000..62c1156 --- /dev/null +++ b/artemis-broker-primary/values.yaml @@ -0,0 +1,237 @@ +# Deploy broker as Deployment or StatefulSet +# if clustered is True, then only StatefulSet is supported +kind: Deployment +clustered: false # only with StatefulSet + +# Platform type. +platform: kubernetes + +application: + name: broker1 # set broker1 is this for primary deployment else set to broker2 + amq_broker_version: 55ae4e28b100534d63c34ab86f69230d274c999d46d1493f26fe3e75ba7a0cec # 7.12.3 + amq_broker_image: registry.redhat.io/amq7/amq-broker-rhel8 + pullPolicy: IfNotPresent + persistent: true + journal_type: ASYNCIO # more information see broker.xml + volume_capacity: "1G" + replicas: 1 + storageclass: default + # this is used if platform type is set as "kubernetes" + pullSecretName: redhat-pullsecret + +service: + console: + - name: jolokia + description: "The Jolokia Management Console Service" + protocol: TCP + port: 8161 + acceptors: + - name: multiplex + description: "Multiplexed protocol endpoint (CORE+All the others)" + protocol: TCP + # when tls is enabled, all acceptors are tls-protected. + # this behaviour can be overridden by marking the acceptor as non-tls + #use_tls: false + port: 61616 + # if needed, override the protocols here. + # default values are specified in the "parameters" section below + #amq_protocols: "CORE,AMQP,STOMP,HORNETQ,MQTT,OPENWIRE" + # also, additional properties for a single acceptor can be set here + #acceptor_params: + # - key: supportAdvisory + # value: false + # - key: suppressInternalManagementObjects + # value: false + +ping_service: + name: "{{ .Values.application.name }}-ping-svc" + port: 8888 + jgroups: + bind_port: 7800 + +nodeport: + port: 30003 + service: multiplex + enabled: true + +passthrough_route: + hostname: multiplex-amq + enabled: false + service: multiplex + +# only relevant for deployment on kubernetes +ingress: + # the ingress rule domain + domain: kubernetes.local + # passthrough ingress rule: only relevant for TLS enabled brokers + passthrough: + path: "/" + service: multiplex + enabled: true + # jolokia console ingress rule. optional tls certificates can be configured here + console: + path: "/" + service: jolokia + enabled: true + tls: false + tlsSecretName: "amq-console-ingress-certs" + cert: ingress_console.crt + key: ingress_console.key + +tls: + secret_mount_path: "/etc/amq-secret-volume" + keystore: keystore.ks + truststore: keystore.ts + keystore_password: kspwd + truststore_password: tspwd + +parameters: + tls_enabled: false + jolokia_passthrough: false + append_ns: false + openshift_appdomain: apps.cluster.local + amq_protocols: "openwire,amq,stomp,mqtt,hornetq,core" + amq_broker_name: "broker" + amq_global_max_size: "200 mb" + amq_require_login: False + amq_extra_args: "" + amq_anycast_prefix: "jmx.queue." + amq_multicast_prefix: "jmx.topic." + amq_journal_type: "nio" + ssl_provider: "jdk" # alternative is openssl + amq_data_dir: "/opt/amq/data" + amq_force_addresses_cleanup: True # if true remove all queues that are not declared here upon chart update + +cluster: + ha_ap_mode: false # Primary-Backup Mode / only with 2 Deployments + jgroupsCfg: "jgroups-ping.xml" + refreshTimeout: 10000 + connector: + ref: multiplex + port: 61616 + +ha_ap: + mode: primary + refreshTimeout: 10000 + connector: + ref: artemis + port: 61616 + static: + ref: broker2 # set broker2 is this for primary deployment else set to broker1 + port: 61616 + +templates: + service: "{{ .Values.application.name }}-svc" + service_account: "{{ .Values.application.name }}-sa" + k8s_role: "{{ .Values.application.name }}-role" + k8s_rolebinding: "{{ .Values.application.name }}-rolebinding" + deployment: "{{ .Values.application.name }}-dc" + route: "{{ .Values.application.name }}-route" + broker_image: "{{ .Values.application.amq_broker_image }}:{{ .Values.application.amq_broker_version }}" + override_cm: "{{ .Values.application.name }}-override-cm" + config_cm: "{{ .Values.application.name }}-config-cm" + app_secret: "{{ .Values.application.name }}-secret" + app_certificates: "{{ .Values.application.name }}-certificates" + pvc_name: "{{ .Values.application.name }}-persistent-volume" + +admin: + user: admin + password: password + cluster_user: cadmin + cluster_password: cpassword + role: "admin" + +security: + enabled: true + # Names of additional secrets to mount into configuration folder. + secrets: [] + createSecret: true + jaasUsers: + # Secret key entry name for Username password properties file. Override when files is provided by existing Secret. + key: artemis-users.properties + +# Add more users to this configuration +# Any users that gets assigned the .admin.role +# role name becomes an additional administrator +users: [] +# - name: demouser +# password: "demo" +# roles: +# - user +# - name: anotheruser +# password: "demo1" +# roles: +# - user +# +queues: + defaults: + maxDeliveryAttempts: 3 + redeliveryDelayMultiplier: 1 + redeliveryDelay: 5000 + maxRedeliveryDelay: 50000 + maxSizeBytes: "100 mb" + addressFullPolicy: "PAGE" + messageCounterHistoryDayLimit: 10 + addresses: [] +# - name: QUEUE_1 +# type: anycast # for queues, choose 'multicast' for topics +# dlq_address: QUEUE_1_DLQ +# expiry_address: +# maxDeliveryAttempts: +# redeliveryDelayMultiplier: +# redeliveryDelay: +# maxRedeliveryDelay: +# maxSizeBytes: +# messageCounterHistoryDayLimit: +# addressFullPolicy: +# permissions: +# - grant: consume +# roles: +# - admin +# - user +# - grant: browse +# roles: +# - admin +# - user +# - grant: send +# roles: +# - admin +# - user +# - grant: manage +# roles: +# - admin +# #- grant: createNonDurableQueue # uncomment this when declaring topics (with type: multicast) +# # roles: +# # - admin +# # - user + +# Add Metrics and Prometheus ServiceMonitor for collecting metrics +metrics: + enabled: false + jvm_memory: true + jvm_gc: false + jvm_threads: false + servicemonitor: + port: 8161 + interval: 20s + +# k8s resources +resources: {} +# limits: +# cpu: 1000m +# memory: 2000Mi +# requests: +# cpu: 200m +# memory: 1000Mi +# + +# k8s affinity +affinity: {} +# nodeAffinity: +# requiredDuringSchedulingIgnoredDuringExecution: +# nodeSelectorTerms: +# - matchExpressions: +# - key: disktype +# operator: In +# values: +# - ssd \ No newline at end of file diff --git a/values_helmChart__primary.yaml b/artemis-broker-primary/values_helmChart__primary.yaml similarity index 100% rename from values_helmChart__primary.yaml rename to artemis-broker-primary/values_helmChart__primary.yaml