config: enhance RabbitMQ connection configuration

egabancho · egabancho · commit cf9e856bdf4f · 2025-03-03T11:18:33.000+01:00
diff --git a/charts/invenio/templates/_helpers.tpl b/charts/invenio/templates/_helpers.tpl
@@ -83,7 +83,7 @@ app.kubernetes.io/managed-by: {{ .Release.Service }}
   {{- end }}
 {{- end -}}
 
-#######################     RabbitMQ password secret     #######################
+#######################     RabbitMQ connection configuration     #######################
 {{/*
   This template renders the name of the secret that stores the password for RabbitMQ.
 */}}
@@ -95,19 +95,17 @@ app.kubernetes.io/managed-by: {{ .Release.Service }}
   {{- end }}
 {{- end -}}
 
-##########################     RabbitMQ username     ##########################
 {{/*
   This template renders the username for accessing RabbitMQ.
 */}}
 {{- define "invenio.rabbitmq.username" -}}
   {{- if .Values.rabbitmq.enabled }}
     {{- required "Missing .Values.rabbitmq.auth.username" .Values.rabbitmq.auth.username -}}
   {{- else }}
-    {{- required "Missing .Values.rabbitmqExternal.username" .Values.rabbitmqExternal.username -}}
+    {{- required "Missing .Values.rabbitmqExternal.username" (tpl .Values.rabbitmqExternal.username .) -}}
   {{- end }}
 {{- end -}}
 
-##########################     RabbitMQ password     ##########################
 {{/*
   This template renders the password for accessing RabbitMQ.
 */}}
@@ -119,43 +117,61 @@ app.kubernetes.io/managed-by: {{ .Release.Service }}
   {{- end }}
 {{- end -}}
 
-##########################     RabbitMQ AMQP port     ##########################
+{{/*
+  Get the database password secret name
+*/}}
+{{- define "invenio.rabbitmq.secretName" -}}
+  {{- if .Values.rabbitmq.enabled -}}
+    {{- required "Missing .Values.rabbitmq.auth.existingPasswordSecret" (tpl .Values.rabbitmq.auth.existingPasswordSecret .) -}}
+  {{- else -}}
+    {{- required "Missing .Values.rabbitmqExternal.existingSecret" (tpl .Values.rabbitmqExternal.existingSecret .) -}}
+  {{- end -}}
+{{- end -}}
+
+{{/*
+  Get the database password secret key
+*/}}
+{{- define "invenio.rabbitmq.secretKey" -}}
+  {{- if .Values.rabbitmq.enabled -}}
+    {{- required "Missing .Values.rabbitmq.auth.existingSecretPasswordKey" .Values.rabbitmq.auth.existingSecretPasswordKey -}}
+  {{- else -}}
+    {{- required "Missing .Values.rabbitmqExternal.existingSecretPasswordKey" .Values.rabbitmqExternal.existingSecretPasswordKey -}}
+  {{- end -}}
+{{- end -}}
+
 {{/*
   This template renders the AMQP port number for RabbitMQ.
 */}}
 {{- define "invenio.rabbitmq.amqpPort" -}}
   {{- if .Values.rabbitmq.enabled }}
-    {{- required "Missing .Values.rabbitmq.service.ports.amqp" .Values.rabbitmq.service.ports.amqp -}}
+    {{- required "Missing .Values.rabbitmq.service.ports.amqp" .Values.rabbitmq.service.ports.amqp | quote -}}
   {{- else }}
-    {{- required "Missing .Values.rabbitmqExternal.amqpPort" .Values.rabbitmqExternal.amqpPort -}}
+    {{- required "Missing .Values.rabbitmqExternal.amqpPort" (tpl .Values.rabbitmqExternal.amqpPort .) | quote -}}
   {{- end }}
 {{- end -}}
 
-#######################     RabbitMQ management port     #######################
 {{/*
   This template renders the management port number for RabbitMQ.
 */}}
 {{- define "invenio.rabbitmq.managementPort" -}}
   {{- if .Values.rabbitmq.enabled }}
-    {{- required "Missing .Values.rabbitmq.service.ports.manager" .Values.rabbitmq.service.ports.manager -}}
+    {{- required "Missing .Values.rabbitmq.service.ports.manager" .Values.rabbitmq.service.ports.manager | quote -}}
   {{- else }}
-    {{- required "Missing .Values.rabbitmqExternal.managementPort" .Values.rabbitmqExternal.managementPort -}}
+    {{- required "Missing .Values.rabbitmqExternal.managementPort" (tpl .Values.rabbitmqExternal.managementPort .) | quote -}}
   {{- end }}
 {{- end -}}
 
-##########################     RabbitMQ hostname     ##########################
 {{/*
   This template renders the hostname for RabbitMQ.
 */}}
 {{- define "invenio.rabbitmq.hostname" -}}
   {{- if .Values.rabbitmq.enabled }}
     {{- include "common.names.fullname" .Subcharts.rabbitmq -}}
   {{- else }}
-    {{- required "Missing .Values.rabbitmqExternal.hostname" .Values.rabbitmqExternal.hostname }}
+    {{- required "Missing .Values.rabbitmqExternal.hostname" (tpl .Values.rabbitmqExternal.hostname .) }}
   {{- end }}
 {{- end -}}
 
-##########################     RabbitMQ protocol     ##########################
 {{/*
   This template renders the protocol for RabbitMQ.
 */}}
@@ -167,44 +183,46 @@ app.kubernetes.io/managed-by: {{ .Release.Service }}
   {{- end }}
 {{- end -}}
 
-##########################     RabbitMQ vhost     ##########################
 {{/*
   This template renders the vhost for RabbitMQ.
 */}}
 {{- define "invenio.rabbitmq.vhost" -}}
   {{- if .Values.rabbitmq.enabled }}
     {{- "" }}
   {{- else }}
-    {{- required "Missing .Values.rabbitmqExternal.vhost" .Values.rabbitmqExternal.vhost }}
+    {{- required "Missing .Values.rabbitmqExternal.vhost" (tpl .Values.rabbitmqExternal.vhost .) }}
   {{- end }}
 {{- end -}}
 
-##########################     Celery broker URI     ##########################
-{{/*
-  This template renders the URI for connecting to RabbitMQ.
-*/}}
-{{- define "invenio.rabbitmq.uri" -}}
-  {{- $username := (include "invenio.rabbitmq.username" .) -}}
-  {{- $password := (include "invenio.rabbitmq.password" .) -}}
-  {{- $port := (include "invenio.rabbitmq.amqpPort" .) -}}
-  {{- $hostname := (include "invenio.rabbitmq.hostname" .) -}}
-  {{- $protocol := (include "invenio.rabbitmq.protocol" .) -}}
-  {{- $vhost := (include "invenio.rabbitmq.vhost" .) -}}
-  {{- printf "%s://%s:%s@%s:%v/%s" $protocol $username $password $hostname $port $vhost}}
-{{- end -}}
-
-###########################     RabbitMQ API URI     ###########################
 {{/*
-  This template renders the URI for RabbitMQ's API endpoint.
-*/}}
-{{- define "invenio.rabbitmq.apiUri" -}}
-  {{- $username := (include "invenio.rabbitmq.username" .) -}}
-  {{- $password := (include "invenio.rabbitmq.password" .) -}}
-  {{- $port := (include "invenio.rabbitmq.managementPort" .) -}}
-  {{- $hostname := (include "invenio.rabbitmq.hostname" .) -}}
-  {{- printf "http://%s:%s@%s:%v/api/" $username $password $hostname $port }}
+  RabbitMQ connection env section. 
+*/}}
+{{- define "invenio.config.queue" -}}
+{{- $uri := "$(INVENIO_AMQP_BROKER_PROTOCOL)://$(INVENIO_AMQP_BROKER_USER):$(INVENIO_AMQP_BROKER_PASSWORD)@$(INVENIO_AMQP_BROKER_HOST):$(INVENIO_AMQP_BROKER_PORT)/$(INVENIO_AMQP_BROKER_VHOST)" -}}
+- name: INVENIO_AMQP_BROKER_USER
+  value: {{ include "invenio.rabbitmq.username" . }}
+- name: INVENIO_AMQP_BROKER_HOST
+  value: {{ include "invenio.rabbitmq.hostname" . }}
+- name: INVENIO_AMQP_BROKER_PORT
+  value: {{ include "invenio.rabbitmq.amqpPort" . }}
+- name: INVENIO_AMQP_BROKER_VHOST
+  value: {{ include "invenio.rabbitmq.vhost" . }}
+- name: INVENIO_AMQP_BROKER_PROTOCOL
+  value: {{ include "invenio.rabbitmq.protocol" . }}
+- name: INVENIO_AMQP_BROKER_PASSWORD
+{{- if or (and .Values.rabbitmq.enabled .Values.rabbitmq.auth.password) .Values.rabbitmqExternal.password }}
+  value: {{ include "invenio.rabbitmq.password" .  | quote }}
+{{- else }}
+  valueFrom:
+    secretKeyRef:
+      name: {{ include "invenio.rabbitmq.secretName" .}}
+      key: {{ include "invenio.rabbitmq.secretKey" .}}
+{{- end }}
+- name: INVENIO_BROKER_URL
+  value: {{ $uri}}
+- name: INVENIO_CELERY_BROKER_URL
+  value: {{ $uri}}
 {{- end -}}
-
 #########################     OpenSearch hostname     #########################
 {{/*
   This template renders the hostname of the OpenSearch instance.
@@ -297,7 +315,7 @@ app.kubernetes.io/managed-by: {{ .Release.Service }}
 {{- end -}}
 
 {{/*
-  Define database connection env section.
+  Define database connection env section. 
 */}}
 {{- define "invenio.config.database" -}}
 - name: INVENIO_DB_USER
diff --git a/charts/invenio/templates/install-init-job.yaml b/charts/invenio/templates/install-init-job.yaml
@@ -38,10 +38,7 @@ spec:
         env:
         - name: TZ
           value: {{ required "Missing .Values.global.timezone" .Values.global.timezone }}
-        - name: INVENIO_BROKER_URL
-          value: {{ include "invenio.rabbitmq.uri" . }}
-        - name: INVENIO_CELERY_BROKER_URL
-          value: {{ include "invenio.rabbitmq.uri" . }}
+        {{- include "invenio.config.queue" . | nindent 8 }}
         {{- include "invenio.config.database" . | nindent 8 }}
         volumeMounts:
           {{- range $key, $value := .Values.invenio.vocabularies }}
diff --git a/charts/invenio/templates/web-deployment.yaml b/charts/invenio/templates/web-deployment.yaml
@@ -36,10 +36,7 @@ spec:
         env:
         - name: TZ
           value: {{ required "Missing .Values.global.timezone" .Values.global.timezone }}
-        - name: INVENIO_BROKER_URL
-          value: {{ include "invenio.rabbitmq.uri" . }}
-        - name: INVENIO_CELERY_BROKER_URL
-          value: {{ include "invenio.rabbitmq.uri" . }}
+        {{- include "invenio.config.queue" . | nindent 8 }}
         {{- include "invenio.config.database" . | nindent 8 }}
         {{- with .Values.web.extraEnvVars }}
         {{-  toYaml . | nindent 8 }}
diff --git a/charts/invenio/templates/worker-beat-deployment.yaml b/charts/invenio/templates/worker-beat-deployment.yaml
@@ -48,10 +48,7 @@ spec:
         env:
         - name: TZ
           value: {{ required "Missing .Values.global.timezone" .Values.global.timezone }}
-        - name: INVENIO_BROKER_URL
-          value: {{ include "invenio.rabbitmq.uri" . }}
-        - name: INVENIO_CELERY_BROKER_URL
-          value: {{ include "invenio.rabbitmq.uri" . }}
+        {{- include "invenio.config.queue" . | nindent 8 }}
         {{- include "invenio.config.database" . | nindent 8}}
         {{- with .Values.workerBeat.extraEnvVars }}
         {{- toYaml . | nindent 8 }}
diff --git a/charts/invenio/templates/worker-deployment.yaml b/charts/invenio/templates/worker-deployment.yaml
@@ -39,10 +39,7 @@ spec:
           env:
           - name: TZ
             value: {{ required "Missing .Values.global.timezone" .Values.global.timezone }}
-          - name: INVENIO_BROKER_URL
-            value: {{ include "invenio.rabbitmq.uri" . }}
-          - name: INVENIO_CELERY_BROKER_URL
-            value: {{ include "invenio.rabbitmq.uri" . }}
+          {{- include "invenio.config.queue" . | nindent 10 }}
           {{- include "invenio.config.database" . | nindent 10 }}
           {{- with .Values.worker.extraEnvVars }}
           {{- toYaml . | nindent 10 }}
diff --git a/charts/invenio/values.yaml b/charts/invenio/values.yaml
@@ -333,6 +333,8 @@ redis:
         cpu: 500m
         memory: 500Mi
 
+## RabbitMQ chart configuration
+## ref: https://github.com/bitnami/charts/blob/main/bitnami/rabbitmq/values.yaml
 rabbitmq:
   enabled: true
   auth:
@@ -345,7 +347,28 @@ rabbitmq:
       cpu: "1"
       memory: 2Gi
 
-rabbitmqExternal: {}
+## External RabbitMQ configuration
+## All of these values are only used when rabbitmq.enabled is set to false
+## @param rabbitmqExternal.username RabbitMQ user
+## @param rabbitmqExternal.password Password
+## @param rabbitmqExternal.amqpPort 
+## @param rabbitmqExternal.managementPort
+## @param rabbitmqExternal.hostname 
+## @param rabbitmqExternal.protocol 
+## @param rabbitmqExternal.vhost 
+## @param rabbitmqExternal.existingSecret Name of an existing secret resource containing the credentials
+## @param rabbitmqExternal.existingSecretPasswordKey Name of an existing secret key containing the credentials
+##
+rabbitmqExternal:
+  username: invenio
+  password: ""
+  amqpPort: 5671
+  managementPort: 15672
+  hostname: ""
+  protocol: ""
+  vhost: ""
+  existingSecret: ""
+  existingSecretPasswordKey: "amqp-password"
 
 flower:
   enabled: true
