Skip to content

Commit df4deeb

Browse files
authored
[rabbitmq] make rabbitmq run on openshift (CloudPirates-io#201)
* make rabbitmq run on openshift * Rename "securityContext" to "containerSecurityContext" to provide a more descriptive name for the container's security context in the values schema.
1 parent d55b428 commit df4deeb

File tree

6 files changed

+24
-60
lines changed

6 files changed

+24
-60
lines changed

charts/rabbitmq/Chart.lock

Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -1,6 +1,6 @@
11
dependencies:
22
- name: common
33
repository: oci://registry-1.docker.io/cloudpirates
4-
version: 1.0.0
5-
digest: sha256:4dc4489391e65614af4cd64d56a213e353a7a70b231faf64c584779774304d96
6-
generated: "2025-08-15T10:49:14.642643+02:00"
4+
version: 1.1.1
5+
digest: sha256:8da3c04e2c4a1ebfff4f21936399938e0f3fcf9fbd2f7135e7e907ce725b8f00
6+
generated: "2025-10-01T21:19:36.926334+02:00"

charts/rabbitmq/Chart.yaml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -2,7 +2,7 @@ apiVersion: v2
22
name: rabbitmq
33
description: A messaging broker that implements the Advanced Message Queuing Protocol (AMQP)
44
type: application
5-
version: 0.2.13
5+
version: 0.3.0
66
appVersion: "4.1.4"
77
keywords:
88
- rabbitmq

charts/rabbitmq/README.md

Lines changed: 6 additions & 12 deletions
Original file line numberDiff line numberDiff line change
@@ -210,18 +210,12 @@ The following table lists the configurable parameters of the RabbitMQ chart and
210210
| Parameter | Description | Default |
211211
| -------------------------------------------------------- | ------------------------------------------------- | --------- |
212212
| `podSecurityContext.fsGroup` | Group ID for the volumes of the pod | `999` |
213-
| `securityContext.allowPrivilegeEscalation` | Enable container privilege escalation | `false` |
214-
| `securityContext.runAsNonRoot` | Configure the container to run as a non-root user | `true` |
215-
| `securityContext.runAsUser` | User ID for the RabbitMQ container | `999` |
216-
| `securityContext.runAsGroup` | Group ID for the RabbitMQ container | `999` |
217-
| `securityContext.readOnlyRootFilesystem` | Mount container root filesystem as read-only | `true` |
218-
| `securityContext.capabilities.drop` | Linux capabilities to be dropped | `["ALL"]` |
219-
| `initContainer.securityContext.allowPrivilegeEscalation` | Enable container privilege escalation | `false` |
220-
| `initContainer.securityContext.runAsNonRoot` | Configure the container to run as a non-root user | `true` |
221-
| `initContainer.securityContext.runAsUser` | User ID for the RabbitMQ container | `999` |
222-
| `initContainer.securityContext.runAsGroup` | Group ID for the RabbitMQ container | `999` |
223-
| `initContainer.securityContext.readOnlyRootFilesystem` | Mount container root filesystem as read-only | `true` |
224-
| `initContainer.securityContext.capabilities.drop` | Linux capabilities to be dropped | `["ALL"]` |
213+
| `containerSecurityContext.allowPrivilegeEscalation` | Enable container privilege escalation | `false` |
214+
| `containerSecurityContext.runAsNonRoot` | Configure the container to run as a non-root user | `true` |
215+
| `containerSecurityContext.runAsUser` | User ID for the RabbitMQ container | `999` |
216+
| `containerSecurityContext.runAsGroup` | Group ID for the RabbitMQ container | `999` |
217+
| `containerSecurityContext.readOnlyRootFilesystem` | Mount container root filesystem as read-only | `true` |
218+
| `containerSecurityContext.capabilities.drop` | Linux capabilities to be dropped | `["ALL"]` |
225219

226220
### Liveness and readiness probes
227221

charts/rabbitmq/templates/statefulset.yaml

Lines changed: 6 additions & 21 deletions
Original file line numberDiff line numberDiff line change
@@ -28,27 +28,21 @@ spec:
2828
{{ . | nindent 6 }}
2929
{{- end }}
3030
serviceAccountName: {{ include "rabbitmq.serviceAccountName" . }}
31-
{{- if .Values.podSecurityContext }}
32-
securityContext:
33-
{{- toYaml .Values.podSecurityContext | nindent 8 }}
34-
{{- end }}
31+
securityContext: {{ include "common.renderPodSecurityContext" . | nindent 8 }}
3532
{{- if or .Values.auth.enabled .Values.installPlugins .Values.customScripts.initContainers }}
3633
initContainers:
3734
{{- if .Values.auth.enabled }}
3835
- name: init-erlang-cookie
3936
image: "{{ .Values.initContainer.image.registry | default .Values.global.imageRegistry }}/{{ .Values.initContainer.image.repository }}:{{ .Values.initContainer.image.tag }}"
4037
imagePullPolicy: "{{ .Values.initContainer.image.pullPolicy }}"
41-
{{- if .Values.initContainer.securityContext }}
42-
securityContext:
43-
{{- toYaml .Values.initContainer.securityContext | nindent 12 }}
44-
{{- end }}
38+
securityContext: {{ include "common.renderContainerSecurityContext" . | nindent 12 }}
4539
command:
4640
- sh
4741
- -c
4842
- |
4943
echo "$RABBITMQ_ERLANG_COOKIE" > /var/lib/rabbitmq/.erlang.cookie
5044
chmod 400 /var/lib/rabbitmq/.erlang.cookie
51-
chown {{ .Values.securityContext.runAsUser | default 999 }}:{{ .Values.securityContext.runAsGroup | default 999 }} /var/lib/rabbitmq/.erlang.cookie
45+
chown $(id -u):$(id -g) /var/lib/rabbitmq/.erlang.cookie
5246
env:
5347
- name: RABBITMQ_ERLANG_COOKIE
5448
valueFrom:
@@ -63,10 +57,7 @@ spec:
6357
- name: download-plugins
6458
image: "{{ .Values.initContainer.image.registry | default .Values.global.imageRegistry }}/{{ .Values.initContainer.image.repository }}:{{ .Values.initContainer.image.tag }}"
6559
imagePullPolicy: "{{ .Values.initContainer.image.pullPolicy }}"
66-
{{- if .Values.initContainer.securityContext }}
67-
securityContext:
68-
{{- toYaml .Values.initContainer.securityContext | nindent 12 }}
69-
{{- end }}
60+
securityContext: {{ include "common.renderContainerSecurityContext" . | nindent 12 }}
7061
command:
7162
- sh
7263
- -c
@@ -91,10 +82,7 @@ spec:
9182
- name: copy-plugins
9283
image: {{ include "rabbitmq.image" . | quote }}
9384
imagePullPolicy: {{ include "common.imagePullPolicy" (dict "image" .Values.image) }}
94-
{{- if .Values.initContainer.securityContext }}
95-
securityContext:
96-
{{- toYaml .Values.initContainer.securityContext | nindent 12 }}
97-
{{- end }}
85+
securityContext: {{ include "common.renderContainerSecurityContext" . | nindent 12 }}
9886
command:
9987
- sh
10088
- -c
@@ -112,10 +100,7 @@ spec:
112100
{{- end }}
113101
containers:
114102
- name: {{ .Chart.Name }}
115-
{{- if .Values.securityContext }}
116-
securityContext:
117-
{{- toYaml .Values.securityContext | nindent 12 }}
118-
{{- end }}
103+
securityContext: {{ include "common.renderContainerSecurityContext" . | nindent 12 }}
119104
image: {{ include "rabbitmq.image" . | quote }}
120105
imagePullPolicy: {{ include "common.imagePullPolicy" (dict "image" .Values.image) }}
121106
{{- if .Values.customScripts.postStart.enabled }}

charts/rabbitmq/values.yaml

Lines changed: 7 additions & 22 deletions
Original file line numberDiff line numberDiff line change
@@ -118,21 +118,6 @@ initContainer:
118118
tag: "1.37.0@sha256:d82f458899c9696cb26a7c02d5568f81c8c8223f8661bb2a7988b269c8b9051e"
119119
## @param initContainer.image.pullPolicy Init container image pull policy
120120
pullPolicy: IfNotPresent
121-
securityContext:
122-
## @param initContainer.securityContext.allowPrivilegeEscalation Enable container privilege escalation
123-
allowPrivilegeEscalation: false
124-
## @param initContainer.securityContext.runAsNonRoot Configure the container to run as a non-root user
125-
runAsNonRoot: true
126-
## @param initContainer.securityContext.runAsUser User ID for the RabbitMQ container
127-
runAsUser: 999
128-
## @param initContainer.securityContext.runAsGroup Group ID for the RabbitMQ container
129-
runAsGroup: 999
130-
## @param initContainer.securityContext.readOnlyRootFilesystem Mount container root filesystem as read-only
131-
readOnlyRootFilesystem: true
132-
## @param initContainer.securityContext.capabilities.drop Linux capabilities to be dropped
133-
capabilities:
134-
drop:
135-
- ALL
136121

137122
## @section Metrics configuration
138123
metrics:
@@ -218,18 +203,18 @@ tolerations: []
218203
## @param affinity Affinity settings for pod assignment
219204
affinity: {}
220205

221-
securityContext:
222-
## @param securityContext.allowPrivilegeEscalation Enable container privilege escalation
206+
containerSecurityContext:
207+
## @param containerSecurityContext.allowPrivilegeEscalation Enable container privilege escalation
223208
allowPrivilegeEscalation: false
224-
## @param securityContext.runAsNonRoot Configure the container to run as a non-root user
209+
## @param containerSecurityContext.runAsNonRoot Configure the container to run as a non-root user
225210
runAsNonRoot: true
226-
## @param securityContext.runAsUser User ID for the RabbitMQ container
211+
## @param containerSecurityContext.runAsUser User ID for the RabbitMQ container
227212
runAsUser: 999
228-
## @param securityContext.runAsGroup Group ID for the RabbitMQ container
213+
## @param containerSecurityContext.runAsGroup Group ID for the RabbitMQ container
229214
runAsGroup: 999
230-
## @param securityContext.readOnlyRootFilesystem Mount container root filesystem as read-only
215+
## @param containerSecurityContext.readOnlyRootFilesystem Mount container root filesystem as read-only
231216
readOnlyRootFilesystem: true
232-
## @param securityContext.capabilities.drop Linux capabilities to be dropped
217+
## @param containerSecurityContext.capabilities.drop Linux capabilities to be dropped
233218
capabilities:
234219
drop:
235220
- ALL

charts/valkey/values.schema.json

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -121,7 +121,7 @@
121121
}
122122
}
123123
},
124-
"securityContext": {
124+
"containerSecurityContext": {
125125
"type": "object",
126126
"title": "Security Context",
127127
"description": "Security context for the container",

0 commit comments

Comments
 (0)