search

bitnami / charts

Bitnami Helm Charts
https://bitnami.com
Other
9k stars 9.22k forks source link

Password is literally "CHANGEME" after install of rabbitmq #6754

Closed aalexgabi closed 3 years ago

aalexgabi commented 3 years ago

I tried using the secret password "jCMzkLnhQD" but it didn't work. Then I just tried for fun CHANGEME and it worked.

Install command:

helm install --debug rabbitmq bitnami/rabbitmq --create-namespace -n rmq --version 8.6.1 -f values.yaml

Values:

replicaCount: 3

image:
  tag: 3.8.17-debian-10-r10

tolerations:
  - key: pool
    operator: Equal
    value: static
    effect: NoExecute

service:
  type: LoadBalancer
  loadBalancerIP: 10.164.15.195
  annotations:
    # Do not expose to internet
    cloud.google.com/load-balancer-type: Internal
    # Enables access from other regions
    networking.gke.io/internal-load-balancer-allow-global-access: "true"

ingress:
  enabled: true
  tls: true
  certManager: true
  hostname: example.com
  annotations:
    kubernetes.io/ingress.class: nginx
    cert-manager.io/cluster-issuer: letsencrypt

Debug:

NAME: rabbitmq
LAST DEPLOYED: Thu Jun 24 21:31:20 2021
NAMESPACE: rmq
STATUS: deployed
REVISION: 1
TEST SUITE: None
USER-SUPPLIED VALUES:
image:
  tag: 3.8.17-debian-10-r10
ingress:
  annotations:
    cert-manager.io/cluster-issuer: letsencrypt
    kubernetes.io/ingress.class: nginx
  certManager: true
  enabled: true
  hostname: example.com
  tls: true
replicaCount: 3
service:
  annotations:
    cloud.google.com/load-balancer-type: Internal
    networking.gke.io/internal-load-balancer-allow-global-access: "true"
  loadBalancerIP: 10.164.15.195
  type: LoadBalancer
tolerations:
- effect: NoExecute
  key: pool
  operator: Equal
  value: static

COMPUTED VALUES:
advancedConfiguration: ""
affinity: {}
auth:
  tls:
    caCertificate: ""
    enabled: false
    failIfNoPeerCert: true
    serverCertificate: ""
    serverKey: ""
    sslOptionsVerify: verify_peer
  username: user
clusterDomain: cluster.local
clustering:
  addressType: hostname
  forceBoot: false
  rebalance: false
common:
  exampleValue: common-chart
  global: {}
configuration: |-
  ## Username and password
  default_user = {{ .Values.auth.username }}
  default_pass = CHANGEME
  ## Clustering
  cluster_formation.peer_discovery_backend  = rabbit_peer_discovery_k8s
  cluster_formation.k8s.host = kubernetes.default.svc.{{ .Values.clusterDomain }}
  cluster_formation.node_cleanup.interval = 10
  cluster_formation.node_cleanup.only_log_warning = true
  cluster_partition_handling = autoheal
  # queue master locator
  queue_master_locator = min-masters
  # enable guest user
  loopback_users.guest = false
  {{ tpl .Values.extraConfiguration . }}
  {{- if .Values.auth.tls.enabled }}
  ssl_options.verify = {{ .Values.auth.tls.sslOptionsVerify }}
  listeners.ssl.default = {{ .Values.service.tlsPort }}
  ssl_options.fail_if_no_peer_cert = {{ .Values.auth.tls.failIfNoPeerCert }}
  ssl_options.cacertfile = /opt/bitnami/rabbitmq/certs/ca_certificate.pem
  ssl_options.certfile = /opt/bitnami/rabbitmq/certs/server_certificate.pem
  ssl_options.keyfile = /opt/bitnami/rabbitmq/certs/server_key.pem
  {{- end }}
  {{- if .Values.ldap.enabled }}
  auth_backends.1 = rabbit_auth_backend_ldap
  auth_backends.2 = internal
  {{- range $index, $server := .Values.ldap.servers }}
  auth_ldap.servers.{{ add $index 1 }} = {{ $server }}
  {{- end }}
  auth_ldap.port = {{ .Values.ldap.port }}
  auth_ldap.user_dn_pattern = {{ .Values.ldap.user_dn_pattern  }}
  {{- if .Values.ldap.tls.enabled }}
  auth_ldap.use_ssl = true
  {{- end }}
  {{- end }}
  {{- if .Values.metrics.enabled }}
  ## Prometheus metrics
  prometheus.tcp.port = 9419
  {{- end }}
  {{- if .Values.memoryHighWatermark.enabled }}
  ## Memory Threshold
  total_memory_available_override_value = {{ include "rabbitmq.toBytes" .Values.resources.limits.memory }}
  vm_memory_high_watermark.{{ .Values.memoryHighWatermark.type }} = {{ .Values.memoryHighWatermark.value }}
  {{- end }}
containerSecurityContext: {}
customLivenessProbe: {}
customReadinessProbe: {}
customStartupProbe: {}
extraConfiguration: |-
  #default_vhost = {{ .Release.Namespace }}-vhost
  #disk_free_limit.absolute = 50MB
  #load_definitions = /app/load_definition.json
extraContainerPorts: []
extraEnvVars: []
extraPlugins: rabbitmq_auth_backend_ldap
extraSecrets: {}
extraVolumeMounts: []
extraVolumes: []
image:
  debug: false
  pullPolicy: IfNotPresent
  registry: docker.io
  repository: bitnami/rabbitmq
  tag: 3.8.17-debian-10-r10
ingress:
  annotations:
    cert-manager.io/cluster-issuer: letsencrypt
    kubernetes.io/ingress.class: nginx
  certManager: true
  enabled: true
  hostname: example.com
  path: /
  secrets: []
  tls: true
initContainers: {}
ldap:
  enabled: false
  port: "389"
  servers: []
  tls:
    enabled: false
  user_dn_pattern: cn=${username},dc=example,dc=org
livenessProbe:
  enabled: true
  failureThreshold: 6
  initialDelaySeconds: 120
  periodSeconds: 30
  successThreshold: 1
  timeoutSeconds: 20
loadDefinition:
  enabled: false
logs: '-'
memoryHighWatermark:
  enabled: false
  type: relative
  value: 0.4
metrics:
  enabled: false
  plugins: rabbitmq_prometheus
  podAnnotations:
    prometheus.io/port: '{{ .Values.service.metricsPort }}'
    prometheus.io/scrape: "true"
  prometheusRule:
    additionalLabels: {}
    enabled: false
    namespace: ""
    rules: []
  serviceMonitor:
    additionalLabels: {}
    enabled: false
    honorLabels: false
    interval: 30s
networkPolicy:
  allowExternal: true
  enabled: false
nodeAffinityPreset:
  key: ""
  type: ""
  values: []
nodeSelector: {}
pdb:
  create: false
  minAvailable: 1
persistence:
  accessMode: ReadWriteOnce
  enabled: true
  selector: {}
  size: 8Gi
  volumes: null
plugins: rabbitmq_management rabbitmq_peer_discovery_k8s
podAffinityPreset: ""
podAnnotations: {}
podAntiAffinityPreset: soft
podLabels: {}
podManagementPolicy: OrderedReady
podSecurityContext:
  fsGroup: 1001
  runAsUser: 1001
priorityClassName: ""
rbac:
  create: true
readinessProbe:
  enabled: true
  failureThreshold: 3
  initialDelaySeconds: 10
  periodSeconds: 30
  successThreshold: 1
  timeoutSeconds: 20
replicaCount: 3
resources:
  limits: {}
  requests: {}
service:
  annotations:
    cloud.google.com/load-balancer-type: Internal
    networking.gke.io/internal-load-balancer-allow-global-access: "true"
  distPort: 25672
  distPortName: dist
  epmdPortName: epmd
  externalTrafficPolicy: Cluster
  extraPorts: []
  labels: {}
  loadBalancerIP: 10.164.15.195
  managerPort: 15672
  managerPortName: http-stats
  metricsPort: 9419
  metricsPortName: metrics
  port: 5672
  portName: amqp
  tlsPort: 5671
  tlsPortName: amqp-ssl
  type: LoadBalancer
serviceAccount:
  create: true
sidecars: {}
statefulsetLabels: {}
terminationGracePeriodSeconds: 120
tolerations:
- effect: NoExecute
  key: pool
  operator: Equal
  value: static
ulimitNofiles: "65536"
updateStrategyType: RollingUpdate
volumePermissions:
  enabled: false
  image:
    pullPolicy: Always
    pullSecrets: []
    registry: docker.io
    repository: bitnami/minideb
    tag: buster
  resources:
    limits: {}
    requests: {}

HOOKS:
MANIFEST:
---
# Source: rabbitmq/templates/serviceaccount.yaml
apiVersion: v1
kind: ServiceAccount
metadata:
  name: rabbitmq
  namespace: "rmq"
  labels:
    app.kubernetes.io/name: rabbitmq
    helm.sh/chart: rabbitmq-8.6.1
    app.kubernetes.io/instance: rabbitmq
    app.kubernetes.io/managed-by: Helm
secrets:
  - name: rabbitmq
---
# Source: rabbitmq/templates/secrets.yaml
apiVersion: v1
kind: Secret
metadata:
  name: rabbitmq
  namespace: "rmq"
  labels:
    app.kubernetes.io/name: rabbitmq
    helm.sh/chart: rabbitmq-8.6.1
    app.kubernetes.io/instance: rabbitmq
    app.kubernetes.io/managed-by: Helm
type: Opaque
data:
  rabbitmq-password: "akNNemtMbmhRRA=="
  rabbitmq-erlang-cookie: "cEpDUTE1R2hBRE5tR2pqZkJBZGVBcThYdlVwS2JPSDE="
---
# Source: rabbitmq/templates/configuration.yaml
apiVersion: v1
kind: ConfigMap
metadata:
  name: rabbitmq-config
  namespace: "rmq"
  labels:
    app.kubernetes.io/name: rabbitmq
    helm.sh/chart: rabbitmq-8.6.1
    app.kubernetes.io/instance: rabbitmq
    app.kubernetes.io/managed-by: Helm
data:
  rabbitmq.conf: |-
    ## Username and password
    default_user = user
    default_pass = CHANGEME
    ## Clustering
    cluster_formation.peer_discovery_backend  = rabbit_peer_discovery_k8s
    cluster_formation.k8s.host = kubernetes.default.svc.cluster.local
    cluster_formation.node_cleanup.interval = 10
    cluster_formation.node_cleanup.only_log_warning = true
    cluster_partition_handling = autoheal
    # queue master locator
    queue_master_locator = min-masters
    # enable guest user
    loopback_users.guest = false
    #default_vhost = rmq-vhost
    #disk_free_limit.absolute = 50MB
    #load_definitions = /app/load_definition.json
---
# Source: rabbitmq/templates/role.yaml
kind: Role
apiVersion: rbac.authorization.k8s.io/v1
metadata:
  name: rabbitmq-endpoint-reader
  namespace: "rmq"
  labels:
    app.kubernetes.io/name: rabbitmq
    helm.sh/chart: rabbitmq-8.6.1
    app.kubernetes.io/instance: rabbitmq
    app.kubernetes.io/managed-by: Helm
rules:
  - apiGroups: [""]
    resources: ["endpoints"]
    verbs: ["get"]
  - apiGroups: [""]
    resources: ["events"]
    verbs: ["create"]
---
# Source: rabbitmq/templates/rolebinding.yaml
kind: RoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
  name: rabbitmq-endpoint-reader
  namespace: "rmq"
  labels:
    app.kubernetes.io/name: rabbitmq
    helm.sh/chart: rabbitmq-8.6.1
    app.kubernetes.io/instance: rabbitmq
    app.kubernetes.io/managed-by: Helm
subjects:
  - kind: ServiceAccount
    name: rabbitmq
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: Role
  name: rabbitmq-endpoint-reader
---
# Source: rabbitmq/templates/svc-headless.yaml
apiVersion: v1
kind: Service
metadata:
  name: rabbitmq-headless
  namespace: "rmq"
  labels:
    app.kubernetes.io/name: rabbitmq
    helm.sh/chart: rabbitmq-8.6.1
    app.kubernetes.io/instance: rabbitmq
    app.kubernetes.io/managed-by: Helm
spec:
  clusterIP: None
  ports:
    - name: epmd
      port: 4369
      targetPort: epmd
    - name: amqp
      port: 5672
      targetPort: amqp
    - name: dist
      port: 25672
      targetPort: dist
    - name: http-stats
      port: 15672
      targetPort: stats
  selector: 
    app.kubernetes.io/name: rabbitmq
    app.kubernetes.io/instance: rabbitmq
---
# Source: rabbitmq/templates/svc.yaml
apiVersion: v1
kind: Service
metadata:
  name: rabbitmq
  namespace: "rmq"
  labels:
    app.kubernetes.io/name: rabbitmq
    helm.sh/chart: rabbitmq-8.6.1
    app.kubernetes.io/instance: rabbitmq
    app.kubernetes.io/managed-by: Helm
  annotations:
    cloud.google.com/load-balancer-type: Internal
    networking.gke.io/internal-load-balancer-allow-global-access: "true"
spec:
  type: LoadBalancer
  loadBalancerIP: 10.164.15.195
  externalTrafficPolicy: "Cluster"
  ports:
    - name: amqp
      port: 5672
      targetPort: amqp
    - name: epmd
      port: 4369
      targetPort: epmd
    - name: dist
      port: 25672
      targetPort: dist
    - name: http-stats
      port: 15672
      targetPort: stats
  selector: 
    app.kubernetes.io/name: rabbitmq
    app.kubernetes.io/instance: rabbitmq
---
# Source: rabbitmq/templates/statefulset.yaml
apiVersion: apps/v1
kind: StatefulSet
metadata:
  name: rabbitmq
  namespace: "rmq"
  labels:
    app.kubernetes.io/name: rabbitmq
    helm.sh/chart: rabbitmq-8.6.1
    app.kubernetes.io/instance: rabbitmq
    app.kubernetes.io/managed-by: Helm
spec:
  serviceName: rabbitmq-headless
  podManagementPolicy: OrderedReady
  replicas: 3
  updateStrategy:
    type: RollingUpdate
  selector:
    matchLabels:
      app.kubernetes.io/name: rabbitmq
      app.kubernetes.io/instance: rabbitmq
  template:
    metadata:
      labels:
        app.kubernetes.io/name: rabbitmq
        helm.sh/chart: rabbitmq-8.6.1
        app.kubernetes.io/instance: rabbitmq
        app.kubernetes.io/managed-by: Helm
      annotations:
        checksum/config: 7ab8ec8303801f521336d27329bbd168c4f917c718d1b8154c0aa6921c6ae917
        checksum/secret: fc0653cc8e737ea36de92e51ac66786523c0cdc68bb71ec7627f21fefa9d0c81
    spec:

      serviceAccountName: rabbitmq
      affinity:
        podAffinity:

        podAntiAffinity:
          preferredDuringSchedulingIgnoredDuringExecution:
            - podAffinityTerm:
                labelSelector:
                  matchLabels:
                    app.kubernetes.io/name: rabbitmq
                    app.kubernetes.io/instance: rabbitmq
                namespaces:
                  - rmq
                topologyKey: kubernetes.io/hostname
              weight: 1
        nodeAffinity:

      tolerations:
        - effect: NoExecute
          key: pool
          operator: Equal
          value: static
      securityContext:
        fsGroup: 1001
        runAsUser: 1001
      terminationGracePeriodSeconds: 120
      containers:
        - name: rabbitmq
          image: docker.io/bitnami/rabbitmq:3.8.17-debian-10-r10
          imagePullPolicy: "IfNotPresent"
          env:
            - name: BITNAMI_DEBUG
              value: "false"
            - name: MY_POD_IP
              valueFrom:
                fieldRef:
                  fieldPath: status.podIP
            - name: MY_POD_NAME
              valueFrom:
                fieldRef:
                  fieldPath: metadata.name
            - name: MY_POD_NAMESPACE
              valueFrom:
                fieldRef:
                  fieldPath: metadata.namespace
            - name: K8S_SERVICE_NAME
              value: "rabbitmq-headless"
            - name: K8S_ADDRESS_TYPE
              value: hostname
            - name: RABBITMQ_FORCE_BOOT
              value: "no"
            - name: RABBITMQ_NODE_NAME
              value: "rabbit@$(MY_POD_NAME).$(K8S_SERVICE_NAME).$(MY_POD_NAMESPACE).svc.cluster.local"
            - name: K8S_HOSTNAME_SUFFIX
              value: ".$(K8S_SERVICE_NAME).$(MY_POD_NAMESPACE).svc.cluster.local"
            - name: RABBITMQ_MNESIA_DIR
              value: "/bitnami/rabbitmq/mnesia/$(RABBITMQ_NODE_NAME)"
            - name: RABBITMQ_LDAP_ENABLE
              value: "no"
            - name: RABBITMQ_LOGS
              value: "-"
            - name: RABBITMQ_ULIMIT_NOFILES
              value: "65536"
            - name: RABBITMQ_USE_LONGNAME
              value: "true"
            - name: RABBITMQ_ERL_COOKIE
              valueFrom:
                secretKeyRef:
                  name: rabbitmq
                  key: rabbitmq-erlang-cookie
            - name: RABBITMQ_USERNAME
              value: "user"
            - name: RABBITMQ_PASSWORD
              valueFrom:
                secretKeyRef:
                  name: rabbitmq
                  key: rabbitmq-password
            - name: RABBITMQ_PLUGINS
              value: "rabbitmq_management, rabbitmq_peer_discovery_k8s, rabbitmq_auth_backend_ldap"
          ports:
            - name: amqp
              containerPort: 5672
            - name: dist
              containerPort: 25672
            - name: stats
              containerPort: 15672
            - name: epmd
              containerPort: 4369
          livenessProbe:
            exec:
              command:
                - /bin/bash
                - -ec
                - rabbitmq-diagnostics -q ping
            initialDelaySeconds: 120
            periodSeconds: 30
            timeoutSeconds: 20
            successThreshold: 1
            failureThreshold: 6
          readinessProbe:
            exec:
              command:
                - /bin/bash
                - -ec
                - rabbitmq-diagnostics -q check_running && rabbitmq-diagnostics -q check_local_alarms
            initialDelaySeconds: 10
            periodSeconds: 30
            timeoutSeconds: 20
            successThreshold: 1
            failureThreshold: 3
          resources:
            limits: {}
            requests: {}
          lifecycle:
            preStop:
              exec:
                command:
                  - /bin/bash
                  - -ec
                  - |
                    if [[ -f /opt/bitnami/scripts/rabbitmq/nodeshutdown.sh ]]; then
                        /opt/bitnami/scripts/rabbitmq/nodeshutdown.sh -t "120" -d  "false"
                    else
                        rabbitmqctl stop_app
                    fi
          volumeMounts:
            - name: configuration
              mountPath: /bitnami/rabbitmq/conf
            - name: data
              mountPath: /bitnami/rabbitmq/mnesia
      volumes:
        - name: configuration
          configMap:
            name: rabbitmq-config
            items:
              - key: rabbitmq.conf
                path: rabbitmq.conf
  volumeClaimTemplates:
    - metadata:
        name: data
        labels:
          app.kubernetes.io/name: rabbitmq
          app.kubernetes.io/instance: rabbitmq
      spec:
        accessModes:
          - "ReadWriteOnce"
        resources:
          requests:
            storage: "8Gi"
---
# Source: rabbitmq/templates/ingress.yaml
apiVersion: networking.k8s.io/v1beta1
kind: Ingress
metadata:
  name: rabbitmq
  namespace: "rmq"
  labels:
    app.kubernetes.io/name: rabbitmq
    helm.sh/chart: rabbitmq-8.6.1
    app.kubernetes.io/instance: rabbitmq
    app.kubernetes.io/managed-by: Helm
  annotations:
    kubernetes.io/tls-acme: "true"

    cert-manager.io/cluster-issuer: letsencrypt
    kubernetes.io/ingress.class: nginx
spec:
  rules:
    - host: example.com
      http:
        paths:
          - path: /
            backend:
              serviceName: rabbitmq
              servicePort: http-stats
  tls:
    - hosts:
        - example.com
      secretName: example.com-tls

NOTES:
** Please be patient while the chart is being deployed **

Credentials:

    echo "Username      : user"
    echo "Password      : $(kubectl get secret --namespace rmq rabbitmq -o jsonpath="{.data.rabbitmq-password}" | base64 --decode)"
    echo "ErLang Cookie : $(kubectl get secret --namespace rmq rabbitmq -o jsonpath="{.data.rabbitmq-erlang-cookie}" | base64 --decode)"

RabbitMQ can be accessed within the cluster on port  at rabbitmq.rmq.svc.

To access for outside the cluster, perform the following steps:

To Access the RabbitMQ AMQP port:

1. Obtain the LoadBalancer IP:

NOTE: It may take a few minutes for the LoadBalancer IP to be available.
      Watch the status with: 'kubectl get svc --namespace rmq -w rabbitmq'

    export SERVICE_IP=$(kubectl get svc --namespace rmq rabbitmq --template "{{ range (index .status.loadBalancer.ingress 0) }}{{.}}{{ end }}")
    echo "URL : amqp://$SERVICE_IP:5672/"

2. Access RabbitMQ using using the obtained URL.

To Access the RabbitMQ Management interface:

1. Get the RabbitMQ Management URL and associate its hostname to your cluster external IP:

   export CLUSTER_IP=$(minikube ip) # On Minikube. Use: `kubectl cluster-info` on others K8s clusters
   echo "RabbitMQ Management: https://example.com/"
   echo "$CLUSTER_IP  example.com" | sudo tee -a /etc/hosts

2. Open a browser and access RabbitMQ Management using the obtained URL.
javsalgar commented 3 years ago

Hi,

Could you try using version 8.16.0 of the chart with the same values? I'm missing some important env vars in the rendered yaml.

aalexgabi commented 3 years ago

@javsalgar Thank you!

It works with 8.16.0. I'm not experienced with helm but how do you keep track of what chart version is compatible with what containers? I had issues related to this twice yesterday and I don't see any compatibility matrix between the chart versions and the docker image tags. I don't understand as a helm user how I'm supposed to know what combination of versions is supposed to work (supported/tested). Am I supposed to use the default version in the chart version always?

I guess I should close but I'm curious if there is something I'm missing.

javsalgar commented 3 years ago

Thank you so much for the feedback. We would like to provide a clearer explanation of the versions we tested and the upgrade paths that we tested too. The version that is tested when releasing is the one shown in the values.yaml file. We also test upgrades inside the same major. For example, in this case we tested that the upgrade from 8.0.0 to 8.16.0 works without issues.