diff --git a/charts/rabbitmq/Chart.yaml b/charts/rabbitmq/Chart.yaml index 16e0af3..d0506cb 100644 --- a/charts/rabbitmq/Chart.yaml +++ b/charts/rabbitmq/Chart.yaml @@ -3,5 +3,5 @@ name: rabbitmq description: RabbitMQ Helm chart using the RabbitMQ Cluster Operator type: application -version: 0.1.0 +version: 0.2.0 appVersion: "1.0.0" diff --git a/charts/rabbitmq/README.md b/charts/rabbitmq/README.md index 582c5e0..842c815 100644 --- a/charts/rabbitmq/README.md +++ b/charts/rabbitmq/README.md @@ -29,6 +29,97 @@ helm install my-rabbitmq oci://ghcr.io/helmcode/helm-charts/rabbitmq | `spec.service.type` | Kubernetes service type | `ClusterIP` | | `spec.persistence.storageClassName` | Storage class for PVCs | `gp2` | | `spec.persistence.storage` | Storage size per replica | `10Gi` | +| `loadBalancer.enabled` | Enable optional LoadBalancer Service | `false` | +| `loadBalancer.type` | Service type (LoadBalancer or NodePort) | `LoadBalancer` | +| `loadBalancer.annotations` | Cloud provider annotations | `{}` | +| `loadBalancer.loadBalancerSourceRanges` | IP ranges allowed to access the LoadBalancer | `[]` | +| `loadBalancer.ports.amqp.port` | AMQP port | `5672` | +| `loadBalancer.ports.management.port` | Management UI port | `15672` | + +### LoadBalancer Configuration + +By default, the RabbitMQ Cluster Operator creates a ClusterIP service for internal cluster access. For external access (e.g., connecting from local development via VPN), you can enable an optional LoadBalancer Service. + +**Important**: LoadBalancer services may incur cloud provider costs. This feature is disabled by default. + +#### Enable LoadBalancer + +```yaml +loadBalancer: + enabled: true +``` + +#### AWS Configuration (Internal NLB) + +For AWS environments with VPN access, configure an internal Network Load Balancer: + +```yaml +loadBalancer: + enabled: true + annotations: + service.beta.kubernetes.io/aws-load-balancer-type: "nlb" + service.beta.kubernetes.io/aws-load-balancer-internal: "true" + service.beta.kubernetes.io/aws-load-balancer-scheme: "internal" + loadBalancerSourceRanges: + - "10.0.0.0/8" # VPN CIDR block +``` + +#### GCP Configuration (Internal Load Balancer) + +For GCP environments: + +```yaml +loadBalancer: + enabled: true + annotations: + cloud.google.com/load-balancer-type: "Internal" + loadBalancerSourceRanges: + - "10.0.0.0/8" # VPN CIDR block +``` + +#### Azure Configuration (Internal Load Balancer) + +For Azure environments: + +```yaml +loadBalancer: + enabled: true + annotations: + service.beta.kubernetes.io/azure-load-balancer-internal: "true" + loadBalancerSourceRanges: + - "10.0.0.0/8" # VPN CIDR block +``` + +#### Access Restrictions + +Use `loadBalancerSourceRanges` to restrict access to specific IP ranges (e.g., your VPN CIDR blocks): + +```yaml +loadBalancer: + enabled: true + loadBalancerSourceRanges: + - "192.168.1.0/24" # Office network + - "10.0.0.0/8" # VPN network +``` + +#### Exposed Ports + +The LoadBalancer Service exposes: +- **5672**: AMQP protocol (client connections) +- **15672**: Management UI (web interface) + +To connect from your local machine after enabling the LoadBalancer: + +```bash +# Get the LoadBalancer external IP +kubectl get svc -rabbitmq-loadbalancer + +# Connect using AMQP client +# amqp://:5672 + +# Access Management UI in browser +# http://:15672 +``` ## Example diff --git a/charts/rabbitmq/templates/loadbalancer-service.yaml b/charts/rabbitmq/templates/loadbalancer-service.yaml new file mode 100644 index 0000000..b4aa0ba --- /dev/null +++ b/charts/rabbitmq/templates/loadbalancer-service.yaml @@ -0,0 +1,30 @@ +{{- if .Values.loadBalancer.enabled }} +apiVersion: v1 +kind: Service +metadata: + name: {{ include "rabbitmq.fullname" . }}-loadbalancer + labels: + {{- include "rabbitmq.labels" . | nindent 4 }} + {{- with .Values.loadBalancer.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} +spec: + type: {{ .Values.loadBalancer.type }} + {{- with .Values.loadBalancer.loadBalancerSourceRanges }} + loadBalancerSourceRanges: + {{- toYaml . | nindent 4 }} + {{- end }} + ports: + - name: amqp + port: {{ .Values.loadBalancer.ports.amqp.port }} + targetPort: {{ .Values.loadBalancer.ports.amqp.targetPort }} + protocol: {{ .Values.loadBalancer.ports.amqp.protocol }} + - name: management + port: {{ .Values.loadBalancer.ports.management.port }} + targetPort: {{ .Values.loadBalancer.ports.management.targetPort }} + protocol: {{ .Values.loadBalancer.ports.management.protocol }} + selector: + app.kubernetes.io/name: {{ include "rabbitmq.fullname" . }} + app.kubernetes.io/component: rabbitmq +{{- end }} diff --git a/charts/rabbitmq/values.yaml b/charts/rabbitmq/values.yaml index cb5e0a5..43fbb3f 100644 --- a/charts/rabbitmq/values.yaml +++ b/charts/rabbitmq/values.yaml @@ -6,3 +6,31 @@ spec: persistence: storageClassName: gp2 storage: 10Gi + +# Optional LoadBalancer Service for external access (e.g., VPN connections) +# This creates a separate service alongside the operator's default ClusterIP service +loadBalancer: + enabled: false + # Cloud provider annotations (e.g., AWS NLB, internal LB, etc.) + annotations: {} + # Example for AWS internal NLB: + # service.beta.kubernetes.io/aws-load-balancer-type: "nlb" + # service.beta.kubernetes.io/aws-load-balancer-internal: "true" + # service.beta.kubernetes.io/aws-load-balancer-scheme: "internal" + # Restrict access to specific IP ranges (e.g., VPN CIDR blocks) + loadBalancerSourceRanges: [] + # Example: + # - "10.0.0.0/8" + # - "192.168.1.0/24" + # Service type (usually LoadBalancer, but can be NodePort for testing) + type: LoadBalancer + # Port configurations + ports: + amqp: + port: 5672 + targetPort: 5672 + protocol: TCP + management: + port: 15672 + targetPort: 15672 + protocol: TCP