Initial AMQ Broker Operator commit

Co-authored-by: Robert Grimm <[email protected]> Co-authored-by: Joe Strickland <[email protected]>
redhat-cop · Aug 20, 2024 · df751cb · df751cb
1 parent 7f13097
commit df751cb
Show file tree

Hide file tree

Showing 122 changed files with 2,945 additions and 0 deletions.
diff --git a/amq-broker-operator/.editorconfig b/amq-broker-operator/.editorconfig
@@ -0,0 +1,8 @@
+# AMQ Broker Operator EditorConfig File
+
+[*]
+end_of_line = lf
+indent_style = space
+indent_size = 2
+insert_final_newline = true
+trim_trailing_whitespace = true
diff --git a/amq-broker-operator/examples/amq-cluster-basic/kustomization.yaml b/amq-broker-operator/examples/amq-cluster-basic/kustomization.yaml
@@ -0,0 +1,33 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+
+namespace: amq-cluster-basic
+
+resources:
+  - namespace.yaml
+  - operator-group.yaml
+  - ../../operator/overlays/v7.12
+  - ../../instance/overlays/clustered-ephemeral
+
+components:
+  - ../../instance/components/addresses
+  - ../../instance/components/authentication/guest
+
+patches:
+  - target:
+      group: broker.amq.io
+      version: v1beta1
+      kind: ActiveMQArtemis
+      name: default
+    patch: |-
+      - op: replace
+        path: /spec/console/expose
+        value: true
+
+      - op: add
+        path: /spec/adminUser
+        value: admin
+      - op: add
+        path: /spec/adminPassword
+        value: example
+
diff --git a/amq-broker-operator/examples/amq-cluster-basic/namespace.yaml b/amq-broker-operator/examples/amq-cluster-basic/namespace.yaml
@@ -0,0 +1,4 @@
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: amq-cluster-basic
diff --git a/amq-broker-operator/examples/amq-cluster-basic/operator-group.yaml b/amq-broker-operator/examples/amq-cluster-basic/operator-group.yaml
@@ -0,0 +1,8 @@
+apiVersion: operators.coreos.com/v1
+kind: OperatorGroup
+metadata:
+  name: default
+  namespace: amq-cluster-basic
+spec:
+  targetNamespaces:
+    - amq-cluster-basic
diff --git a/amq-broker-operator/examples/amq-cluster-ssl-init-self-signed/kustomization.yaml b/amq-broker-operator/examples/amq-cluster-ssl-init-self-signed/kustomization.yaml
@@ -0,0 +1,52 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+
+namespace: amq-cluster-ssl
+
+resources:
+  - namespace.yaml
+  - operator-group.yaml
+  - ../../operator/overlays/v7.12
+  - ../../instance/overlays/clustered-ephemeral-tls-init-container
+
+components:
+  - ../../instance/components/addresses
+  - ../../instance/components/authentication/guest
+  - ../../instance/components/logging/claim-template
+  - ../../instance/components/metrics/address-metrics
+  - ../../instance/components/metrics/broker-internal/jvm
+  - ../../instance/components/metrics/broker-external/prometheus
+
+patches:
+  - target:
+      group: broker.amq.io
+      version: v1beta1
+      kind: ActiveMQArtemis
+      name: default
+    patch: |-
+      - op: replace
+        path: /metadata/name
+        value: amq-cluster-ssl
+
+      - op: replace
+        path: /spec/console/expose
+        value: true
+
+      - op: add
+        path: /spec/adminUser
+        value: admin
+      - op: add
+        path: /spec/adminPassword
+        value: example
+  - target:
+      group: monitoring.coreos.com
+      version: v1
+      kind: ServiceMonitor
+      name: default
+    patch: |-
+      - op: replace
+        path: /metadata/name
+        value: amq-cluster-ssl-prometheus-sm
+      - op: replace
+        path: /spec/selector/matchLabels/application
+        value: amq-cluster-ssl
diff --git a/amq-broker-operator/examples/amq-cluster-ssl-init-self-signed/namespace.yaml b/amq-broker-operator/examples/amq-cluster-ssl-init-self-signed/namespace.yaml
@@ -0,0 +1,4 @@
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: amq-cluster-ssl
diff --git a/amq-broker-operator/examples/amq-cluster-ssl-init-self-signed/operator-group.yaml b/amq-broker-operator/examples/amq-cluster-ssl-init-self-signed/operator-group.yaml
@@ -0,0 +1,8 @@
+apiVersion: operators.coreos.com/v1
+kind: OperatorGroup
+metadata:
+  name: default
+  namespace: amq-cluster-ssl
+spec:
+  targetNamespaces:
+    - amq-cluster-ssl
diff --git a/amq-broker-operator/examples/amq-cluster-ssl-letsencrypt/kustomization.yaml b/amq-broker-operator/examples/amq-cluster-ssl-letsencrypt/kustomization.yaml
@@ -0,0 +1,76 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+
+namespace: amq-cluster-ssl
+
+resources:
+  - namespace.yaml
+  - operator-group.yaml
+  - ../../operator/overlays/v7.12
+  - ../../instance/overlays/clustered-ephemeral-tls-letsencrypt
+
+components:
+  - ../../instance/components/addresses
+  - ../../instance/components/authentication/guest
+  - ../../instance/components/logging/claim-template
+  - ../../instance/components/metrics/address-metrics
+  - ../../instance/components/metrics/broker-internal/jvm
+  - ../../instance/components/metrics/broker-external/prometheus
+
+patches:
+  - target:
+      group: broker.amq.io
+      version: v1beta1
+      kind: ActiveMQArtemis
+      name: default
+    patch: |-
+      - op: replace
+        path: /metadata/name
+        value: amq-cluster-ssl
+
+      - op: replace
+        path: /spec/console/expose
+        value: true
+
+      - op: add
+        path: /spec/adminUser
+        value: admin
+      - op: add
+        path: /spec/adminPassword
+        value: example
+  - target:
+      group: cert-manager.io
+      version: v1
+      kind: Certificate
+      name: console-ssl-certificate
+    patch: |-
+      - op: replace
+        path: /spec/dnsNames
+        value:
+          - amq-cluster-ssl-wconsj-0-svc-rte-amq-cluster-ssl.apps.cluster.example.com
+          - amq-cluster-ssl-wconsj-1-svc-rte-amq-cluster-ssl.apps.cluster.example.com
+          - amq-cluster-ssl-wconsj-2-svc-rte-amq-cluster-ssl.apps.cluster.example.com
+  - target:
+      group: cert-manager.io
+      version: v1
+      kind: Certificate
+      name: acceptor-ssl-certificate
+    patch: |-
+      - op: replace
+        path: /spec/dnsNames
+        value:
+          - amq-cluster-ssl-ssl-0-svc-rte-amq-cluster-ssl.apps.cluster.example.com
+          - amq-cluster-ssl-ssl-1-svc-rte-amq-cluster-ssl.apps.cluster.example.com
+          - amq-cluster-ssl-ssl-2-svc-rte-amq-cluster-ssl.apps.cluster.example.com
+  - target:
+      group: monitoring.coreos.com
+      version: v1
+      kind: ServiceMonitor
+      name: default
+    patch: |-
+      - op: replace
+        path: /metadata/name
+        value: amq-cluster-ssl-prometheus-sm
+      - op: replace
+        path: /spec/selector/matchLabels/application
+        value: amq-cluster-ssl
diff --git a/amq-broker-operator/examples/amq-cluster-ssl-letsencrypt/namespace.yaml b/amq-broker-operator/examples/amq-cluster-ssl-letsencrypt/namespace.yaml
@@ -0,0 +1,4 @@
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: amq-cluster-ssl
diff --git a/amq-broker-operator/examples/amq-cluster-ssl-letsencrypt/operator-group.yaml b/amq-broker-operator/examples/amq-cluster-ssl-letsencrypt/operator-group.yaml
@@ -0,0 +1,8 @@
+apiVersion: operators.coreos.com/v1
+kind: OperatorGroup
+metadata:
+  name: default
+  namespace: amq-cluster-ssl
+spec:
+  targetNamespaces:
+    - amq-cluster-ssl
diff --git a/amq-broker-operator/instance/base/activemq-artemis-cr.yaml b/amq-broker-operator/instance/base/activemq-artemis-cr.yaml
@@ -0,0 +1,77 @@
+apiVersion: broker.amq.io/v1beta1
+kind: ActiveMQArtemis
+metadata:
+  name: default
+spec:
+  console:
+    expose: false
+    sslEnabled: false
+  deploymentPlan:
+    size: 1
+    resources:
+      requests: {}
+      limits: {}
+    clustered: false
+    persistenceEnabled: false
+    journalType: nio
+    requireLogin: false
+    managementRBACEnabled: true
+    enableMetricsPlugin: false
+    jolokiaAgentEnabled: false
+    messageMigration: false
+    extraMounts:
+      configMaps: []
+      secrets: []
+    extraVolumeClaimTemplates: []
+    extraVolumes: []
+    extraVolumeMounts: []
+    readinessProbe:
+      initialDelaySeconds: 5
+      periodSeconds: 5
+    livenessProbe:
+      failureThreshold: 30
+      initialDelaySeconds: 5
+      periodSeconds: 5
+    startupProbe:
+      exec:
+        command:
+          - /bin/bash
+          - '-c'
+          - >-
+            /opt/amq/bin/artemis check node
+            --up
+            --url=tcp://"$HOSTNAME":61610
+      failureThreshold: 30
+      initialDelaySeconds: 5
+      periodSeconds: 10
+      timeoutSeconds: 10
+  acceptors:
+    - # Acceptor for use with startup probe, possibly liveness probe, etc
+      name: probes
+      expose: false
+      port: 61610
+      protocols: all
+      sslEnabled: false
+  connectors: []
+  addressSettings:
+    applyRule: replace_all
+    addressSetting:
+      # Default catch-all, to be replaced or modified by overlays
+      - match: '#'
+
+        enableMetrics: false
+
+        addressFullPolicy: BLOCK
+
+        autoCreateAddresses: true
+        autoCreateQueues: true
+        autoCreateDeadLetterResources: true
+
+  env: []
+  brokerProperties:
+    # Set value that can be used to remove values from arrays in broker.properties files
+    - remove.value=-
+
+    # Even with persistenceEnabled set to false above, the broker.xml shows peristence-enabled true... override that
+    - persistenceEnabled=false
+  resourceTemplates: []
diff --git a/amq-broker-operator/instance/base/kustomization.yaml b/amq-broker-operator/instance/base/kustomization.yaml
@@ -0,0 +1,5 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+
+resources:
+  - activemq-artemis-cr.yaml
diff --git a/amq-broker-operator/instance/components/acceptors/mutual-tls/kustomization.yaml b/amq-broker-operator/instance/components/acceptors/mutual-tls/kustomization.yaml
@@ -0,0 +1,25 @@
+apiVersion: kustomize.config.k8s.io/v1alpha1
+kind: Component
+
+patches:
+  - target:
+      group: broker.amq.io
+      version: v1beta1
+      kind: ActiveMQArtemis
+      name: default
+    patch: |-
+      - op: add
+        path: /spec/acceptors/-
+        value:
+          name: ssl
+          expose: true
+          port: 61617
+          protocols: all
+
+          multicastPrefix: jms.topic.
+          anycastPrefix: jms.queue.
+
+          sslEnabled: true
+          needClientAuth: true
+          sslSecret: acceptor-ssl-keystore
+          trustSecret: acceptor-ssl-truststore
diff --git a/amq-broker-operator/instance/components/acceptors/one-way-tls/kustomization.yaml b/amq-broker-operator/instance/components/acceptors/one-way-tls/kustomization.yaml
@@ -0,0 +1,25 @@
+apiVersion: kustomize.config.k8s.io/v1alpha1
+kind: Component
+
+patches:
+  - target:
+      group: broker.amq.io
+      version: v1beta1
+      kind: ActiveMQArtemis
+      name: default
+    patch: |-
+      - op: add
+        path: /spec/acceptors/-
+        value:
+          name: ssl
+          expose: true
+          port: 61617
+          protocols: all
+
+          multicastPrefix: jms.topic.
+          anycastPrefix: jms.queue.
+
+          sslEnabled: true
+          needClientAuth: false
+          sslSecret: acceptor-ssl-keystore
+          trustSecret: acceptor-ssl-truststore
diff --git a/amq-broker-operator/instance/components/addresses/broker-address-security-bp.yaml b/amq-broker-operator/instance/components/addresses/broker-address-security-bp.yaml
@@ -0,0 +1,15 @@
+apiVersion: v1
+kind: Secret
+metadata:
+  name: broker-address-security-bp
+type: Opaque
+stringData:
+  brokerProperties: |
+    securityRoles.#.group2.send=true
+    securityRoles.#.group1.consume=true
+    securityRoles.#.group1.createAddress=true
+    securityRoles.#.group1.createNonDurableQueue=true
+    securityRoles.#.group1.browse=true
+
+    # FQQN example. Colon (:) is a reserved character and must be escaped
+    'securityRoles."my-address\:\:my-queue".group2.send=true'
diff --git a/amq-broker-operator/instance/components/addresses/broker-address-settings-bp.yaml b/amq-broker-operator/instance/components/addresses/broker-address-settings-bp.yaml
@@ -0,0 +1,12 @@
+apiVersion: v1
+kind: Secret
+metadata:
+  name: broker-address-settings-bp
+type: Opaque
+stringData:
+  address-settings.broker.properties: |
+    addressSettings."EXAMPLE.ADDRESS.#".name=EXAMPLE.ADDRESS.#
+    addressSettings."EXAMPLE.ADDRESS.#".autoCreateAddresses=false
+
+    addressSettings."EXAMPLE.ADDRESS.2".name=EXAMPLE.ADDRESS.2
+    addressSettings."EXAMPLE.ADDRESS.2".autoCreateQueues=false
diff --git a/amq-broker-operator/instance/components/addresses/broker-addresses-bp.yaml b/amq-broker-operator/instance/components/addresses/broker-addresses-bp.yaml
@@ -0,0 +1,18 @@
+apiVersion: v1
+kind: Secret
+metadata:
+  name: broker-addresses-bp
+type: Opaque
+stringData:
+  addresses.broker.properties: |
+    addressConfigurations."EXAMPLE.ADDRESS.1".name=EXAMPLE.ADDRESS.1
+    addressConfigurations."EXAMPLE.ADDRESS.1".routingTypes=MULTICAST
+    addressConfigurations."EXAMPLE.ADDRESS.1".queueConfigs."MULTICAST.QUEUE".name=MULTICAST.QUEUE
+    addressConfigurations."EXAMPLE.ADDRESS.1".queueConfigs."MULTICAST.QUEUE".address=EXAMPLE.ADDRESS.1
+    addressConfigurations."EXAMPLE.ADDRESS.1".queueConfigs."MULTICAST.QUEUE".routingType=MULTICAST
+
+    addressConfigurations."EXAMPLE.ADDRESS.2".name=EXAMPLE.ADDRESS.2
+    addressConfigurations."EXAMPLE.ADDRESS.2".routingTypes=ANYCAST
+    addressConfigurations."EXAMPLE.ADDRESS.2".queueConfigs."EXAMPLE.QUEUE".name=EXAMPLE.QUEUE
+    addressConfigurations."EXAMPLE.ADDRESS.2".queueConfigs."EXAMPLE.QUEUE".address=EXAMPLE.ADDRESS.2
+    addressConfigurations."EXAMPLE.ADDRESS.2".queueConfigs."EXAMPLE.QUEUE".routingType=ANYCAST