In some scenarios, when deploying Xray in helm, we need to pass the rabbitmq username and password as a secret which gives you more control over how sensitive information is used and reduces the risk of accidental exposure. You can achieve this by following the below methods:
Method 1: Creating secrets for rabbitmq url and credentials.
Step1: Create a secret by passing the username/password and url of the rabbitmq by using the below command.
kubectl create secret generic xray-rabbitmq-creds --from-literal=username=guest --from-literal=password=password -n jfrog
Step 2: Update the Xray's values.yaml with the below config details under rabbitmq section as mentioned here:
rabbitmq: enabled: true rabbitmqUpgradeReady: false replicaCount: 1 rbac: create: true image: registry: releases-docker.jfrog.io repository: bitnami/rabbitmq tag: 3.11.10-debian-11-r5 external: secrets: username: name: "xray-rabbitmq-creds" key: "username" password: name: "xray-rabbitmq-creds" key: "password"
Then, perform the helm upgrade.
Method 2: Using existingPasswordSecret parameter.
If you just wanted to pass the secret for password, Alternatively, you can use a pre-existing secret with a key called rabbitmq-password by specifying existingPasswordSecret
Step 1: Create a secret.
kubectl create secret generic xray-rabbitmq-creds --from-literal=rabbitmq-password=password -n jfrog
Step 2: Update the values.yaml with the existingPasswordSecret under rabbitmq section.
rabbitmq: enabled: true ## Enable the flag if the feature flags in rabbitmq is enabled manually rabbitmqUpgradeReady: false replicaCount: 1 rbac: create: true image: registry: releases-docker.jfrog.io repository: bitnami/rabbitmq tag: 3.11.10-debian-11-r5 auth: username: guest existingPasswordSecret: xray-rabbitmq-creds
And perform the helm upgrade.