RabbitMQ TLS Configuration for Xray (Platform Helm)

This feature requires JFrog Platform Chart version 10.14.1 or later.

1. Set global.rabbitmq.auth.tls.enabled and rabbitmq.auth.tls.enabled to true in the values.yaml file.

   YAML

   global:
     rabbitmq:
        auth:
            tls:
               enabled: true
   rabbitmq:
      auth:
          tls:
             enabled: true

⚠️

Warning

Set both global.rabbitmq.auth.tls.enabled and rabbitmq.auth.tls.enabled to the same value so that settings are shared between Xray and Pipelines.

2. Add extraConfiguration: |-management.listener.ssl = {{ .Values.global.rabbitmq.auth.tls.enabled}} to access the RabbitMQ Management Portal through the HTTPS mode.

   YAML

   global:
     rabbitmq:
        auth:
            tls:
               enabled: true
   rabbitmq:
      auth:
          tls:
             enabled: true
             extraConfiguration: 
                 |-management.listener.ssl = {{ .Values.global.rabbitmq.auth.tls.enabled}}

3. Choose whether RabbitMQ generates certs or you supply your own.

   • Set global.rabbitmq.auth.tls.autogenerated and rabbitmq.auth.tls.autogenerated to true in the values.yaml file so that RabbitMQ generates the certs.

     YAML

     global:
       rabbitmq:
          auth:
              tls:
                 enabled: true
                 autogenerated: true
     rabbitmq:
        auth:
            tls:
               enabled: true
               autogenerated: true
               extraConfiguration: 
                   |-management.listener.ssl = {{ .Values.global.rabbitmq.auth.tls.enabled}}

   • Set rabbitmq.auth.tls.autogenerated to false in the values.yaml file to use your own certs.

     YAML

     global:
       rabbitmq:
          auth:
              tls:
                 enabled: true
                 autogenerated: false
     rabbitmq:
        auth:
            tls:
               enabled: true
               autogenerated: false
               extraConfiguration: 
                   |-management.listener.ssl = {{ .Values.global.rabbitmq.auth.tls.enabled}}

⚠️

Warning

Set both global.rabbitmq.auth.tls.autogenerated and rabbitmq.auth.tls.autogenerated to the same value so that settings are shared between Xray and Pipelines.

4. To use your own certs, pass them as a Kubernetes secret.

   Pass Certs as a Kubernetes Secret

   To pass your certs as a Kubernetes secret, set rabbitmq.auth.tls.existingSecret with the secret name.

   YAML

   global:
     rabbitmq:
        auth:
            tls:
               enabled: true
               autogenerated: false
               existingSecret: <secret name>
   rabbitmq:
      auth:
          tls:
             enabled: true
             autogenerated: false
             existingSecret: <secret name>
             extraConfiguration: 
                 |-management.listener.ssl = {{ .Values.global.rabbitmq.auth.tls.enabled}}

5. To install only Xray without other JFrog products alongside Artifactory, add the following to the values.yaml file.

   YAML

   xray:
     enabled: true

6. Run the following command to apply the values.yaml in the JFrog Platform installation.

   Bash

   helm upgrade --install jfrog-platform --namespace jfrog-platform jfrog/jfrog-platform -f values.yaml

   You can also run a fresh Xray installation with this updated values.yaml along with the other requirements in Xray Single Node Helm Installation.