feat: rabbitmq documentation (#54)

* feat: add sealed secrets docs

* feat: rabbitmq documentation

* feat: updated docs part one

* feat: added lab for rabbitmq

* feat: added port forwarding image

* Update docs/get-started/labs/lab-33.md

---------

Co-authored-by: ferruh2021@gmail.com <ferruh.cihan@redkubes.com>
Co-authored-by: jeho <17126497+j-zimnowoda@users.noreply.github.com>

docs/apps/rabbitmq.md

@@ -0,0 +1,15 @@
+---
+slug: rabbitmq
+title: RabbitMQ
+sidebar_label: RabbitMQ
+---
+
+Kubernetes operator to deploy and manage RabbitMQ clusters.
+
+## Overview
+
+[RabbitMQ](https://github.com/rabbitmq/cluster-operator) is a controller and custom resource definition (CRD) designed for the lifecycle (creation, upgrade, graceful shutdown) of a RabbitMQ cluster.
+
+RabbitMQ is an open-source message-broker software that originally implemented the Advanced Message Queuing Protocol and has since been extended with a plug-in architecture to support Streaming Text Oriented Messaging Protocol, MQ Telemetry Transport, and other protocols.
+
+RabbitMQ can be activated and used in tandem with the `Workload Category` to create a RabbitMQ Cluster with `Queues` and `Policies`.

docs/get-started/labs/lab-33.md

@@ -0,0 +1,137 @@
+---
+slug: lab-33
+title: Create rabbitMQ Cluster
+sidebar_label: Create RabbitMQ cluster
+---
+
+In this lab we will deploy a RabbitMQ workload that is created with the Catalog.
+
+## Enabling RabbitMQ
+
+As an `Admin` go to the `Apps` panel and activate `RabbitMQ`, afterwards click the `deploy` button.
+If you are not and `Admin` then ask your `Admin` to enable the `RabbitMQ` application.
+
+![Apps Overview](../../img/rabbitmq-0-enable-rabbitmq.png)
+
+## Creating a RabbitMQ Cluster
+
+To create a RabbitMQ Cluster, on the team overview click on the `Catalog` in the sidebar and select the `RabbitMQ` workload. This will take you to the page with the readme where you can see all specifications and definitions that you can use to create your RabbitMQ Cluster with Queues and Policies.
+
+![Workload Catalog](../../img/rabbitmq-1-click-workload.png)
+
+To configure the RabbitMQ Cluster workload go to the `Values` tab and fill in a name for the RabbitMQ Cluster workload. Afterwards you can scroll down an edit the cluster parameters.
+
+![Add Name](../../img/rabbitmq-2-add-name.png)
+
+## Adding Queues and Policies
+
+To configure `Queues` and `Policies` for the rabbitMQ Cluster you can add them to the `queues` and `policies` parameters respectively.
+For example we create a rabbitMQ Cluster workload with the name `rabbit1` with 2 `queues` and 2 `policies`.
+
+![Fill In Values](../../img/rabbitmq-3-add-queues-and-policies.png)
+
+:::info ALERT
+Do remember that even though these values can be edited afterwards, not all specifications or definitions can be updated after a `queue` or `policy` has been created. Please make sure everything is filled in correctly.
+:::
+
+When everything is filled in correctly you can `submit` and click the `deploy changes` button.
+
+To check the status of the deployment you can go to the `workload` list page.
+
+Workload Status:
+![Check Workload Status](../../img/rabbitmq-4-check-status.png)
+
+ArgoCD Status:
+![Check ArgoCD](../../img/rabbitmq-5-check-argocd-status.png)
+
+## Accessing the RabbitMQ Management UI
+
+To access the `RabbitMQ Management UI` you have to retrieve the default user credentials and `port-forward` the `rabbitMQ server`.
+To do this connect to your k8s cluster with `kubectl`.
+
+:::info NOTE
+In this example the `rabbitMQ cluster` was created in the demo team so we have to get the `secret` from the `team-demo` namespace. Please retrieve the `secret` from the namespace where the `rabbitMQ cluster` was created.
+:::
+
+To retrieve the username and decode it from base64 use the following command:
+
+```
+kubectl get secret rabbit1-rabbitmq-default-user -n team-demo -o jsonpath="{.data.username}" | base64 --decode
+```
+
+To retrieve the password and decode it from base64 use the following command:
+
+```
+kubectl get secret rabbit1-rabbitmq-default-user -n team-demo -o jsonpath="{.data.password}" | base64 --decode
+```
+
+Which looks like the this:
+![User Credentials](../../img/rabbitmq-6-user-credentials.png)
+
+:::info ALERT
+Make sure you don't copy the `%` symbol at the end.
+:::
+
+Now you have to `port-forward` the rabbitmq `container` with port number `15672` that is inside the rabbitmq `pod` called `rabbit1-rabbitmq-server-0` to a port of your choice that is not used, I use port `56027` for this example.
+
+:::info ALERT
+`rabbit1-rabbitmq-server-0` has the prefix `rabbit1` because this is the name that we gave it when creating the workload.
+:::
+
+To `port-forward` use the following command:
+
+```
+kubectl port-forward -n team-demo rabbit1-rabbitmq-server-0 56027:15672
+```
+
+![Port Forwarding](../../img/rabbitmq-7-port-forwarding.png)
+
+Access `http://localhost:56027` and use the previously acquired user credentials to log in. If you cannot log in, please check if the credentials are for the correct rabbitMQ cluster.
+
+![Logging-in to Management UI](../../img/rabbitmq-8-logging-in.png)
+
+## Checking the RabbitMQ Management UI
+
+Now that we are logged in you should see the following:
+
+![ManagementUI Overview](../../img/rabbitmq-9-management-ui.png)
+
+We can also check the `queues` that we specified when creating the rabbitmq cluster in the `Queues and Streams` tab.
+
+![Overview Queues](../../img/rabbitmq-10-queues.png)
+
+To see the `policies` that we defined you can see them in the `Admin` tab and under `Policies`:
+
+![Overview Policies](../../img/rabbitmq-11-policies.png)
+
+## Connecting an Application to the rabbitMQ Cluster
+
+:::info NOTE
+Will be expanded upon
+:::
+
+To connect to the `rabbitMQ cluster` you use `AMQP` to open a connection. To open a connection you need to create a connection string using the `username`, `password`, `host` and `port` of the rabbitmq cluster.
+
+To get the host use the following command:
+
+```
+kubectl get secret rabbit1-rabbitmq-default-user -n team-demo -o jsonpath="{.data.host}" | base64 --decode
+```
+
+To get the port use the following command:
+
+```
+kubectl get secret rabbit1-rabbitmq-default-user -n team-demo -o jsonpath="{.data.port}" | base64 --decode
+```
+
+The connection string is build like this:
+
+```
+amqp://USERNAME:PASSWORD@HOST:PORT/
+```
+
+With values:
+
+```
+amqp://default_user_mWPUECo5wsbtpgY3oze:MdzUL4CcgF-cQryLfk5uxqf57qqWBG8l@matthew-rabbit1-rabbitmq.team-admin.svc:5672/
+```

product/architecture.md

@@ -4,7 +4,6 @@ title: Otomi Projects
 sidebar_label: Otomi Projects
 ---
 
-
 Otomi consists out of the following projects:
 
 | Project                                                    | open source |
@@ -15,7 +14,6 @@ Otomi consists out of the following projects:
 | [otomi-console](https://github.com/redkubes/otomi-console) | No          |
 | [otomi-api](https://github.com/redkubes/otomi-api)         | No          |
 
-
 ## Otomi Core
 
 Otomi Core contains all the integrated applications and is made available (per release) as a container image.
@@ -58,6 +56,7 @@ Otomi Core is the heart of Otomi and contains a suite of the following integrate
 - [Grafana Tempo](https://github.com/grafana/tempo): High-scale distributed tracing backend
 - [OpenTelemetry](https://github.com/open-telemetry/opentelemetry-operator): Instrument, generate, collect, and export telemetry data to help you analyze your software’s performance and behavior
 - [Sealed Secrets](https://github.com/bitnami-labs/sealed-secrets): Encrypt your Secret into a SealedSecret, which is safe to store - even inside a public repository.
+- [RabbitMQ](https://github.com/rabbitmq/cluster-operator): Kubernetes operator to deploy and manage RabbitMQ clusters.
 
 ### Catagories
 
@@ -71,7 +70,7 @@ Otomi contains four catagories of integrated K8s applications:
 The following table shows all integrated applications:
 
 | Application                                  | Core | Shared | Team | User/role-aware | Optional |
-| :------------------------------------------  | :--: | :----: | :--: | :-------------: | :------: |
+| :------------------------------------------- | :--: | :----: | :--: | :-------------: | :------: |
 | Istio                                        |  X   |        |      |                 |          |
 | Ingress NGINX Controller                     |  X   |        |      |                 |          |
 | Knative                                      |      |        |      |                 |    X     |
@@ -91,11 +90,10 @@ The following table shows all integrated applications:
 | Velero                                       |      |        |      |                 |    X     |
 | Minio                                        |      |        |      |                 |    X     |
 | Opencost                                     |      |        |      |                 |    X     |
-| Tekton Pipeline                              |  X   |   X    |   X  |                 |    X     |
+| Tekton Pipeline                              |  X   |   X    |  X   |                 |    X     |
 | Trivy Operator                               |      |        |      |                 |    X     |
 | Cloudnative-pg                               |  X   |        |      |                 |          |
 
-
 ### Advanced ingress architecture as its core
 
 Otomi by default installs and configures an advanced ingress architecture. Ingress for a service can be configured using Otomi Services. The following figure shows the ingress and SSO architecture.
@@ -106,17 +104,18 @@ The ingress & SSO architecture overview explained:
 
 - (optional) an external gateway is used for termination of external traffic (e.g. an Azure Application Gateway or an AWS Application Load Balancer).
 - 2 Ingress NGINX controllers are deployed, one for public access and one for authenticated access.
-- Authenticated (SSO) access is handled by an oauth2 proxy and KeyCloak. The user logs in using the Otomi custom KeyCloak login page. 
+- Authenticated (SSO) access is handled by an oauth2 proxy and KeyCloak. The user logs in using the Otomi custom KeyCloak login page.
 - KeyCloak is configured with an external IDP (optional) or uses local accounts. After authentication, KeyCloak provides a normalized JWT token. The JWT token is used by integrated core applications (providing user and role information) and team services configured with SSO
-- 4 Istio (ingress) gateways are provisioned: 
+- 4 Istio (ingress) gateways are provisioned:
+
 1.  a public gateway for routing public (non authenticated traffic to a service)
 2.  an authentication gateway to route authenticated traffic to a service
 3.  a local gateway (for local cluster routing)
 4.  a Knative gateway to route traffic to Knative services
+
 - For each service a Istio virtual service is configured.
 - One egress gateway is provisioned for all egress traffic (network policies allow all egress traffic).
 
-
 ## Otomi Tasks
 
 Otomi Tasks contains a set of Kubernetes jobs and teh Otomi Operator. The jobs and Operator ensure that the configuration of applications integrated in Otomi are always equal to the desired-state configuration (see Otomi Values). An example: If a team is created via Otomi Console (in combination with Otomi API), Otomi Tasks ensures that a project is created for the new team in Harbor, the access to the project in Harbor is configured, a robot account (that can be used to push images to the project registry) is created and that a pull secret is created in the namespace of the team.

sidebar-docs.js

@@ -52,6 +52,7 @@ module.exports = {
           "get-started/labs/lab-19",
           "get-started/labs/lab-27",
           "get-started/labs/lab-28",
+          "get-started/labs/lab-33",
         ],
       },
     ],
@@ -179,6 +180,7 @@ module.exports = {
       "apps/minio",
       "apps/otel",
       "apps/prometheus",
+      "apps/rabbitmq",
       "apps/sealedsecrets",
       "apps/thanos",
       "apps/trivy",