codefresh-io · mikhail-klimko · Jun 12, 2025 · Jun 11, 2025 · Jun 11, 2025 · Jun 12, 2025
diff --git a/codefresh/Chart.yaml b/codefresh/Chart.yaml
@@ -1,7 +1,7 @@
 apiVersion: v2
 description: Helm Chart for Codefresh On-Prem
 name: codefresh
-version: 2.8.5
+version: 2.8.6
 keywords:
   - codefresh
 home: https://codefresh.io/
@@ -18,8 +18,8 @@ annotations:
   # artifacthub.io/containsSecurityUpdates: "true"
   # supported kinds are added, changed, deprecated, removed, fixed and security.
   artifacthub.io/changes: |
-    - kind: security
-      description: "Contains security fixes in cf-api"
+    - kind: added
+      description: "Add pre-upgrade hook to enable stable feature flags in rabbitmq"
 dependencies:
   - name: cf-common
     repository: oci://quay.io/codefresh/charts

diff --git a/codefresh/README.md b/codefresh/README.md
@@ -1,6 +1,6 @@
 ## Codefresh On-Premises
 
-![Version: 2.8.5](https://img.shields.io/badge/Version-2.8.5-informational?style=flat-square) ![AppVersion: 2.8.0](https://img.shields.io/badge/AppVersion-2.8.0-informational?style=flat-square)
+![Version: 2.8.6](https://img.shields.io/badge/Version-2.8.6-informational?style=flat-square) ![AppVersion: 2.8.0](https://img.shields.io/badge/AppVersion-2.8.0-informational?style=flat-square)
 
 Helm chart for deploying [Codefresh On-Premises](https://codefresh.io/docs/docs/getting-started/intro-to-codefresh/) to Kubernetes.
 
@@ -2322,7 +2322,11 @@ spec:
 
 ### RabbitMQ update
 
-Default RabbitMQ image is changed from 3.x to 4.x
+Default RabbitMQ image is changed from 3.x to 4.0
+
+If you run external RabbitMQ, follow the [official instructions](https://www.rabbitmq.com/docs/upgrade) to upgrade to 4.0
+
+For built-in RabbitMQ `bitnami/rabbitmq` subchart, pre-upgrade hook was added to enable all stable feature flags.
 
 ####  Affected values
 
@@ -2595,6 +2599,7 @@ After platform upgrade, Consul fails with the error `refusing to rejoin cluster
 | hooks | object | See below | Pre/post-upgrade Job hooks. |
 | hooks.consul | object | `{"affinity":{},"enabled":true,"image":{"registry":"us-docker.pkg.dev/codefresh-inc/public-gcr-io","repository":"codefresh/kubectl","tag":"1.33.0"},"nodeSelector":{},"podSecurityContext":{},"resources":{},"tolerations":[]}` | Recreates `consul-headless` service due to duplicated ports in Service during the upgrade. |
 | hooks.mongodb | object | `{"affinity":{},"enabled":true,"image":{"registry":"us-docker.pkg.dev/codefresh-inc/public-gcr-io","repository":"codefresh/mongosh","tag":"2.5.0"},"nodeSelector":{},"podSecurityContext":{},"resources":{},"tolerations":[]}` | Updates images in `system/default` runtime. |
+| hooks.rabbitmq | object | `{"affinity":{},"enabled":true,"image":{"registry":"us-docker.pkg.dev/codefresh-inc/public-gcr-io","repository":"codefresh/rabbitmqadmin","tag":"2.1.0"},"nodeSelector":{},"podSecurityContext":{},"resources":{},"tolerations":[]}` | Enable stable feature flags in RabbitMQ. |
 | imageCredentials | object | `{}` | Credentials for Image Pull Secret object |
 | ingress | object | `{"annotations":{"nginx.ingress.kubernetes.io/service-upstream":"true","nginx.ingress.kubernetes.io/ssl-redirect":"false","nginx.org/redirect-to-https":"false"},"enabled":true,"ingressClassName":"nginx-codefresh","labels":{},"nameOverride":"","services":{"internal-gateway":["/"]},"tls":{"cert":"","enabled":false,"existingSecret":"","key":"","secretName":"star.codefresh.io"}}` | Ingress |
 | ingress-nginx | object | See below | ingress-nginx Ref: https://github.com/kubernetes/ingress-nginx/blob/main/charts/ingress-nginx/values.yaml |

diff --git a/codefresh/README.md.gotmpl b/codefresh/README.md.gotmpl
@@ -2331,7 +2331,11 @@ spec:
 
 ### RabbitMQ update
 
-Default RabbitMQ image is changed from 3.x to 4.x
+Default RabbitMQ image is changed from 3.x to 4.0
+
+If you run external RabbitMQ, follow the [official instructions](https://www.rabbitmq.com/docs/upgrade) to upgrade to 4.0
+
+For built-in RabbitMQ `bitnami/rabbitmq` subchart, pre-upgrade hook was added to enable all stable feature flags.
 
 ####  Affected values
 

diff --git a/codefresh/templates/hooks/pre-upgrade/enable-stable-flags-rabbitmq-job.yaml b/codefresh/templates/hooks/pre-upgrade/enable-stable-flags-rabbitmq-job.yaml
@@ -0,0 +1,83 @@
+{{- if and .Values.hooks.rabbitmq.enabled .Values.rabbitmq.enabled }}
+{{- $libTemplateName := printf "cf-common-%s" (index .Subcharts "cf-common").Chart.Version }}
+{{- $tolerations := .Values.hooks.consul.tolerations | default list }}
+{{- $globalTolerations := .Values.global.tolerations | default list }}
+{{- $allToleration := concat $globalTolerations $tolerations }}
+{{- $affinity := .Values.hooks.consul.affinity | default dict }}
+{{- $globalAffinity := .Values.global.affinity | default dict }}
+{{- $allAffinity := mergeOverwrite $globalAffinity $affinity }}
+{{- $nodeSelector := .Values.hooks.consul.nodeSelector | default dict }}
+{{- $globalNodeSelector := .Values.global.nodeSelector | default dict }}
+{{- $allNodeSelector := mergeOverwrite $globalNodeSelector $nodeSelector }}
+---
+apiVersion: batch/v1
+kind: Job
+metadata:
+  name: {{ template "codefresh.fullname" . }}-rabbitmq-enable-stable-flags
+  labels:
+    {{ include "codefresh.labels" . | nindent 4 }}
+  annotations:
+    helm.sh/hook: pre-upgrade
+    helm.sh/hook-weight: "5"
+    helm.sh/hook-delete-policy: hook-succeeded,before-hook-creation
+spec:
+  ttlSecondsAfterFinished: 300
+  backoffLimit: 6
+  template:
+    metadata:
+      name: {{ template "codefresh.fullname" . }}-rabbitmq-enable-stable-flags
+      labels:
+        {{ include "codefresh.labels" . | nindent 8 }}
+    spec:
+      {{- include (printf "%s.image.pullSecrets" $libTemplateName ) . | nindent 6 }}
+      containers:
+      - name: {{ template "codefresh.fullname" . }}-rabbitmq-enable-stable-flags
+        image: {{ include (printf "%s.image.name" $libTemplateName) (dict "image" .Values.hooks.rabbitmq.image "context" .) }}
+        env:
+        - name: RABBITMQADMIN_TARGET_HOST
+          valueFrom:
+            secretKeyRef:
+              name: {{ template "codefresh.fullname" . }}-rabbitmq-enable-stable-flags
+              key: RABBITMQADMIN_TARGET_HOST
+        - name: RABBITMQADMIN_TARGET_PORT
+          valueFrom:
+            secretKeyRef:
+              name: {{ template "codefresh.fullname" . }}-rabbitmq-enable-stable-flags
+              key: RABBITMQADMIN_TARGET_PORT
+        - name: RABBITMQADMIN_USERNAME
+          valueFrom:
+            secretKeyRef:
+              name: {{ template "codefresh.fullname" . }}-rabbitmq-enable-stable-flags
+              key: RABBITMQADMIN_USERNAME
+        - name: RABBITMQADMIN_PASSWORD
+          valueFrom:
+            secretKeyRef:
+              name: {{ template "codefresh.fullname" . }}-rabbitmq-enable-stable-flags
+              key: RABBITMQADMIN_PASSWORD
+        command:
+        - /bin/bash
+        - -c
+        - |
+          set -x
+          rabbitmqadmin \
+            --host=$RABBITMQADMIN_TARGET_HOST \
+            --port=$RABBITMQADMIN_TARGET_PORT \
+            --username=$RABBITMQADMIN_USERNAME \
+            --password=$RABBITMQADMIN_PASSWORD \
+            feature_flags enable_all
+        resources:
+          {{- toYaml .Values.hooks.rabbitmq.resources | nindent 10 }}
+      {{- with $allNodeSelector }}
+      nodeSelector:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      {{- with $allAffinity }}
+      affinity:
+        {{- toYaml . | nindent 8}}
+      {{- end }}
+      {{- with $allToleration }}
+      tolerations:
+        {{- toYaml . | nindent 6 }}
+      {{- end }}
+      restartPolicy: OnFailure
+{{- end }}
diff --git a/codefresh/templates/hooks/pre-upgrade/enable-stable-flags-rabbitmq-secret.yaml b/codefresh/templates/hooks/pre-upgrade/enable-stable-flags-rabbitmq-secret.yaml
@@ -0,0 +1,20 @@
+{{- if and .Values.hooks.rabbitmq.enabled .Values.rabbitmq.enabled }}
+{{- $libTemplateName := printf "cf-common-%s" (index .Subcharts "cf-common").Chart.Version }}
+---
+apiVersion: v1
+kind: Secret
+metadata:
+  name: {{ template "codefresh.fullname" . }}-rabbitmq-enable-stable-flags
+  labels:
+    {{ include "codefresh.labels" . | nindent 4 }}
+  annotations:
+    helm.sh/hook: pre-upgrade
+    helm.sh/hook-weight: "-10"
+    helm.sh/hook-delete-policy: hook-succeeded,before-hook-creation,hook-failed
+type: Opaque
+data:
+  RABBITMQADMIN_TARGET_HOST: {{ (printf "%s-%s" .Release.Name (coalesce .Values.global.rabbitService .Values.global.rabbitmqService) | lower | trimSuffix ":5672") | b64enc | quote }}
+  RABBITMQADMIN_TARGET_PORT: {{ printf "%d" 15672 | b64enc | quote }}
+  RABBITMQADMIN_USERNAME: {{ .Values.rabbitmq.auth.username | b64enc | quote }}
+  RABBITMQADMIN_PASSWORD: {{ .Values.rabbitmq.auth.password | b64enc | quote }}
+{{- end }}
diff --git a/codefresh/values.yaml b/codefresh/values.yaml
@@ -465,7 +465,18 @@ hooks:
     podSecurityContext: {}
     resources: {}
     tolerations: []
-
+  # -- Enable stable feature flags in RabbitMQ.
+  rabbitmq:
+    enabled: true
+    image:
+      registry: us-docker.pkg.dev/codefresh-inc/public-gcr-io
+      repository: codefresh/rabbitmqadmin
+      tag: 2.1.0
+    affinity: {}
+    nodeSelector: {}
+    podSecurityContext: {}
+    resources: {}
+    tolerations: []
 
 # -- Maintenance postgresql clean job.
 # Removes a certain number of the last records in the event store table.