Kubernetes中的RabbitMQ -将用户创建为状态集部署类型的一部分

Question

我是库伯奈特人的新手，通过实验学习。我已经创建了RabbitMQ状态集，并且它正在工作。然而，我面临的问题是我使用它的管理门户的方式。默认情况下，RabbitMQ提供客户/客人凭据，但这只适用于localhsot。它让我想到，我应该有另外一个管理员用户，以及API端的连接字符串来访问RabbitMQ。(目前在API端，我也使用来宾:来宾@.(作为不良做法)

我喜欢改变但我不知道怎么做。我可以手动登录到RabbitMQ管理门户(部署后使用来宾凭证)可以创建新用户。但我想将其自动化作为Kubernetes状态集部署的一部分。

我试图添加库伯内特斯的后生命周期挂钩，但这并不是很好。我有以下项目：

rabbitmq-configmap:

rabbitmq.conf: |
## Clustering
#cluster_formation.peer_discovery_backend = k8s
cluster_formation.peer_discovery_backend = rabbit_peer_discovery_k8s
cluster_formation.k8s.host = kubernetes.default.svc.cluster.local
cluster_formation.k8s.address_type = hostname
cluster_partition_handling = autoheal

#cluster_formation.k8s.hostname_suffix = rabbitmq.${NAMESPACE}.svc.cluster.local
#cluster_formation.node_cleanup.interval = 10
#cluster_formation.node_cleanup.only_log_warning = true

rabbitmq-serviceaccount:

kind: Role
apiVersion: rbac.authorization.k8s.io/v1
metadata:
  name: rabbitmq
rules:
- apiGroups: [""]
  resources: ["endpoints"]
  verbs:
  - get
  - list
  - watch

rabbitmq-statefulset:

initContainers:
  - name: "rabbitmq-config"
    image: busybox
    volumeMounts:
    - name: rabbitmq-config
      mountPath: /tmp/rabbitmq
    - name: rabbitmq-config-rw
      mountPath: /etc/rabbitmq
    command:
    - sh
    - -c
    # the newline is needed since the Docker image entrypoint scripts appends to the config file
    - cp /tmp/rabbitmq/rabbitmq.conf /etc/rabbitmq/rabbitmq.conf && echo '' >> /etc/rabbitmq/rabbitmq.conf;
      cp /tmp/rabbitmq/enabled_plugins /etc/rabbitmq/enabled_plugins;
  containers:
  - name: rabbitmq
    image: rabbitmq
    ports:
    - containerPort: 15672

有什么帮助吗？

Answer 1

做这件事有多种方法

您可以使用RabbitMQ CLI将用户添加到其中。

添加环境变量并更改用户名/密码，而不是来宾。

image: rabbitmq:management-alpine
    environment:
      RABBITMQ_DEFAULT_USER: user
      RABBITMQ_DEFAULT_PASS: password

将参数传递给图像

https://www.rabbitmq.com/cli.html#passing-arguments

将配置文件挂载到RabbitMQ 卷。

Rabbitmq.conf文件

auth_mechanisms.1 = PLAIN
auth_mechanisms.2 = AMQPLAIN
loopback_users.guest = false
listeners.tcp.default = 5672
#default_pass = admin
#default_user = admin
hipe_compile = false
#management.listener.port = 15672
#management.listener.ssl = false
management.tcp.port = 15672
management.load_definitions = /etc/rabbitmq/definitions.json
#default_pass = admin
#default_user = admin

definitions.json

{
    "users": [
      {
        "name": "user",  
        "password_hash": "password",
        "hashing_algorithm": "rabbit_password_hashing_sha256",
        "tags": "administrator"
      }
    ],

    "vhosts":[
        {"name":"/"}
    ],
    "queues":[
        {"name":"qwer","vhost":"/","durable":true,"auto_delete":false,"arguments":{}}
    ]
}

另一个选项

Dockerfile

FROM rabbitmq

# Define environment variables.
ENV RABBITMQ_USER user
ENV RABBITMQ_PASSWORD password

ADD init.sh /init.sh
EXPOSE 15672

# Define default command
CMD ["/init.sh"]

init.sh

#!/bin/sh

# Create Rabbitmq user
( sleep 5 ; \
rabbitmqctl add_user $RABBITMQ_USER $RABBITMQ_PASSWORD 2>/dev/null ; \
rabbitmqctl set_user_tags $RABBITMQ_USER administrator ; \
rabbitmqctl set_permissions -p / $RABBITMQ_USER  ".*" ".*" ".*" ; \
echo "*** User '$RABBITMQ_USER' with password '$RABBITMQ_PASSWORD' completed. ***" ; \
echo "*** Log in the WebUI at port 15672 (example: http:/localhost:15672) ***") &

# $@ is used to pass arguments to the rabbitmq-server command.
# For example if you use it like this: docker run -d rabbitmq arg1 arg2,
# it will be as you run in the container rabbitmq-server arg1 arg2
rabbitmq-server $@

您可以阅读更多的这里