Kubernetes 中的 RabbitMQ - 作为 Statefulset 部署类型的一部分创建用户

Question

我是 Kubernetes 新手，通过实验学习。我已经创建了 RabbitMQ statefulset 并且它正在工作。但是，我面临的问题是我使用它的管理门户的方式。 默认情况下，RabbitMQ 提供来宾/来宾凭据，但仅适用于 localhsot。它让我想到我应该有另一个管理员用户以及我在 API 端的连接字符串来访问 RabbitMQ。 （目前在 API 方面，我也使用 guest:guest@.... 作为不好的做法）

我喜欢改变，但我不知道如何改变。我可以手动登录到 RabbitMQ 管理门户（在部署并使用 guest:guest 凭据之后）可以创建新用户。但我想将其自动化作为 Kubernetes Statefulset 部署的一部分。

我尝试添加 Kubernetes 的生命周期后挂钩，但效果不佳。我有以下物品：

rabbitmq-configmap：

rabbitmq.conf: |
## Clustering
#cluster_formation.peer_discovery_backend = k8s
cluster_formation.peer_discovery_backend = rabbit_peer_discovery_k8s
cluster_formation.k8s.host = kubernetes.default.svc.cluster.local
cluster_formation.k8s.address_type = hostname
cluster_partition_handling = autoheal

#cluster_formation.k8s.hostname_suffix = rabbitmq.${NAMESPACE}.svc.cluster.local
#cluster_formation.node_cleanup.interval = 10
#cluster_formation.node_cleanup.only_log_warning = true

rabbitmq-serviceaccount：

kind: Role
apiVersion: rbac.authorization.k8s.io/v1
metadata:
  name: rabbitmq
rules:
- apiGroups: [""]
  resources: ["endpoints"]
  verbs:
  - get
  - list
  - watch

rabbitmq-statefulset：

initContainers:
  - name: "rabbitmq-config"
    image: busybox
    volumeMounts:
    - name: rabbitmq-config
      mountPath: /tmp/rabbitmq
    - name: rabbitmq-config-rw
      mountPath: /etc/rabbitmq
    command:
    - sh
    - -c
    # the newline is needed since the Docker image entrypoint scripts appends to the config file
    - cp /tmp/rabbitmq/rabbitmq.conf /etc/rabbitmq/rabbitmq.conf && echo '' >> /etc/rabbitmq/rabbitmq.conf;
      cp /tmp/rabbitmq/enabled_plugins /etc/rabbitmq/enabled_plugins;
  containers:
  - name: rabbitmq
    image: rabbitmq
    ports:
    - containerPort: 15672

有什么帮助吗？

Answer 1

有多种方法可以做到这一点

您可以使用 RabbitMQ CLI 将用户添加到其中。

添加环境变量并更改用户名/密码，而不是 guest。

image: rabbitmq:management-alpine
    environment:
      RABBITMQ_DEFAULT_USER: user
      RABBITMQ_DEFAULT_PASS: password

将参数传递给图像

https://www.rabbitmq.com/cli.html#passing-arguments

将配置文件挂载到 RabbitMQ volume。

Rabbitmq.conf 文件

auth_mechanisms.1 = PLAIN
auth_mechanisms.2 = AMQPLAIN
loopback_users.guest = false
listeners.tcp.default = 5672
#default_pass = admin
#default_user = admin
hipe_compile = false
#management.listener.port = 15672
#management.listener.ssl = false
management.tcp.port = 15672
management.load_definitions = /etc/rabbitmq/definitions.json
#default_pass = admin
#default_user = admin

definitions.json

{
    "users": [
      {
        "name": "user",  
        "password_hash": "password",
        "hashing_algorithm": "rabbit_password_hashing_sha256",
        "tags": "administrator"
      }
    ],

    "vhosts":[
        {"name":"/"}
    ],
    "queues":[
        {"name":"qwer","vhost":"/","durable":true,"auto_delete":false,"arguments":{}}
    ]
}

另一种选择

Dockerfile

FROM rabbitmq

# Define environment variables.
ENV RABBITMQ_USER user
ENV RABBITMQ_PASSWORD password

ADD init.sh /init.sh
EXPOSE 15672

# Define default command
CMD ["/init.sh"]

init.sh

#!/bin/sh

# Create Rabbitmq user
( sleep 5 ; \
rabbitmqctl add_user $RABBITMQ_USER $RABBITMQ_PASSWORD 2>/dev/null ; \
rabbitmqctl set_user_tags $RABBITMQ_USER administrator ; \
rabbitmqctl set_permissions -p / $RABBITMQ_USER  ".*" ".*" ".*" ; \
echo "*** User '$RABBITMQ_USER' with password '$RABBITMQ_PASSWORD' completed. ***" ; \
echo "*** Log in the WebUI at port 15672 (example: http:/localhost:15672) ***") &

# $@ is used to pass arguments to the rabbitmq-server command.
# For example if you use it like this: docker run -d rabbitmq arg1 arg2,
# it will be as you run in the container rabbitmq-server arg1 arg2
rabbitmq-server $@

您可以阅读更多here