I need to perform a CRUD of the credentials to access the RabbitMQ UI via yaml, pipelined.

104 views
Skip to first unread message

Paulo Simplicio

unread,
Jul 6, 2022, 7:50:46 AM7/6/22
to rabbitmq-users
Hello guys! 

I'm a new member of the group and I have some questions to share. 

I work on a client where I'm modifying the instance he uses of RabbitMQ to include high availability, make credential management better and make it available in the environment.

The client contains all its microservices deployed in Openshift, through CI/CD (Pipeline) created and used in TFS (Team Foundation Server). 

I configured the RabbitMQ instance following this same pattern, using a StatefulSet, Configmap, Role, Role Binding, Service, SerivceAccount and Route. The Cluster contains 3 nodes that communicate with each other. 

Here's the yaml I'm using to apply the settings:

kind: List
apiVersion: v1
metadata:
  name: rabbitmq
  namespace: "some-variable"
labels:
  app: rabbitmq
items:
- kind: ConfigMap
  apiVersion: v1
  metadata:
    name: rabbitmq-config
  data:
    enabled_plugins: |
      [rabbitmq_federation,rabbitmq_management,rabbitmq_peer_discovery_k8s].
    rabbitmq.conf: |
      loopback_users.guest = false
      listeners.tcp.default = 5672
      cluster_formation.peer_discovery_backend  = rabbit_peer_discovery_k8s
      cluster_formation.k8s.host = kubernetes.default.svc.cluster.local
      cluster_formation.k8s.address_type = hostname
      cluster_formation.node_cleanup.only_log_warning = true
- kind: ServiceAccount
  apiVersion: v1
  metadata:
    name: rabbitmq
- kind: Secret
  apiVersion: v1
  metadata:
    name: rabbit-secret
  type: Opaque
  data:
    RABBITMQ_ERLANG_COOKIE: V0lXVkhDRFRDSVVBV0FOTE1RQVc=
- kind: Service
  apiVersion: v1
  metadata:
    name: rabbitmq
  spec:
    clusterIP: None
    ports:
    - port: 15672
      targetPort: 15672
      name: discovery
    - port: 5672
      targetPort: 5672
      name: amqp
    selector:
      app: rabbitmq
- kind: StatefulSet
  apiVersion: apps/v1
  metadata:
    name: rabbitmq
    namespace: "some-variable"
  spec:
    serviceName: rabbitmq
    replicas: 3
    selector:
      matchLabels:
        app: rabbitmq
    template:
      metadata:
        labels:
          app: rabbitmq
          maistra.io/expose-route: 'true'
      spec:
        serviceAccountName: rabbitmq
        initContainers:
        - name: config
          image: busybox
          command: ['/bin/sh', '-c', 'cp /tmp/config/rabbitmq.conf /config/rabbitmq.conf && ls -l /config/ && cp /tmp/config/enabled_plugins /etc/rabbitmq/enabled_plugins']
          volumeMounts:
          - name: config
            mountPath: /tmp/config/
            readOnly: false
          - name: config-file
            mountPath: /config/
          - name: plugins-file
            mountPath: /etc/rabbitmq/
        containers:
        - name: rabbitmq
          image: "some-variable"/"some-variable"/dil-rabbitmq-svc:"some-variable"
          ports:
          - containerPort: 15672
            name: discovery
          - containerPort: 5672
            name: amqp
          env:
          - name: RABBIT_POD_NAME
            valueFrom:
              fieldRef:
                apiVersion: v1
                fieldPath: metadata.name
          - name: RABBIT_POD_NAMESPACE
            valueFrom:
              fieldRef:
                fieldPath: metadata.namespace
          - name: RABBITMQ_NODENAME
            value: rabbit@$(RABBIT_POD_NAME).rabbitmq.$(RABBIT_POD_NAMESPACE).svc.cluster.local
          - name: RABBITMQ_USE_LONGNAME
            value: "true"
          - name: RABBITMQ_CONFIG_FILE
            value: "/config/rabbitmq"
          - name: RABBITMQ_ERLANG_COOKIE
            valueFrom:
              secretKeyRef:
                name: rabbit-secret
                key: RABBITMQ_ERLANG_COOKIE
          - name: K8S_HOSTNAME_SUFFIX
            value: .rabbitmq.$(RABBIT_POD_NAMESPACE).svc.cluster.local
          volumeMounts:
          - name: broker-amq-volume
            mountPath: /var/lib/rabbitmq
            readOnly: false
          - name: config-file
            mountPath: /config/
          - name: plugins-file
            mountPath: /etc/rabbitmq/
        volumes:
        - name: config-file
          emptyDir: {}
        - name: plugins-file
          emptyDir: {}
        - name: config
          configMap:
            name: rabbitmq-config
            defaultMode: 0755
        - name: broker-amq-volume
          persistentVolumeClaim:
            claimName: broker-amq-claim
- kind: Route
  apiVersion: route.openshift.io/v1
  metadata:
    name: rabbitmq-route
  spec:
    to:
      kind: Service
      name: rabbitmq
      weight: 100
    port:
      targetPort: discovery
    wildcardPolicy: None

Note that there are some variables that are overridden when Pipeline applies yaml to deploy to the environment.

But the important point is that I don't know how to configure the CRUD of credentials in RabbitMQ, through this process. I need to follow this pattern to be an automated process for the customer. Can someone help me?

Francine Prado de Almeida

unread,
Jul 6, 2022, 7:55:25 AM7/6/22
to rabbitmq-users
Morning guys!
I have the same problem. Can someone help us?

Sylvester Kalumbi

unread,
Jul 6, 2022, 9:13:10 AM7/6/22
to rabbitm...@googlegroups.com
Rabbitmq is not a database and does  not support CRUD operations. 

--
You received this message because you are subscribed to the Google Groups "rabbitmq-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to rabbitmq-user...@googlegroups.com.
To view this discussion on the web, visit https://groups.google.com/d/msgid/rabbitmq-users/c50137a7-f8a5-4d13-a29d-9c3bb9176232n%40googlegroups.com.

Paulo Simplicio

unread,
Jul 6, 2022, 9:46:28 AM7/6/22
to rabbitmq-users
Hi @sylvester! 

I know rabbitmq is not a database, but my point is the need to manage the credentials in an automated way, creating, removing and updating them.

Any possibility to do this in process is described above?

Sylvester Kalumbi

unread,
Jul 6, 2022, 9:52:05 AM7/6/22
to rabbitm...@googlegroups.com
Okay try to go through the rabbitmq documention then.

To view this discussion on the web, visit https://groups.google.com/d/msgid/rabbitmq-users/88f69a3c-8120-4fec-9770-1ad8d7fb219an%40googlegroups.com.

Sylvester Kalumbi

unread,
Jul 6, 2022, 9:53:24 AM7/6/22
to rabbitm...@googlegroups.com
Ooh okay try to go through the documentation or search on other platforms with similar problem.

Paulo Simplicio

unread,
Jul 6, 2022, 10:17:31 AM7/6/22
to rabbitmq-users
I've already tried looking at the official documentation for rabbitmq, but it's complicated and difficult to extract the necessary information.

I also tried searching on other platforms and was not successful. 

 The only alternative that seems viable to me is to use a file called "definitions.json". But I don't know how to use it and I also don't know if it's applicable for my problem.

Michal Kuratczyk

unread,
Jul 6, 2022, 10:20:18 AM7/6/22
to rabbitm...@googlegroups.com
Hi,

Sounds like what you are looking for is:

And while you're at it, use https://github.com/rabbitmq/cluster-operator/ instead of inventing how to deploy RabbitMQ to Kubernetes.

Best,

To view this discussion on the web, visit https://groups.google.com/d/msgid/rabbitmq-users/CAJZMWfYPvzZeZT5wH%2BpnNqFdOx0mKo5BR4xEu_QfH6koJE_63g%40mail.gmail.com.


--
Michał
RabbitMQ team

Paulo Simplicio

unread,
Jul 6, 2022, 11:08:04 AM7/6/22
to rabbitmq-users
Hi,

I can't use the RabbitMQ operator because it's not an operator officially available through Openshift's Operator Hub, so the Redhat team wouldn't support this one, making it an uninteresting alternative for the customer.

Thanks

Reply all
Reply to author
Forward
0 new messages