Kubernetes operator : auth error on amqp access : invalid credentials
164 views
Skip to first unread message
Arnaud FAUSSE
Nov 18, 2022, 4:26:43 AM11/18/22
to rabbitmq-users
Hi
I have deployed a Rabbitmq cluster on Kubernetes using the out of the box rabbitmq operator (kubectl apply -f https://github.com/rabbitmq/cluster-operator/releases/latest/download/cluster-operator.yml).
Everything looks fine, I have created a new user to avoid the default user which doesn't support external amqp connexion. I set the permission on this user *, *,*. The virtualhost is /
Access to the management interface works withe the user I created.
The problem is that amqp clients can't connect, the server responds invalid credentials. I re-checked the credential with rabbitmqctl authenticate_user <username> <password>, it gave success.
Is there an additionnal setup to do to allow amqp connections from other pods ?
Any advice would be appreciated.
Thanks a lot
GB
Michal Kuratczyk
Nov 18, 2022, 6:33:27 AM11/18/22
to rabbitm...@googlegroups.com
Hi,
How did you create this user? There is one created by default, that you should be able to use. If you installed the kubectl-rabbitmq plugin, you can get credentials with
kubectl rabbitmq secrets CLUSTER_NAME
If you don't have the plugin, you can use this: https://www.rabbitmq.com/kubernetes/operator/using-operator.html#creds
For creating additional users, you can use definition import:
Or use Topology Operator:
Best,
--
You received this message because you are subscribed to the Google Groups "rabbitmq-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to rabbitmq-user...@googlegroups.com.
To view this discussion on the web, visit https://groups.google.com/d/msgid/rabbitmq-users/69b69a31-b610-46b3-b5b7-eb1aedbccb5an%40googlegroups.com.
Michał
RabbitMQ teamArnaud FAUSSE
Nov 18, 2022, 10:16:09 AM11/18/22
to rabbitmq-users
Thank you Michał, your remark relative to the topology operator was a clue. In fact I thought that it was possible to create a generic secret for the new user, but rabbituser secrets have additional keys that I didn't create in the new secret. Additionnaly, I thought that the default user was limited to localhost connexion as set on a non k8s rabbitmq deployment. So using the default user and also upgrading to 3.13.3 and using the dafault (but changed) secret/password led to success.
Best regards
GB
Reply all
Reply to author
Forward
0 new messages