Set username/password RabbitMQ Cluster Operator for Kubernetes

1,947 views
Skip to first unread message

Tyler Wallace

unread,
Nov 16, 2020, 2:47:20 PM11/16/20
to rabbitmq-users
Hey,

I'm working to setup the RMQ Cluster Operator for Kubernetes in an AKS cluster. I know that the Operator will set a username/password for me. Is there a way for me to override this?

If not, will the Operator assigned username/password never change once set? Will the username/password stay the same in all of the following scenarios (and any others)? 
  1. Operator in cluster crashes and has to restart
  2. All RMQ nodes go down and have to restart
  3. Any other situation where username/password could potentially change
I want to make sure my apps that communicate with the RMQ instance will not run into a situation where the can't authenticate because the Operator changed the username/password.

Thanks,
Tyler

Michal Kuratczyk

unread,
Nov 16, 2020, 3:35:28 PM11/16/20
to rabbitm...@googlegroups.com
Hi,

TL;DR: the operator will never change these credentials

When a new cluster is deployed, a secret is created and then mounted to the pods. When RabbitMQ starts and decides it is a fresh node (there is no previous state), it will create a user with these credentials.
From now on, the Operator will not change that secret and even if you do, RabbitMQ will ignore these changes because the nodes have been initialized already.

You can use standard RabbitMQ methods to create and manage users, such as rabbitmqctl or the Management API.

In the future, we want to add additional Kinds so that you'll be able to manage users through Kubernetes resources such as RabbitmqUser (you can follow https://github.com/rabbitmq/cluster-operator/issues/12 for this).

Best,

--
You received this message because you are subscribed to the Google Groups "rabbitmq-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to rabbitmq-user...@googlegroups.com.
To view this discussion on the web, visit https://groups.google.com/d/msgid/rabbitmq-users/c0c669e1-f54a-4e02-ba58-f08dec4b1474n%40googlegroups.com.


--
Michał
RabbitMQ team

Tyler Wallace

unread,
Nov 16, 2020, 4:33:05 PM11/16/20
to rabbitmq-users
Hey Michal, thanks for the quick reply! It was very helpful!

So, I can either use the user/pw generated, or create my own user through rabbitmqctl/Management API. Will any custom users I create also be persistent in case any part of the RMQ Operator goes down? I assume so, but want to ask just in case.

Thanks,
Tyler

Michal Kuratczyk

unread,
Nov 16, 2020, 4:38:47 PM11/16/20
to rabbitm...@googlegroups.com
Yes, in the same way they are persistent without the Operator - RabbitMQ stores these users in its database so you will not lose them until you lose the persistent volumes.
You can make a backup of that database using definition export: https://www.rabbitmq.com/definitions.html

To view this discussion on the web, visit https://groups.google.com/d/msgid/rabbitmq-users/e8f15e11-0e7b-4529-9196-eed8a8730663n%40googlegroups.com.


--
Michał
Reply all
Reply to author
Forward
0 new messages