Reputation: 12900
RabbitMQ Kubernetes Operator - Set Username and Password with Secret
I am using the RabbitMQ Kubernetes operator for a dev-instance and it works great. What isn't great is that the credentials generated by the operator are different for everyone on the team (I'm guessing it generates random creds upon init).
Is there a way to provide a secret and have the operator use those credentials in place of the generated ones?
Yaml:
apiVersion: rabbitmq.com/v1beta1
kind: RabbitmqCluster
metadata:
name: rabbitmq-cluster-deployment
namespace: message-brokers
spec:
replicas: 1
service:
type: LoadBalancer
Ideally, I can just configure some yaml to point to a secret and go from there. But, struggling to find the documentation around this piece.
Example Username/Password generated:
- user: default_user_wNSgVBIyMIElsGRrpwb
- pass: cGvQ6T-5gRt0Rc4C3AdXdXDB43NRS6FJ
Upvotes: 7
Views: 5493
Answers (1)
Reputation: 12900
I figured it out. Looks like you can just add a secret configured like the below example and it'll work. I figured this out by reverse engineering what the operator generated. So, please chime in if this is bad.
The big thing to remember is the default_user.confg setting. Other than that, it's just a secret.
kind: Secret
apiVersion: v1
metadata:
name: rabbitmq-cluster-deployment-default-user
namespace: message-brokers
stringData:
default_user.conf: |
default_user = user123
default_pass = password123
password: password123
username: user123
type: Opaque
rabbitmq-cluster-deployment-default-user comes from the Deployment mdatadata.name + -default-user (see yaml in question)
UPDATE
From the docs: https://github.com/rabbitmq/cluster-operator/tree/main/docs/examples/external-admin-secret-credentials
When this externalSecret field is specified the default secret will not be generated by the cluster operator but the statefulset will wait until my-secret will be generated.
apiVersion: rabbitmq.com/v1beta1
kind: RabbitmqCluster
metadata:
name: external-secret-user
spec:
service:
type: LoadBalancer
replicas: 1
secretBackend:
externalSecret:
name: "my-secret"
Example Secret:
apiVersion: v1
data:
default_user.conf: ZGVmYXVsdF91c2VyID0gZGVmYXVsdF91c2VyX2htR1pGaGRld3E2NVA0ZElkeDcKZGVmYXVsdF9wYXNzID0gcWM5OG40aUdEN01ZWE1CVkZjSU8ybXRCNXZvRHVWX24K
host: dmF1bHQtZGVmYXVsdC11c2VyLmRlZmF1bHQuc3Zj
password: cWM5OG40aUdEN01ZWE1CVkZjSU8ybXRCNXZvRHVWX24=
port: NTY3Mg==
provider: cmFiYml0bXE=
type: cmFiYml0bXE=
username: ZGVmYXVsdF91c2VyX2htR1pGaGRld3E2NVA0ZElkeDc=
kind: Secret
metadata:
name: my-secret
namespace: rabbitmq-system
type: Opaque
Upvotes: 3
Related Questions
- RabbitMQ Cluster Kubernetes Operator on minikube
- Set user and password for rabbitmq on docker container
- difficulty with advanced configuration for rabbitmq in kubernetes
- RabbitMQ Topology Operator cant create Exchange on kubernetes
- RabbitMQ cluster-operator does not work in Kubernetes
- How to pass extra configuration to RabbitMQ with Helm?
- RabbitMQ pod web username and password?
- Rabbitmq : How to create RABBITMQ_ERLANG_COOKIE
- RabbitMQ and Kubernetes
- RabbitMQ username & password