Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- ---
- # -------------------- Rabbitmq Secret ------------------- #
- apiVersion: v1
- kind: Secret
- metadata:
- name: rabbitmq
- labels:
- app: rabbitmq
- release: "rabbitmq"
- type: Opaque
- data:
- rabbitmq-password: "c2VjcmV0"
- rabbitmq-erlang-cookie: "eks4RlV1a1p0b0xLOU9MbzRtYWRCT0RsU0hzd090aEM="
- ---
- # ------------------ Rabbitmq Configmap ----------------- #
- apiVersion: v1
- kind: ConfigMap
- metadata:
- name: rabbitmq-config
- labels:
- app: rabbitmq
- release: "rabbitmq"
- data:
- enabled_plugins: |-
- [rabbitmq_management, rabbitmq_peer_discovery_k8s].
- rabbitmq.conf: |-
- ##username and password
- default_user=admin
- default_pass=CHANGEME
- ## Clustering
- cluster_formation.peer_discovery_backend = rabbit_peer_discovery_k8s
- cluster_formation.k8s.host = kubernetes.default.svc.cluster.local
- cluster_formation.node_cleanup.interval = 10
- cluster_formation.node_cleanup.only_log_warning = true
- cluster_partition_handling = autoheal
- ## queue master locator
- queue_master_locator=min-masters
- ## enable guest user
- loopback_users.guest = false
- ---
- # --------------- Rabbitmq ServiceAccount --------------- #
- apiVersion: v1
- kind: ServiceAccount
- metadata:
- name: rabbitmq
- labels:
- app: rabbitmq
- release: "rabbitmq"
- ---
- # --------------------- Rabbitmq Role -------------------- #
- kind: Role
- apiVersion: rbac.authorization.k8s.io/v1
- metadata:
- name: rabbitmq-endpoint-reader
- labels:
- app: rabbitmq
- release: "rabbitmq"
- rules:
- - apiGroups: [""]
- resources: ["endpoints"]
- verbs: ["get"]
- ---
- # ----------------- Rabbitmq Role Binding ---------------- #
- kind: RoleBinding
- apiVersion: rbac.authorization.k8s.io/v1
- metadata:
- name: rabbitmq-endpoint-reader
- labels:
- app: rabbitmq
- release: "rabbitmq"
- subjects:
- - kind: ServiceAccount
- name: rabbitmq
- roleRef:
- apiGroup: rbac.authorization.k8s.io
- kind: Role
- name: rabbitmq-endpoint-reader
- ---
- # --------------- Rabbitmq Service Headless ------------- #
- apiVersion: v1
- kind: Service
- metadata:
- name: rabbitmq-headless
- labels:
- app: rabbitmq
- release: "rabbitmq"
- spec:
- clusterIP: None
- ports:
- - name: epmd
- port: 4369
- targetPort: epmd
- - name: amqp
- port: 5672
- targetPort: amqp
- - name: dist
- port: 25672
- targetPort: dist
- - name: stats
- port: 15672
- targetPort: stats
- selector:
- app: rabbitmq
- release: "rabbitmq"
- ---
- # -------------------- Rabbitmq Service ----------------- #
- apiVersion: v1
- kind: Service
- metadata:
- name: rabbitmq
- labels:
- app: rabbitmq
- release: "rabbitmq"
- spec:
- type: ClusterIP
- ports:
- - name: epmd
- port: 4369
- targetPort: epmd
- - name: amqp
- port: 5672
- targetPort: amqp
- - name: dist
- port: 25672
- targetPort: dist
- - name: stats
- port: 15672
- targetPort: stats
- selector:
- app: rabbitmq
- release: "rabbitmq"
- ---
- # ----------------- Rabbitmq StatefulSet ---------------- #
- apiVersion: apps/v1beta2
- kind: StatefulSet
- metadata:
- name: rabbitmq
- labels:
- app: rabbitmq
- release: "rabbitmq"
- spec:
- serviceName: rabbitmq-headless
- replicas: 1
- selector:
- matchLabels:
- app: rabbitmq
- release: "rabbitmq"
- template:
- metadata:
- labels:
- app: rabbitmq
- release: "rabbitmq"
- spec:
- serviceAccountName: rabbitmq
- terminationGracePeriodSeconds: 10
- containers:
- - name: rabbitmq
- image: docker.io/bitnami/rabbitmq:3.7.9
- imagePullPolicy: "IfNotPresent"
- command:
- - bash
- - -ec
- - |
- mkdir -p /opt/bitnami/rabbitmq/.rabbitmq/
- mkdir -p /opt/bitnami/rabbitmq/etc/rabbitmq/
- #persist the erlang cookie in both places for server and cli tools
- echo $RABBITMQ_ERL_COOKIE > /opt/bitnami/rabbitmq/var/lib/rabbitmq/.erlang.cookie
- cp /opt/bitnami/rabbitmq/var/lib/rabbitmq/.erlang.cookie /opt/bitnami/rabbitmq/.rabbitmq/
- #change permission so only the user has access to the cookie file
- chmod 600 /opt/bitnami/rabbitmq/.rabbitmq/.erlang.cookie /opt/bitnami/rabbitmq/var/lib/rabbitmq/.erlang.cookie
- #copy the mounted configuration to both places
- cp /opt/bitnami/rabbitmq/conf/* /opt/bitnami/rabbitmq/etc/rabbitmq
- # Apply resources limits
- ulimit -n "${RABBITMQ_ULIMIT_NOFILES}"
- #replace the default password that is generated
- sed -i "s/CHANGEME/$RABBITMQ_PASSWORD/g" /opt/bitnami/rabbitmq/etc/rabbitmq/rabbitmq.conf
- # Move logs to stdout
- ln -sF /dev/stdout /opt/bitnami/rabbitmq/var/log/rabbitmq/rabbit@${MY_POD_IP}.log
- ln -sF /dev/stdout /opt/bitnami/rabbitmq/var/log/rabbitmq/rabbit@${MY_POD_IP}_upgrade.log
- exec rabbitmq-server
- volumeMounts:
- - name: config-volume
- mountPath: /opt/bitnami/rabbitmq/conf
- - name: data
- mountPath: /opt/bitnami/rabbitmq/var/lib/rabbitmq/
- ports:
- - name: epmd
- containerPort: 4369
- - name: amqp
- containerPort: 5672
- - name: dist
- containerPort: 25672
- - name: stats
- containerPort: 15672
- livenessProbe:
- exec:
- command: ["sh", "-c", "test \"$(curl -sS -f --user admin:$RABBITMQ_PASSWORD 127.0.0.1:15672/api/healthchecks/node)\" = '{\"status\":\"ok\"}'"]
- initialDelaySeconds: 120
- timeoutSeconds: 5
- periodSeconds: 5
- failureThreshold: 6
- successThreshold: 1
- readinessProbe:
- exec:
- command: ["sh", "-c", "test \"$(curl -sS -f --user admin:$RABBITMQ_PASSWORD 127.0.0.1:15672/api/healthchecks/node)\" = '{\"status\":\"ok\"}'"]
- initialDelaySeconds: 10
- timeoutSeconds: 3
- periodSeconds: 5
- failureThreshold: 3
- successThreshold: 1
- env:
- - name: MY_POD_IP
- valueFrom:
- fieldRef:
- fieldPath: status.podIP
- - name: MY_POD_NAME
- valueFrom:
- fieldRef:
- fieldPath: metadata.name
- - name: MY_POD_NAMESPACE
- valueFrom:
- fieldRef:
- fieldPath: metadata.namespace
- - name: K8S_SERVICE_NAME
- value: "rabbitmq-headless"
- - name: K8S_ADDRESS_TYPE
- value: ip
- - name: RABBITMQ_NODENAME
- value: "rabbit@$(MY_POD_IP)"
- - name: RABBITMQ_ULIMIT_NOFILES
- value: "65536"
- - name: RABBITMQ_USE_LONGNAME
- value: "true"
- - name: RABBITMQ_ERL_COOKIE
- valueFrom:
- secretKeyRef:
- name: rabbitmq
- key: rabbitmq-erlang-cookie
- - name: RABBITMQ_PASSWORD
- valueFrom:
- secretKeyRef:
- name: rabbitmq
- key: rabbitmq-password
- securityContext:
- fsGroup: 1001
- runAsUser: 1001
- volumes:
- - name: config-volume
- configMap:
- name: rabbitmq-config
- items:
- - key: rabbitmq.conf
- path: rabbitmq.conf
- - key: enabled_plugins
- path: enabled_plugins
- - name: data
- emptyDir: {}
- ---
Add Comment
Please, Sign In to add comment