步骤一:创建PVC
提前购买 NAS,并且和 ACK 集群在同一个 VPC 网络,参考下图进行配置:
image.png
- 最好设置下子目录,避免共用 NAS 时,文件组织混乱。
- 如果出现权限问题,记得将子目录权限设置为 777 后重试。
步骤二:创建配置文件ConfigMap
apiVersion: v1
kind: ConfigMap
metadata:
name: rabbitmq-config
namespace: default
data:
rabbitmq.conf: |
cluster_formation.peer_discovery_backend = k8s
cluster_formation.k8s.host = kubernetes.default.svc.cluster.local
cluster_formation.k8s.address_type = hostname
cluster_formation.k8s.service_name = rabbitmq-headless
queue_master_locator=min-masters
enabled_plugins: >-
[rabbitmq_management,rabbitmq_peer_discovery_k8s,rabbitmq_delayed_message_exchange].
# 按需启用插件
步骤三:创建ServiceAccount
---
apiVersion: v1
kind: ServiceAccount
metadata:
name: rabbitmq
namespace: default
---
kind: Role
apiVersion: rbac.authorization.k8s.io/v1beta1
metadata:
name: rabbitmq
namespace: default
rules:
- apiGroups: [""]
resources: ["endpoints"]
verbs: ["get"]
- apiGroups: [""]
resources: ["events"]
verbs: ["create"]
---
kind: RoleBinding
apiVersion: rbac.authorization.k8s.io/v1beta1
metadata:
name: rabbitmq
namespace: default
subjects:
- kind: ServiceAccount
name: rabbitmq
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: rabbitmq
步骤四:创建Headless Service
apiVersion: v1
kind: Service
metadata:
name: rabbitmq-headless
namespace: default
spec:
clusterIP: None
ports:
- name: epmd
port: 4369
protocol: TCP
targetPort: 4369
- name: cluster-links
port: 25672
protocol: TCP
targetPort: 25672
selector:
app: rabbitmq
sessionAffinity: None
type: ClusterIP
步骤五:创建Service
apiVersion: v1
kind: Service
metadata:
name: rabbitmq-external
namespace: default
spec:
ports:
- name: http
port: 15672
protocol: TCP
targetPort: 15672
- name: amqp
port: 5672
protocol: TCP
targetPort: 5672
selector:
app: rabbitmq
sessionAffinity: None
type: ClusterIP
步骤六:创建 StatefulSet
apiVersion: apps/v1
kind: StatefulSet
metadata:
name: rabbitmq-cluster
namespace: default
spec:
replicas: 1
selector:
matchLabels:
app: rabbitmq
serviceName: rabbitmq-headless
template:
metadata:
labels:
app: rabbitmq
spec:
serviceAccountName: rabbitmq
securityContext:
fsGroup: 999
runAsUser: 999
runAsGroup: 999
volumes:
- name: config-volume
configMap:
name: rabbitmq-config
items:
- key: rabbitmq.conf
path: "rabbitmq.conf"
- key: enabled_plugins
path: "enabled_plugins"
- name: rabbitmq-config-rw
emptyDir: {}
- name: rabbitmq-data
persistentVolumeClaim:
claimName: rabbitmq-pvc
initContainers:
# Since k8s 1.9.4, config maps mount read-only volumes. Since the Docker image also writes to the config file,
# the file must be mounted as read-write. We use init containers to copy from the config map read-only
# path, to a read-write path
- name: init
image: busybox:1.31.1
volumeMounts:
- name: config-volume
mountPath: /tmp/rabbitmq
- name: rabbitmq-config-rw
mountPath: /etc/rabbitmq
command:
- sh
- -c
# the newline is needed since the Docker image entrypoint scripts appends to the config file
- cp /tmp/rabbitmq/rabbitmq.conf /etc/rabbitmq/rabbitmq.conf && echo '' >> /etc/rabbitmq/rabbitmq.conf;
cp /tmp/rabbitmq/enabled_plugins /etc/rabbitmq/enabled_plugins
containers:
- name: rabbitmq
image: registry-vpc.cn-hangzhou.aliyuncs.com/mq_basic/rabbitmq:3.8.1-alpine-delayed-message
livenessProbe:
exec:
# Stage 2 check, more detail at https://www.rabbitmq.com/monitoring.html#health-checks
command: ["rabbitmq-diagnostics", "status"]
initialDelaySeconds: 60
periodSeconds: 60
timeoutSeconds: 15
readinessProbe:
exec:
# Stage 2 check, more detail at https://www.rabbitmq.com/monitoring.html#health-checks
command: ["rabbitmq-diagnostics", "ping"]
initialDelaySeconds: 60
periodSeconds: 60
timeoutSeconds: 10
ports:
- name: amqp
containerPort: 5672
protocol: TCP
- name: management-http
containerPort: 15672
protocol: TCP
- name: epmd
containerPort: 4369
protocol: TCP
resources:
limits:
memory: 256Mi
requests:
memory: 256Mi
env:
- name: MY_POD_NAME
valueFrom:
fieldRef:
fieldPath: metadata.name # get pod.metadata.name, e.g. rabbitmq-cluster-0
- name: MY_POD_NAMESPACE
valueFrom:
fieldRef:
fieldPath: metadata.namespace # get pod.metadata.namespace
- name: RABBITMQ_DEFAULT_USER
value: "rabbitmq_root"
- name: RABBITMQ_DEFAULT_PASS
value: "JFw21-***-h8"
- name: RABBITMQ_USE_LONGNAME
value: "true"
- name: K8S_SERVICE_NAME
value: "rabbitmq-headless"
- name: RABBITMQ_NODENAME
value: "rabbit@$(MY_POD_NAME).$(K8S_SERVICE_NAME).$(MY_POD_NAMESPACE).svc.cluster.local"
- name: K8S_HOSTNAME_SUFFIX
value: .$(K8S_SERVICE_NAME).$(MY_POD_NAMESPACE).svc.cluster.local
- name: RABBITMQ_ERLANG_COOKIE
value: "91/rHX2a3GZw3RCHT1Q9y/G0Wo3cbX3qS06DyD4fAUs=" # generator by: echo $(openssl rand -base64 32)
volumeMounts:
- name: rabbitmq-config-rw
mountPath: "/etc/rabbitmq"
- name: rabbitmq-data
mountPath: "/var/lib/rabbitmq/mnesia"
步骤七:创建 Ingress 路由
将服务中的15672端口映射到指定域名上,然后DNS解析到此ingress的公网IP即可。
image.png
确认可以登录RabbitMQ 后台,且对应的插件也启用了。
