Kubernetes中部署高可用RabbitMQ集群的完整配置方案
本文介绍了在Kubernetes中部署高可用RabbitMQ集群的完整配置方案。
#创建命名空间
apiVersion: v1
kind: Namespace
metadata:
name: rmq-tool #命名空间名字
---
#定义一个kubernetes ConfigMap资源用于配置Rabbitmq集群
apiVersion: v1
kind: ConfigMap
metadata:
name: rmq-cluster-config
namespace: rmq-tool
labels:
addonmanager.kubernetes.io/mode: Reconcile
data:
enabled_plugins: | #启用RabbitMQ管理插件和Kubernetes集群发现插件
[rabbitmq_management,rabbitmq_peer_discovery_k8s].
rabbitmq.conf: |
loopback_users.guest = false
## Clustering
cluster_formation.peer_discovery_backend = rabbit_peer_discovery_k8s #使用Kubernetes服务发现机制
cluster_formation.k8s.host = kubernetes.default.svc.cluster.local #指定Kubernetes API地址
cluster_formation.k8s.address_type = hostname
cluster_formation.k8s.hostname_suffix = .rmq-cluster.rmq-tool.svc.cluster.local #设置集群节点的DNS后缀,确保唯一性
cluster_formation.node_cleanup.interval = 10 #节点清理检查间隔10秒
cluster_formation.node_cleanup.only_log_warning = true #仅记录警告日志,避免频繁清理
cluster_partition_handling = autoheal #自动处理网络分区,避免脑裂问题
## queue master locator
queue_master_locator=min-masters #优先将队列主节点分配到最少节点的节点上
---
#定义一个Kubernetes ServiceAccount资源,用于 RabbitMQ 集群的权限管理
apiVersion: v1
kind: ServiceAccount
metadata:
name: rmq-cluster #账户名称
namespace: rmq-tool
---
#定义一个Kubernetes Role资源,用于为RabbitMQ集群Pod授予特定权限
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: Role
metadata:
name: rmq-cluster #角色名称
namespace: rmq-tool
rules:
- apiGroups:
- "" #操作核心API组
resources:
- endpoints #用于服务发现
verbs:
- get #读取资源信息
---
#定义一个Kubernetes RoleBinding资源,用于将Role权限绑定到ServiceAccount
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: RoleBinding
metadata:
name: rmq-cluster
namespace: rmq-tool
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: rmq-cluster
subjects:
- kind: ServiceAccount
name: rmq-cluster
namespace: rmq-tool
---
#定义一个Kubernetes Secret资源,用于存储RabbitMQ集群的敏感信息
apiVersion: v1
kind: Secret
metadata:
name: rmq-cluster-secret
namespace: rmq-tool
stringData:
cookie: ERLANG_COOKIE
username: admin #Rabbitmq管理员
password: M2@25_rmq #Rabbitmq管理员密码
type: Opaque #通用密钥值对
---
#定义一个Kubernetes Headless Service资源,用于RabbitMQ集群的管理和服务发现
apiVersion: v1
kind: Service
metadata:
name: rmq-cluster
namespace: rmq-tool
labels:
app: rmq-cluster #需与RabbitMQ Pod的metadata.labels配置一致,确保标签匹配
spec:
selector:
app: rmq-cluster #标签选择RabbitMQ集群Pod
ports:
- name: http
port: 15672 #Rabbitmq管理界面端口
protocol: TCP
targetPort: 15672
- name: amqp
port: 5672 #Rabbitmq消息代理端口
protocol: TCP
targetPort: 5672
clusterIP: None #禁用集群IP,直接返回后端Pod的IP列表,适用于RabbitMQ集群发现。
---
#定义一个Kubernetes NodePort Service资源,用于RabbitMQ集群的外部访问
apiVersion: v1
kind: Service
metadata:
name: rmq-cluster-nodeport
namespace: rmq-tool
labels:
app: rmq-cluster
spec:
selector:
app: rmq-cluster #通过app=rmq-cluster标签选择RabbitMQ集群Pod
ports:
- name: amqp
port: 5672 #服务端口
protocol: TCP
targetPort: 5672
nodePort: 32661 #节点端口(外部访问端口)
- name: http
port: 15672 #服务端口
protocol: TCP
targetPort: 15672 #Pod端口
nodePort: 32672 #节点端口(外部访问端口)
type: NodePort
---
#定义一个Kubernetes StatefulSet资源配置文件,用于部署一个高可用的RabbitMQ集群
apiVersion: apps/v1
kind: StatefulSet
metadata:
name: rmq-cluster
namespace: rmq-tool
labels:
app: rmq-cluster
spec:
replicas: 3 #副本数
selector:
matchLabels:
app: rmq-cluster
serviceName: rmq-cluster
template:
metadata:
labels:
app: rmq-cluster
spec:
serviceAccountName: rmq-cluster
terminationGracePeriodSeconds: 30
affinity:
podAntiAffinity
preferredDuringSchedulingIgnoredDuringExecution: #使用Pod反亲和性将Pod分散到不同节点
- weight: 100
podAffinityTerm:
labelSelector:
matchExpressions:
- key: app
operator: In
values:
- rmq-cluster
topologyKey: kubernetes.io/hostname
imagePullSecrets:
- name: harbor
containers:
- name: rabbitmq
image: docker.io/library/rabbitmq:v3.7
imagePullPolicy: IfNotPresent
ports:
- containerPort: 15672 #管理端口
name: http
protocol: TCP
- containerPort: 5672 #消息端口
name: amqp
protocol: TCP
command:
- sh
args:
- -c
- cp -v /etc/rabbitmq/rabbitmq.conf ${RABBITMQ_CONFIG_FILE}; exec docker-entrypoint.sh
rabbitmq-server
env:
- name: RABBITMQ_DEFAULT_USER
valueFrom:
secretKeyRef:
key: username #从Secret的rmq-cluster-secret获取认证信息用户名
name: rmq-cluster-secret
- name: RABBITMQ_DEFAULT_PASS
valueFrom:
secretKeyRef:
key: password #从Secret的rmq-cluster-secret获取认证信息密码
name: rmq-cluster-secret
- name: RABBITMQ_ERLANG_COOKIE
valueFrom:
secretKeyRef:
key: cookie ##从Secret的rmq-cluster-secret获取认证信息Erlang Cookie
name: rmq-cluster-secret
- name: K8S_SERVICE_NAME
value: rmq-cluster
- name: POD_IP
valueFrom:
fieldRef:
fieldPath: status.podIP
- name: POD_NAME
valueFrom:
fieldRef:
fieldPath: metadata.name
- name: POD_NAMESPACE
valueFrom:
fieldRef:
fieldPath: metadata.namespace
- name: RABBITMQ_USE_LONGNAME
value: "true"
- name: RABBITMQ_NODENAME
value: rabbit@$(POD_NAME).rmq-cluster.$(POD_NAMESPACE).svc.cluster.local
- name: RABBITMQ_CONFIG_FILE
value: /var/lib/rabbitmq/rabbitmq.conf
livenessProbe:
initialDelaySeconds: 60
periodSeconds: 30
timeoutSeconds: 10
successThreshold: 1
failureThreshold: 3
exec:
command:
- rabbitmqctl
- status
initialDelaySeconds: 30
timeoutSeconds: 10
readinessProbe:
exec:
command:
- rabbitmqctl
- status
initialDelaySeconds: 30
timeoutSeconds: 10
volumeMounts:
- name: config-volume
mountPath: /etc/rabbitmq #挂载ConfigMap rmq-cluster-config到/etc/rabbitmq目录
readOnly: false
- name: rabbitmq-storage
mountPath: /var/lib/rabbitmq #将持久化存储挂在在Pod这个目录
readOnly: false
volumes:
- name: config-volume
configMap:
items:
- key: rabbitmq.conf
path: rabbitmq.conf
- key: enabled_plugins
path: enabled_plugins
name: rmq-cluster-config
volumeClaimTemplates: #为每个Pod创建30GB的持久化存储
- metadata:
name: rabbitmq-storage
spec:
accessModes: [ "ReadWriteMany" ]
storageClassName: "nfs-provisioner"
resources:
requests:
storage: 30Gi
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: rmq-ingress #Ingress资源名称
namespace: rmq-tool
spec:
rules:
- host: rabbitmq.test.com #自定义域名接入
http:
paths:
- backend:
service:
name: rmq-cluster
port:
number: 15672 #转发到服务的15672端口(RabbitMQ管理界面)
path: /
pathType: Prefix
开源鸿蒙跨平台开发社区汇聚开发者与厂商,共建“一次开发,多端部署”的开源生态,致力于降低跨端开发门槛,推动万物智联创新。
更多推荐
23
0- 0
已为社区贡献2条内容
所有评论(0)