apiVersion: v1
kind: ConfigMap
metadata:
  name: rabbitmq-config
data:
  rabbitmq.conf: |
    # 确保允许PLAIN认证
    auth_mechanisms.1 = PLAIN
    auth_mechanisms.2 = AMQPLAIN
    auth_mechanisms.3 = EXTERNAL
    # 允许admin用户通过远程方式连接
    loopback_users.admin = false
    # 默认心跳和监听配置可在此扩展
    # 确定 ssl 连接时验证使用的用户名
    ssl_cert_login_from = common_name
    # 开启此项配置会导致只能通过TLS端口访问
    listeners.tcp = none
    listeners.ssl.default = 5671
    # default user config
    load_definitions = /etc/rabbitmq/definitions.json
    # ssl config
    ssl_options.cacertfile = /etc/rabbitmq/certs/ca_certificate.pem
    ssl_options.certfile   = /etc/rabbitmq/certs/server_certificate.pem
    ssl_options.keyfile    = /etc/rabbitmq/certs/server_key.pem
    ssl_options.verify     = verify_peer
    ssl_options.fail_if_no_peer_cert = true
    # management config
    management.ssl.port  = 15671
    management.ssl.cacertfile = /etc/rabbitmq/certs/ca_certificate.pem
    management.ssl.certfile   = /etc/rabbitmq/certs/server_certificate.pem
    management.ssl.keyfile    = /etc/rabbitmq/certs/server_key.pem
    management.ssl.verify     = verify_peer
    management.ssl.fail_if_no_peer_cert = true