34 lines
1.3 KiB
YAML
34 lines
1.3 KiB
YAML
apiVersion: v1
|
|
kind: ConfigMap
|
|
metadata:
|
|
name: rabbitmq-config
|
|
data:
|
|
rabbitmq.conf: |
|
|
# 确保允许PLAIN认证
|
|
auth_mechanisms.1 = PLAIN
|
|
auth_mechanisms.2 = AMQPLAIN
|
|
auth_mechanisms.3 = EXTERNAL
|
|
# 允许admin用户通过远程方式连接
|
|
loopback_users.admin = false
|
|
# 默认心跳和监听配置可在此扩展
|
|
# 确定 ssl 连接时验证使用的用户名
|
|
ssl_cert_login_from = common_name
|
|
# 开启此项配置会导致只能通过TLS端口访问
|
|
listeners.tcp = none
|
|
listeners.ssl.default = 5671
|
|
# ssl config
|
|
ssl_options.cacertfile = /etc/rabbitmq/certs/ca_certificate.pem
|
|
ssl_options.certfile = /etc/rabbitmq/certs/server_certificate.pem
|
|
ssl_options.keyfile = /etc/rabbitmq/certs/server_key.pem
|
|
ssl_options.verify = verify_peer
|
|
ssl_options.fail_if_no_peer_cert = true
|
|
# ssl_options.verify = verify_none
|
|
# ssl_options.fail_if_no_peer_cert = false
|
|
# management ssl config
|
|
management.ssl.port = 15671
|
|
management.ssl.cacertfile = /etc/rabbitmq/certs/ca_certificate.pem
|
|
management.ssl.certfile = /etc/rabbitmq/certs/server_certificate.pem
|
|
management.ssl.keyfile = /etc/rabbitmq/certs/server_key.pem
|
|
management.ssl.verify = verify_peer
|
|
management.ssl.fail_if_no_peer_cert = true
|