場景:單個pod,部署在主節點,基礎版沒有插件,進階版多了一個插件
基礎版本:
---
apiVersion: v1
kind: PersistentVolume
metadata:name: rabbitmq-pv
spec:capacity:storage: 5GiaccessModes:- ReadWriteOncestorageClassName: manualhostPath:path: /data/rabbitmqtype: DirectoryOrCreate
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:name: rabbitmq-pvcnamespace: middle-ware
spec:storageClassName: manualaccessModes:- ReadWriteOnceresources:requests:storage: 5Gi
---
apiVersion: apps/v1
kind: StatefulSet
metadata:name: rabbitmqnamespace: middle-ware
spec:serviceName: rabbitmq-headlessreplicas: 1selector:matchLabels:app: rabbitmqtemplate:metadata:labels:app: rabbitmqspec:dnsPolicy: ClusterFirst# 時間同步配置#hostNetwork: true#hostPID: truehostname: rabbitmq-0subdomain: rabbitmq-headlesstolerations:- key: "node-role.kubernetes.io/control-plane"operator: "Exists"effect: "NoSchedule" # 存儲權限初始化initContainers:- name: volume-permissionsimage: busybox:1.28command: ["sh", "-c", "chown -R 1000:1000 /var/lib/rabbitmq"]volumeMounts:- name: rabbitmq-storagemountPath: /var/lib/rabbitmqcontainers:- name: rabbitmqimage: swr.cn-north-4.myhuaweicloud.com/ddn-k8s/docker.io/rabbitmq:3-management#imagePullPolicy: IfNotPresent# 端口配置ports:- containerPort: 5672name: amqp- containerPort: 15672name: management# 卷掛載volumeMounts:- name: rabbitmq-configmountPath: /etc/rabbitmq/rabbitmq.confsubPath: rabbitmq.conf- name: rabbitmq-storagemountPath: /var/lib/rabbitmq- name: timezonemountPath: /etc/localtime# 精簡后的環境變量env:- name: RABBITMQ_USE_LONGNAME value: "true" - name: RABBITMQ_NODENAMEvalue: "rabbit@rabbitmq-0.rabbitmq-headless.middle-ware.svc.cluster.local"- name: HOSTNAMEvalueFrom:fieldRef:fieldPath: metadata.name- name: RABBITMQ_ERLANG_COOKIEvalue: "secretcookie"- name: RABBITMQ_DEFAULT_USERvalueFrom:secretKeyRef:name: rabbitmq-credentialskey: RABBITMQ_DEFAULT_USER# 資源限制resources:requests:cpu: "500m"memory: "1Gi"limits:cpu: "1"memory: "5Gi"# 存儲聲明volumes:- name: timezonehostPath:path: /usr/share/zoneinfo/Asia/Shanghai- name: rabbitmq-configconfigMap:name: rabbitmq-config- name: rabbitmq-storagepersistentVolumeClaim:claimName: rabbitmq-pvc
---
apiVersion: v1
kind: ConfigMap
metadata:name: rabbitmq-confignamespace: middle-ware
data:rabbitmq.conf: |default_user = admindefault_pass = admin123loopback_users = nonelisteners.tcp.default = 5672management.tcp.port = 15672cluster_name = k8s_rabbitmqcluster_formation.peer_discovery_backend = rabbit_peer_discovery_k8scluster_formation.k8s.host = kubernetes.default.svc.cluster.localcluster_formation.k8s.address_type = hostnamecluster_formation.k8s.service_name = rabbitmq-headless#use_longname = true
---
apiVersion: v1
kind: Service
metadata:name: rabbitmq-nodeportnamespace: middle-ware
spec:type: NodePortselector:app: rabbitmqports:- port: 5672targetPort: 5672nodePort: 30672name: amqp- port: 15672targetPort: 15672nodePort: 31672name: management
---
apiVersion: v1
kind: Service
metadata:name: rabbitmq-headlessnamespace: middle-ware
spec:clusterIP: Noneselector:app: rabbitmqports:- port: 5672name: amqp- port: 15672name: management
---
apiVersion: v1
kind: Service
metadata:name: rabbitmq-servicenamespace: middle-ware
spec:type: ClusterIPselector:app: rabbitmqports:- port: 5672name: amqp- port: 15672name: management
---
apiVersion: v1
kind: Secret
metadata:name: rabbitmq-credentialsnamespace: middle-ware
type: Opaque
stringData:RABBITMQ_DEFAULT_USER: "admin" # 用戶名RABBITMQ_DEFAULT_PASS: "admin123" # 密碼
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:name: rabbitmq-peer-discovery
rules:
- apiGroups: [""]resources: ["pods"]verbs: ["list", "get"]
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:name: rabbitmq-peer-discoverynamespace: middle-ware
subjects:
- kind: ServiceAccountname: default # 或你的自定義 ServiceAccountnamespace: middle-ware
roleRef:kind: ClusterRolename: rabbitmq-peer-discoveryapiGroup: rbac.authorization.k8s.io
封裝版本:
新增方式:在原有的鏡像上將插件拷貝進來,封裝多了一個插件文件到/opt/rabbitmq/plugins
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:name: rabbitmq-plugins-pvc
spec:storageClassName: "" # 空字符串表示不使用動態存儲分配volumeName: rabbitmq-pv # 指定已有的 PV 名稱accessModes:- ReadWriteOnceresources:requests:storage: 1Gi
---
apiVersion: v1
kind: PersistentVolume
metadata:name: rabbitmq-pv
spec:capacity:storage: 5GiaccessModes:- ReadWriteOncestorageClassName: manualhostPath:path: /data/rabbitmqtype: DirectoryOrCreate
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:name: rabbitmq-pvcnamespace: middle-ware
spec:storageClassName: manualaccessModes:- ReadWriteOnceresources:requests:storage: 4Gi
---
apiVersion: apps/v1
kind: StatefulSet
metadata:name: rabbitmqnamespace: middle-ware
spec:serviceName: rabbitmq-headlessreplicas: 1selector:matchLabels:app: rabbitmqtemplate:metadata:labels:app: rabbitmqspec:dnsPolicy: ClusterFirst# 時間同步配置#hostNetwork: true#hostPID: truehostname: rabbitmq-0subdomain: rabbitmq-headlesstolerations:- key: "node-role.kubernetes.io/control-plane"operator: "Exists"effect: "NoSchedule" # 存儲權限初始化initContainers:- name: volume-permissionsimage: busybox:1.28command: ["sh", "-c", "mkdir -p /var/lib/rabbitmq && chown -R 1000:1000 /var/lib/rabbitmq"]volumeMounts:- name: rabbitmq-storagemountPath: /var/lib/rabbitmqcontainers:- name: rabbitmqimage: swr.cn-north-4.myhuaweicloud.com/ddn-k8s/docker.io/rabbitmq:3-management#imagePullPolicy: IfNotPresent# 端口配置ports:- containerPort: 5672name: amqp- containerPort: 15672name: management# 卷掛載volumeMounts:- name: rabbitmq-configmountPath: /etc/rabbitmq/rabbitmq.confsubPath: rabbitmq.conf- name: rabbitmq-storagemountPath: /var/lib/rabbitmq- name: timezonemountPath: /etc/localtime - name: rabbitmq-pluginsmountPath: /opt/rabbitmq/publishlifecycle:postStart:exec:command: ["/bin/sh", "-c", "rabbitmq-plugins enable rabbitmq_delayed_message_exchange"] # 精簡后的環境變量env:- name: RABBITMQ_USE_LONGNAME value: "true" - name: RABBITMQ_NODENAMEvalue: "rabbit@rabbitmq-0.rabbitmq-headless.middle-ware.svc.cluster.local"- name: HOSTNAMEvalueFrom:fieldRef:fieldPath: metadata.name- name: RABBITMQ_ERLANG_COOKIEvalue: "secretcookie"- name: RABBITMQ_DEFAULT_USERvalueFrom:secretKeyRef:name: rabbitmq-credentialskey: RABBITMQ_DEFAULT_USER# 資源限制resources:requests:cpu: "500m"memory: "1Gi"limits:cpu: "1"memory: "2Gi"# 存儲聲明volumes:- name: rabbitmq-pluginspersistentVolumeClaim:claimName: rabbitmq-plugins-pvc- name: timezonehostPath:path: /usr/share/zoneinfo/Asia/Shanghai- name: rabbitmq-configconfigMap:name: rabbitmq-config- name: rabbitmq-storagepersistentVolumeClaim:claimName: rabbitmq-pvc
---
apiVersion: v1
kind: ConfigMap
metadata:name: rabbitmq-confignamespace: middle-ware
data:rabbitmq.conf: |#default_user = admin#default_pass = admin123loopback_users = nonelisteners.tcp.default = 5672management.tcp.port = 15672cluster_name = k8s_rabbitmqcluster_formation.peer_discovery_backend = rabbit_peer_discovery_k8scluster_formation.k8s.host = kubernetes.default.svc.cluster.localcluster_formation.k8s.address_type = hostnamecluster_formation.k8s.service_name = rabbitmq-headless#use_longname = trueplugins = rabbitmq_delayed_message_exchange
---
apiVersion: v1
kind: Service
metadata:name: rabbitmq-nodeportnamespace: middle-ware
spec:type: NodePortselector:app: rabbitmqports:- port: 5672targetPort: 5672nodePort: 30672name: amqp- port: 15672targetPort: 15672nodePort: 31672name: management
---
apiVersion: v1
kind: Service
metadata:name: rabbitmq-headlessnamespace: middle-ware
spec:clusterIP: Noneselector:app: rabbitmqports:- port: 5672name: amqp- port: 15672name: management
---
apiVersion: v1
kind: Service
metadata:name: rabbitmq-servicenamespace: middle-ware
spec:type: ClusterIPselector:app: rabbitmqports:- port: 5672name: amqp- port: 15672name: management
---
apiVersion: v1
kind: Secret
metadata:name: rabbitmq-credentialsnamespace: middle-ware
type: Opaque
stringData:RABBITMQ_DEFAULT_USER: "admin" # 用戶名RABBITMQ_DEFAULT_PASS: "admin123" # 密碼
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:name: rabbitmq-peer-discovery
rules:
- apiGroups: [""]resources: ["pods"]verbs: ["list", "get"]
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:name: rabbitmq-peer-discoverynamespace: middle-ware
subjects:
- kind: ServiceAccountname: default # 或你的自定義 ServiceAccountnamespace: middle-ware
roleRef:kind: ClusterRolename: rabbitmq-peer-discoveryapiGroup: rbac.authorization.k8s.io
封裝版本的鏡像是需要制作的,制作流程如下:
mkdir test && cd test
ls
tar-1.34.tar.gz? ?rabbitmq_delayed_message_exchange.tar
vim Dockerfile
#-----第一階段,為了制作tar包,第二階段應用到rabbitmq里,第三階段時rabbitmq插件加載
#FROM swr.cn-north-4.myhuaweicloud.com/ddn-k8s/docker.io/selectdb/alpine:latest AS builder
# 修改軟件源為國內鏡像
#RUN sed -i 's|https://dl-cdn.alpinelinux.org/alpine/|http://mirrors.tuna.tsinghua.edu.cn/alpine/|g' /etc/apk/repositories
# 安裝完整的編譯工具鏈和依賴庫
#RUN apk update && apk add --no-cache \
# build-base \
# gcc \
# make \
# autoconf \
# automake \
# bison \
# gettext \
# libtool \
# elfutils-dev \
# ncurses-dev \
# readline-dev \
# zlib-dev \
# musl-dev
# 復制 tar-1.34.tar.gz
#COPY tar-1.34.tar.gz /tar-1.34.tar.gz
# 解壓、編譯并安裝 tar
#RUN tar -zxf /tar-1.34.tar.gz && \
# cd /tar-1.34 && \
# FORCE_UNSAFE_CONFIGURE=1 ./configure --prefix=/usr/local && \
# make && \
# make install && \
# rm -rf /tar-1.34 /tar-1.34.tar.gz
# 第二階段:使用 RabbitMQ 鏡像
#FROM swr.cn-north-4.myhuaweicloud.com/ddn-k8s/docker.io/rabbitmq:3-management
# 從第一階段復制編譯好的 tar
#COPY --from=builder /usr/local /usr/local##docker build -t rabbitmq-tar:1.1 .
##ls
##tar-1.34.tar.gz Dockerfile#----
#添加插件并且運行容器自動啟動
#FROM rabbitmq-tar:1.1
# # 將本地插件包復制到容器內的 /opt/rabbitmq/plugins 目錄
#COPY rabbitmq_delayed_message_exchange-3.13.0.ez /opt/rabbitmq/plugins
#啟動時加載插件
#RUN rabbitmq-plugins enable --offline rabbitmq_delayed_message_exchange
#
##制作鏡像
##docker build -t rabbitmq_delayed_message_exchange:1.4 .
##ls
##rabbitmq_delayed_message_exchange.ez Dockerfile
#然后再yaml文件里引用最新鏡像即可
#測試是否自動加載插件成功
kubectl exec -it rabbitmq-0 -n middle-ware -- rabbitmq-plugins list |grep rabbitmq_delayed_message_exchange
-----
部署在新環境:pv和pvc大小,賬密更改,端口更改,pv目錄授權,登錄31672/admin/admin123默認的,建議更改
登錄curl測試:
http://10.10.10.150:31672/#/
admin/admin123
鏡像基于swr.cn-north-4.myhuaweicloud.com/ddn-k8s/docker.io/rabbitmq:3-management封裝了一層,添加了tar包,還有rabbitmq_delayed_message_exchange.ez插件包,并且每次運行容器會自動啟動插件
rabbitmq_delayed_message_exchange.tar是鏡像包
使用的話docker load -i rrabbitmq_delayed_message_exchange.tar導入這個tar包
![[密碼學實戰]商用密碼產品密鑰體系架構:從服務器密碼機到動態口令系統](http://pic.xiahunao.cn/[密碼學實戰]商用密碼產品密鑰體系架構:從服務器密碼機到動態口令系統)
——4.28)
在圖像分類中的應用)
》)
