K
Q

How to add SSL to RabbitMQ UI management on GKE?

7/6/2017

I am trying to set up a RabbitMQ cluster on Google Container Engine and so far it is working correctly. To make it more secure I tried to to enabling SSL for the UI management.

Unfortunately can't make it works, I'm sure I'm doing something wrong but I can't figure out what.

I followed the informations shared here : https://github.com/docker-library/rabbitmq/pull/49 (for SSL support)

I generated a self-signed certificate for testing purpose :

openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /tmp/rq.key -out /tmp/rq.crt

Created secret for all of those variables :

kubectl create secret generic rabbitmq-key --from-file=/tmp/rq.key
kubectl create secret generic rabbitmq-cert --from-file=/tmp/rq.crt

This is what I added to my rabbitmq.yaml file for those changes :

    - name: RABBITMQ_SSL_CERT_FILE
      valueFrom:
        secretKeyRef:
          name: rabbitmq-crt
          key: rq.crt
    - name: RABBITMQ_SSL_KEY_FILE
      valueFrom:
        secretKeyRef:
          name: rabbitmq-key
          key: rq.key

EDIT : I solve the part for the credentials, apparently the secret for username and the associated password wasn't consider properly.

-- HammerZEIT
cloud
containers
kubernetes
rabbitmq
ssl

Similar Questions

not able to deploy k8s pod when tried through jenkins job on GCE
Create user in Kubernetes for kubectl
RBAC - Limit access for one service account
How to add new packages in Kubernetes

1 Answer

7/10/2017

I successfully made it https by using an ingress ressource which redirect traffic to my UI management port.

---
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
  name: basic-ingress
spec:
  tls:
    - secretName: tls-secret
  backend:
    serviceName: rabbitmq-management
    servicePort: 15672
  rules:
  - http:
      paths:
      - path: /
        backend:
          serviceName: rabbitmq-management
          servicePort: 15672
-- HammerZEIT
Source: StackOverflow