K
Q

How to expose amqps rabbitmq protocol in k8s environment externally?

11/18/2018

I was wondering - When setting rabbitmq nodes to use a TLS connection (as seen here https://github.com/artooro/rabbitmq-kubernetes-ha/blob/master/configmap.yaml), as I understand, I need to create a certificate that matches the hostname, wildcard can be used - https://www.rabbitmq.com/clustering-ssl.html.

As cluster dns is internal, I guess I should create a certificate with a common name such as - ‘*.rabbitmq.default.svc.cluster.local’.

When I’m exposing the service, I'm supposed to create either a NodePort service or a LoadBalancer service - with a totally different hostname (it should route internally).

My question is - how will the amqps connection work? Won't it present me with one of the node’s certificates - which will not match the load balancer’s dns?

What's the correct way to expose the amqps protocol?

Thanks in advance

-- ArielB
kubernetes
rabbitmq

Similar Questions

Monitor custom kubernetes pod metrics using Prometheus
How to have a autoscalable Laravel API in kubernetes
Unable to setup docker private registry with persistent storage on kubernetes with helm
How to deploy workload to GCP Kubernetes Programatically?
Read schedule expression of Kubernetes CronJob from ConfigMap
Kubernetes, can't reach Pod with external IP address
How to read secret key and value from Kubernetes volume mount using Spring Boot
K8s - using service accounts across namespaces
Kubernetes hpa with external metric. My external metric is not returning correct value
Overriding Docker ENTRYPOINT in Kubernetes

1 Answer

7/13/2019

If anyone is looking at it, it doesn't matter - this is not a "standard" https connection.

The client needs to specify the correct common name and that's enough for the connection to work.

-- ArielB
Source: StackOverflow