RocketMQ Helm模板增加ACL认证

RocketMQ版本：4.9.2

具体请按实际场景进行修改

修改rocketmq/templates/broker/configmap.yaml

data:
  broker-base.conf: |
    brokerClusterName = {{ .Values.clusterName }}
    aclEnable={{ .Values.broker.config.aclEnable }}
{{- range $key, $value := .Values.broker.config }}
    {{ $key }} = {{ $value }}
{{- end }}
  plain_acl.yml: |
    globalWhiteRemoteAddresses:
    accounts:
      - accessKey: {{ .Values.dashboard.user }}
        secretKey: {{ .Values.dashboard.password }}
        whiteRemoteAddress: "*"
        admin: false
        defaultTopicPerm: DENY
        defaultGroupPerm: SUB
        topicPerms:
          - topicA=DENY
          - topicB=PUB|SUB
          - topicC=SUB
        groupPerms:
          - groupA=DENY
          - groupB=PUB|SUB
          - groupC=SUB

修改rocketmq/templates/broker/statefulset.yaml

        volumeMounts:
        - mountPath: /home/rocketmq/logs
          name: broker-storage
          subPath: rocketmq-broker/logs
        - mountPath: /home/rocketmq/store
          name: broker-storage
          subPath: rocketmq-broker/store
        - mountPath: /etc/rocketmq/broker-base.conf
          name: broker-base-config
          subPath: broker-base.conf
        - mountPath: /runbroker.sh
          name: runbroker-sh
          subPath: runbroker.sh
        - mountPath: /home/rocketmq/rocketmq-4.9.2/conf/plain_acl.yml
          name: acl-config
          subPath: plain_acl.yml
      dnsPolicy: ClusterFirst
      terminationGracePeriodSeconds: 30
      volumes:
      - configMap:
          items:
          - key: broker-base.conf
            path: broker-base.conf
          name: {{ $brokerCmName }}
        name: broker-base-config
      - configMap:
          items:
          - key: runbroker.sh
            path: runbroker.sh
          name: {{ $brokerCmName }}
        name: runbroker-sh
      - name: acl-config
        configMap:
          name: {{ $brokerCmName }}

修改rocketmq/templates/dashboard/configmap.yaml

metadata:
  name: {{ $dashboardCmName | quote }}
data:
  application.properties: |
    server.address=0.0.0.0
    server.port=8080
    spring.application.name=rocketmq-dashboard
    spring.http.encoding.charset=UTF-8
    spring.http.encoding.enabled=true
    spring.http.encoding.force=true
    logging.level.root=INFO
    logging.config=classpath:logback.xml
    rocketmq.config.namesrvAddr=
    rocketmq.config.isVIPChannel=
    rocketmq.config.timeoutMillis=
    rocketmq.config.dataPath=/tmp/rocketmq-console/data
    rocketmq.config.enableDashBoardCollect=true
    rocketmq.config.msgTrackTopicName=
    rocketmq.config.ticketKey=ticket
    rocketmq.config.loginRequired=false
    rocketmq.config.useTLS=false
    rocketmq.config.accessKey={{ .Values.dashboard.user }}
    rocketmq.config.secretKey={{ .Values.dashboard.password }}
    # Add any other required configuration options

修改rocketmq/templates/dashboard/deployment.yaml

        - name: ROCKETMQ_CONSOLE_USER
          value: {{ .Values.dashboard.user }}
        - name: ROCKETMQ_CONSOLE_PASSWORD
          value: {{ .Values.dashboard.password }}

        - name: ROCKETMQ_CONFIG_ACCESSKEY
          value: "{{ .Values.dashboard.user }}"
        - name: ROCKETMQ_CONFIG_SECRETKEY
          value: "{{ .Values.dashboard.password }}"
        ports:
        - containerPort: 8080
          protocol: TCP
            mountPath: /tmp/rocketmq-console/data/users.properties
            subPath: users.properties
            readOnly: false
          - name: dashboard-config
            mountPath: /tmp/rocketmq-console/data/application.properties
            subPath: application.properties
            readOnly: true
        resources:
          {{- toYaml $.Values.dashboard.resources | nindent 10 }}
      volumes:
          configMap:
            name: {{ $configmapFullName | quote }}
            defaultMode: 0755
        - name: dashboard-config
          configMap:
            name: {{ $configmapFullName | quote }}
            defaultMode: 0755
      {{- with $.Values.dashboard.tolerations }}
      tolerations:
        {{- toYaml . | nindent 8 }}

修改rocketmq/values.yaml

broker:
  config:
    ## brokerClusterName brokerName brokerRole brokerId 由内置脚本自动生成
    deleteWhen: "04"
    fileReservedTime: "48"
    flushDiskType: "ASYNC_FLUSH"
    waitTimeMillsInSendQueue: "1000"
    # transientStorePoolEnable: "true"
    # transferMsgByHeap: "false"
    aclEnable: "true" # 启用ACL身份验证

__EOF__

本文作者：shook
本文链接：https://www.cnblogs.com/shook/p/17376705.html
关于博主：评论和私信会在第一时间回复。或者直接私信我。
版权声明：本博客所有文章除特别声明外，均采用 BY-NC-SA 许可协议。转载请注明出处！
声援博主：如果您觉得文章对您有帮助，可以点击文章右下角【推荐】一下。您的鼓励是博主的最大动力！