RocketMQ Helm模板增加ACL认证
RocketMQ版本:4.9.2
具体请按实际场景进行修改
修改rocketmq/templates/broker/configmap.yaml
data:
broker-base.conf: |
brokerClusterName = {{ .Values.clusterName }}
aclEnable={{ .Values.broker.config.aclEnable }}
{{- range $key, $value := .Values.broker.config }}
{{ $key }} = {{ $value }}
{{- end }}
plain_acl.yml: |
globalWhiteRemoteAddresses:
accounts:
- accessKey: {{ .Values.dashboard.user }}
secretKey: {{ .Values.dashboard.password }}
whiteRemoteAddress: "*"
admin: false
defaultTopicPerm: DENY
defaultGroupPerm: SUB
topicPerms:
- topicA=DENY
- topicB=PUB|SUB
- topicC=SUB
groupPerms:
- groupA=DENY
- groupB=PUB|SUB
- groupC=SUB
修改rocketmq/templates/broker/statefulset.yaml
volumeMounts:
- mountPath: /home/rocketmq/logs
name: broker-storage
subPath: rocketmq-broker/logs
- mountPath: /home/rocketmq/store
name: broker-storage
subPath: rocketmq-broker/store
- mountPath: /etc/rocketmq/broker-base.conf
name: broker-base-config
subPath: broker-base.conf
- mountPath: /runbroker.sh
name: runbroker-sh
subPath: runbroker.sh
- mountPath: /home/rocketmq/rocketmq-4.9.2/conf/plain_acl.yml
name: acl-config
subPath: plain_acl.yml
dnsPolicy: ClusterFirst
terminationGracePeriodSeconds: 30
volumes:
- configMap:
items:
- key: broker-base.conf
path: broker-base.conf
name: {{ $brokerCmName }}
name: broker-base-config
- configMap:
items:
- key: runbroker.sh
path: runbroker.sh
name: {{ $brokerCmName }}
name: runbroker-sh
- name: acl-config
configMap:
name: {{ $brokerCmName }}
修改rocketmq/templates/dashboard/configmap.yaml
metadata:
name: {{ $dashboardCmName | quote }}
data:
application.properties: |
server.address=0.0.0.0
server.port=8080
spring.application.name=rocketmq-dashboard
spring.http.encoding.charset=UTF-8
spring.http.encoding.enabled=true
spring.http.encoding.force=true
logging.level.root=INFO
logging.config=classpath:logback.xml
rocketmq.config.namesrvAddr=
rocketmq.config.isVIPChannel=
rocketmq.config.timeoutMillis=
rocketmq.config.dataPath=/tmp/rocketmq-console/data
rocketmq.config.enableDashBoardCollect=true
rocketmq.config.msgTrackTopicName=
rocketmq.config.ticketKey=ticket
rocketmq.config.loginRequired=false
rocketmq.config.useTLS=false
rocketmq.config.accessKey={{ .Values.dashboard.user }}
rocketmq.config.secretKey={{ .Values.dashboard.password }}
# Add any other required configuration options
修改rocketmq/templates/dashboard/deployment.yaml
- name: ROCKETMQ_CONSOLE_USER
value: {{ .Values.dashboard.user }}
- name: ROCKETMQ_CONSOLE_PASSWORD
value: {{ .Values.dashboard.password }}
- name: ROCKETMQ_CONFIG_ACCESSKEY
value: "{{ .Values.dashboard.user }}"
- name: ROCKETMQ_CONFIG_SECRETKEY
value: "{{ .Values.dashboard.password }}"
ports:
- containerPort: 8080
protocol: TCP
mountPath: /tmp/rocketmq-console/data/users.properties
subPath: users.properties
readOnly: false
- name: dashboard-config
mountPath: /tmp/rocketmq-console/data/application.properties
subPath: application.properties
readOnly: true
resources:
{{- toYaml $.Values.dashboard.resources | nindent 10 }}
volumes:
configMap:
name: {{ $configmapFullName | quote }}
defaultMode: 0755
- name: dashboard-config
configMap:
name: {{ $configmapFullName | quote }}
defaultMode: 0755
{{- with $.Values.dashboard.tolerations }}
tolerations:
{{- toYaml . | nindent 8 }}
修改rocketmq/values.yaml
broker:
config:
## brokerClusterName brokerName brokerRole brokerId 由内置脚本自动生成
deleteWhen: "04"
fileReservedTime: "48"
flushDiskType: "ASYNC_FLUSH"
waitTimeMillsInSendQueue: "1000"
# transientStorePoolEnable: "true"
# transferMsgByHeap: "false"
aclEnable: "true" # 启用ACL身份验证
