rabbitmq: Deploy RabbitMQ Server

RabbitMQ is an AMQP message broker. It will be used by `xactmon` to pass messages between the components. Although RabbitMQ can be deployed in a high-availability cluster, we don't really need that level of robustness for `xactmon`, so we will just run a single instance. Deploying a single-host RabbitMQ server is pretty straightforward. We're using mTLS authentication; clients need to have a certificate issued by the *RabbitMQ CA* in order to connect to the message broker. The `rabbitmq-ca` _cert-manager_ ClusterIssuer issues these certificates for in-cluster services like `xactmon`.
2024-07-26 20:43:39 -05:00
parent a04a2b5334
commit 1a1d8ff27d
12 changed files with 272 additions and 0 deletions
--- a/rabbitmq/ca/kustomization.yaml
+++ b/rabbitmq/ca/kustomization.yaml
@@ -0,0 +1,12 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+
+labels:
+- pairs:
+    app.kubernetes.io/component: rabbitmq-ca
+    app.kubernetes.io/instance: rabbitmq-ca
+    app.kubernetes.io/part-of: rabbitmq
+
+resources:
+- rabbitmq-ca.yaml
+- secrets.yaml
--- a/rabbitmq/ca/rabbitmq-ca.crt
+++ b/rabbitmq/ca/rabbitmq-ca.crt
@@ -0,0 +1,15 @@
+-----BEGIN CERTIFICATE-----
+MIICazCCAc2gAwIBAgIUHOLoRkpqTumPczT4haPTrDR+NWYwCgYIKoZIzj0EAwQw
+UDELMAkGA1UEBhMCVVMxGDAWBgNVBAoMD0R1c3RpbiBDLiBIYXRjaDERMA8GA1UE
+CwwIUmFiYml0TVExFDASBgNVBAMMC1JhYmJpdE1RIENBMB4XDTI0MDcyMTE1MzQ1
+NloXDTM0MDcyMjE1MzQ1NlowUDELMAkGA1UEBhMCVVMxGDAWBgNVBAoMD0R1c3Rp
+biBDLiBIYXRjaDERMA8GA1UECwwIUmFiYml0TVExFDASBgNVBAMMC1JhYmJpdE1R
+IENBMIGbMBAGByqGSM49AgEGBSuBBAAjA4GGAAQBUciaWKnxGTNnfkeTBFm4O8Qx
+byOua3LYDBVvP04U6xxpm3k/f6m8PVpj8k57lXFtSAi4xpAgVy9gCzTnoud1YZEA
+e4qSR4FG7M7mTygYLXkS6IheeRadWjRrjKvdtWr74gdsughnQ9dZjvE0lzqpFg0l
+ncYN6FVsW4jo4tj+rayp1tajQjBAMB0GA1UdDgQWBBTTZi3xHWChlywYYs+QIlRh
+96pcdDASBgNVHRMBAf8ECDAGAQH/AgEAMAsGA1UdDwQEAwIBBjAKBggqhkjOPQQD
+BAOBiwAwgYcCQgDf4KpCADduVqdgeXp/eUoQEznKplgiZF8fdM+fVSEd+4t+IQZw
+wi58uu2Ib5sPop0//iPT3AogIqmr+E1eu/EmAgJBY7naClR/IINeTTzUAqNjDxJa
+GkQ7jJjpnGHNbnwLJ7e7VCP2rqDRtgw7z2QCxk3gIZSThXGicHPqxyiK9T9rjZI=
+-----END CERTIFICATE-----
--- a/rabbitmq/ca/rabbitmq-ca.yaml
+++ b/rabbitmq/ca/rabbitmq-ca.yaml
@@ -0,0 +1,7 @@
+apiVersion: cert-manager.io/v1
+kind: ClusterIssuer
+metadata:
+  name: rabbitmq-ca
+spec:
+  ca:
+    secretName: rabbitmq-ca
--- a/rabbitmq/ca/secrets.yaml
+++ b/rabbitmq/ca/secrets.yaml
@@ -0,0 +1,19 @@
+---
+apiVersion: bitnami.com/v1alpha1
+kind: SealedSecret
+metadata:
+  name: rabbitmq-ca
+  namespace: cert-manager
+  labels:
+    app.kubernetes.io/name: rabbitmq-ca
+spec:
+  encryptedData:
+    tls.crt: AgBB9P7G4egqhKywdjQnfA9FbNdd1Nmn32RVo5aQpBf2TIOdpJ4r/vMSS+b80NLTt3KJ1eAim8RGOwCqJW/BKnLZhK95n2RnlqkmQysVFtemq0VXnmDnXVQ95TwFZQOxB2CzVFpXBWNFjrd+E3E9IPdU8XH35IuA4UiFp5YUeMcPKFnkmsNjOpu4axH4R9NDOAfiA+Eh0btGAT4+vqy78A0RImfPoRYSVN5EYulLD9xY9ShuivdJKZLIKIf69ma3Tzk1CBEO/wBgpy7E/XMQOptqq615u5KfxSknEXPeMH/leZatGRZF8YvUFl0Y9km2pCUBkYpzqCIDh9EMcEvB5+6Tmz52wpr73xTUlhjdVhJrha+VPk+Uut/49q5+ADB3v19JXvV+KIVdtV9LPPp14muyOrWSVKiH+CvoG0vfewnkR/rDQa5eHmCTkCv9PFtyeySsy5MkGE/ujo5jZP+w25fylaKnHepReyjfH5+xwkIHXiJ7DmZCsxayqdEEjjRacT/wrabP5MS9YEPi360uvPFr4P4navhZ4e8H66Ib7WscBc/HYynKv8Sirzc71IjGb07AGm1ivI1ddzbYZMBcifZlXh5R6C0sYePyWKlDzygWaFIvGPYWmnjD6PEg/wp94396xAsT3sh/+/Rv95hLcy4zHJYFQovW4zzxFNljgQVsJb+jzkEZlyYpiKwSqyaXVtMe5LBAhvNT9BRx0f1l1zrWE2PTWRtVH69kR3sTZ5Ur1JUN3e3weJqLhBV24BzcULdmyYHjc0qXcGMDMcd2FY3NYc4+EuFglmeu990j37WyY2LVr/XKkNdL8l4W7Q1DMGTyK6GiyNWsQolsBP9RviBsSbE2WsCGQUE51pjcSt8GVFMKYh7tyDT0iNd75L20YoyDlr8u7qlll2jUH6KhZmMz1zrC3MCkcnSAuWy1LK+Dm3ddcApEhVZAh9B7cY7eWcQUCPqW0jU3GhYyYt+F62rnZ8FcI38NTKEQqxVzJEaUsT8/AcCkq6jyYDM3YvDvo3zTOVTOzNQ1vc5ZIn8FDb9UDQcElo+neUyHnwUItHMLuIc44qMtdSGZsYAQzNjw3E5ZyRzEGpagglTTzjfvlGFJx57pheUtih2m0sbE4rtsYb79d/VhKMtRVVOiM5ChxcJK1Y7hJkpDqmzlMe06xRtuGf8VXl9VucWK5jZIC6rLdjwHOc3kwdXH+3+uVi2PdUbiGypJMK7iuRfe/FIAK+tDdcpVXXJn+okb1Oo36wZRapN8phFmvYOblZdVMl2BBljx778nXdA12NeKyIxLtdJ+86OQKskN6OpuLzLiCNl2lG5JpOzlwdtbOmmd0efQEwzFr9xd8XXb5Q8QImnoslBvhgmYLruFd1cPrcclZFQvCQgb1xN4uMtqCBMaVPJUaY0hXKLemzV/9bYLYP+3ES4jYAT/M/xyVnleWh+rJgMIHedEDWaAfZbbTYhHo7raBSecyl2opYKTTR7sjsVnACv2zB0LpOHVcWccwY5Zko4e21S/xjVq9Aff5tfwjV59g54oCun1HR6GHcuYgYYbqUt8BFbd09QaA1rgMAkNqaprJb7LXwt13Vm8sP6x6OcXt2YxZGlmPHsThcOFwV9SmUIyi8D+XEW/6FdFnUOhdnwNAQyagGT9A91Y5C3kz7Xh54Jdbgcg/Sc+8LQwlP86W35iCpsZjIiaQ/sRJcbQALAKXv/aKW2FxtXnXES2ynPf6RzpFzPv7xrLlva3AgYEm9rCD3LNl094tCoW4ZwxN45EKwk/7GGFpGS8+vhEfPfTe9RkHID5Hv76FeUr8Q+7l82QGCvZfvz4Ag5ZEp3sQpwfkvQFN94D8sfwSD87nmZVjQptJ0yu3yw4mhcMyVT5beMlMhtlUTG6Fq3hT0y0Leg8K63SHg==
+    tls.key: AgA6rWYBoogSLgfUQ82Lw++CvZSlhsUthdPtuMzrEAoCAYE55Vx5IvaEEKXkGLXcorYPFZSmVIlO35IM29F6u/DvHLQ/v4DXpcQJHXIejBM+zwynBXN/LGFIcBqj1JI1dZUYheb05nkD+qwiYhHCv4c6RSScX5osvPtXnq0AtCgNKNH4aRf3LQ4EUKakA8cVKmi8QC151L9pOWIrtkFdv28wSfW4viTkDhGornERcHZvPdkyG8gGQAy8B1Suy5LoZsfr8rFfWhYGOuVKNwM8RN3bBHVKhbCR5u6ap+ZzgPWdcWG88fRcXRY+YIgW2Q0Ffrk2TAVxgIbh/GuwYptwIKxj7cM3h11UqG57MpvcgE3rxhcwO5JbxPD2fAqxl98vkfIrasrhEpN3I3SHRrzxYKYt+6oYiK3H2xwIzBfMPIYfghyMLyf9H4f/zxRb945ehQrqYovduYdQR7ODsFYJmiGdMsITuPfq0Zl6KErDy+WILIY+eH5pkOym0A4te8jACbEALT6kcJ7buLfMZ65OHJDUzWf3W8Qi5WPkOXtDKkprzwjXotHdYcMInabE6rPjePb+uf9G9782WJQ7W5/ebJqEeL/FWFTQEurgrAt5v/8ugL8oF8LOyvt0dUboJKtDk/ZKgGEN4QQWQsuiBUX9qJxEgocbjnqw8/ZlzYy0AXdesv5nyspGYrIe2msrBbrrFMOQWAhyTdpXY+ZZldrH+qucUkbZZYBL1ItGOORg+dtcv3cXCfvL3cRUQrbZprjBGY4wqJB9CmfgCoLmxPBot6Lkedv1RrwaBB8KPpGi+hRtvI3rTeCuw0Ky7Q+qDFDsdoAZasRSPxQK3/9oY4gUplC2X5i3uC/jiNzbpA98IsmHKxDjcUk46kIbhLVOFp4CLTUILvOnLm0IMVpF7NtJhD0L7wbEC3iIF1UVAfixj/XaggT+jOuHzYJTowAbYHX7gUOUzTEmkAczy+6Aw7qoPwKYiJvbjM8PdqbMZ3ILtS3FmrlYEB9qi5J28J1R8t/LeG3gDsyabv52f0abFcfGQkPLsMbcEvBy2Xj2jQWVv+tK2a/0/iqCKRQydpEXkWP0Ae7YYqd4S+6sfe4zoUKHxLLCw/+jhI9sig+NZQau2zD24jx4INAdbaOwrd+udmqb2wtpQw/hwM9fARQXERy94VGRMxDUSSaOdv9dn/hJ1dawC7FNUk2HutTSBKquBPOB2aU=
+  template:
+    metadata:
+      name: rabbitmq-ca
+      namespace: cert-manager
+      labels:
+        app.kubernetes.io/name: rabbitmq-ca
+    type: kubernetes.io/tls