安装bitnami/rabbitmq:11.1.1从helm chart到AKS集群没有任何问题,但当我尝试启用Azure AD身份验证Azure AD登录按钮不显示。我按照这个指示https://www.rabbitmq.com/oauth2-examples-azure.html
补充说明:
replicaCount: 3
clustering:
forceBoot: true
metrics:
enabled: true
serviceMonitor:
enabled: true
namespace: prometheus
labels: "release: prometheus"
pdb:
create: true
minAvailable: 2
image:
debug: true
plugins: "rabbitmq_management rabbitmq_auth_backend_oauth2 rabbitmq_peer_discovery_k8s rabbitmq_shovel_management"
extraPlugins: "rabbitmq_auth_backend_oauth2"
extraVolumes:
- name: secret-provider
csi:
driver: secrets-store.csi.k8s.io
readOnly: true
volumeAttributes:
secretProviderClass: secret-provider
extraVolumeMounts:
- name: secret-provider
readOnly: true
mountPath: /mnt/secrets-store
ingress:
enabled: true
extraTls:
- hosts:
- rabbitmq.example.net
secretName: rabbitmq-tls
hostname: rabbitmq.example.net
tls: true
ingressClassName: nginx-internal
existingSecret: rabbitmq-tls
service:
type: LoadBalancer
loadBalancerIP: "10.1.1.1"
annotations:
service.beta.kubernetes.io/azure-load-balancer-internal: "true"
auth:
tls:
enabled: true
autoGenerated: false
failIfNoPeerCert: false
sslOptionsVerify: verify_peer
existingSecret: "rabbitmq-ampq-tls"
existingSecretFullChain: true
extraEnvVars:
- name: TZ
value: "Europe/Warsaw"
- name: MODE
value: azure
resources:
limits:
cpu: 2000m
memory: 2Gi
requests:
cpu: 100m
memory: 256Mi
advancedConfiguration: |-
[
{rabbit, [
{auth_backends, [rabbit_auth_backend_oauth2, rabbit_auth_backend_internal]}
]},
{rabbitmq_management, [
{oauth_enabled, true},
{oauth_client_id, "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"},
{oauth_provider_url, "https://login.microsoftonline.com/yyyyyyyy-yyyy-yyyy-yyyy-yyyyyyyyyyyy"}
]},
{rabbitmq_auth_backend_oauth2, [
{resource_server_id, <<"xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx">>},
{extra_scopes_source, <<"roles">>},
{key_config, [
{jwks_url, <<"https://login.microsoftonline.com/yyyyyyyy-yyyy-yyyy-yyyy-yyyyyyyyyyyy/discovery/v2.0/keys">>}
]}
]}
].
当我在浏览器中打开管理控制台链接时,我看到常规登录屏幕(没有SSO登录按钮)和Pod日志:2023-09-14 17:09:35.912239+02:00 [warning] <0.2349.0> Disabling OAuth 2 authorization, missing relevant configuration in management plugin
1条答案
按热度按时间yyhrrdl81#
我还不确定为什么会有差异,但身份验证开始工作时,我还添加了:
我还不确定为什么这些教程是不同的
Works:April 2009
不工作:https://www.rabbitmq.com/oauth2-examples-azure.html