bitnami helm 图表中的 Rabbitmq,Azure AD 登录按钮不显示

问题描述 投票:0回答:1

从 Helm Chart 安装 bitnami/rabbitmq:11.1.1 到 AKS 集群,没有任何问题,但是当我尝试启用 Azure AD 身份验证时,Azure AD 登录按钮不显示。我遵循了这个指示 https://www.rabbitmq.com/oauth2-examples-azure.html

配置:

        replicaCount: 3
        clustering:
          forceBoot: true
        metrics:
          enabled: true
          serviceMonitor:
            enabled: true
            namespace: prometheus
            labels: "release: prometheus"
        pdb:
          create: true
          minAvailable: 2
        image:
          debug: true
        plugins: "rabbitmq_management rabbitmq_auth_backend_oauth2 rabbitmq_peer_discovery_k8s rabbitmq_shovel_management"
        extraPlugins: "rabbitmq_auth_backend_oauth2"
        extraVolumes:
        - name: secret-provider
          csi:
            driver: secrets-store.csi.k8s.io
            readOnly: true
            volumeAttributes:
              secretProviderClass: secret-provider
        extraVolumeMounts:
        - name: secret-provider
          readOnly: true
          mountPath: /mnt/secrets-store
        ingress:
          enabled: true
          extraTls:
          - hosts:
              - rabbitmq.example.net
            secretName: rabbitmq-tls
          hostname: rabbitmq.example.net
          tls: true
          ingressClassName: nginx-internal
          existingSecret: rabbitmq-tls
        service:
          type: LoadBalancer
          loadBalancerIP: "10.1.1.1"
          annotations:
            service.beta.kubernetes.io/azure-load-balancer-internal: "true"
        auth:
            tls:
              enabled: true
              autoGenerated: false
              failIfNoPeerCert: false
              sslOptionsVerify: verify_peer
              existingSecret: "rabbitmq-ampq-tls"
              existingSecretFullChain: true
        extraEnvVars:
        - name: TZ
          value: "Europe/Warsaw"
        - name: MODE
          value: azure
        resources:
          limits:
            cpu: 2000m
            memory: 2Gi
          requests:
            cpu: 100m
            memory: 256Mi
        advancedConfiguration: |-
              [
                {rabbit, [
                {auth_backends, [rabbit_auth_backend_oauth2, rabbit_auth_backend_internal]}
                ]},
                {rabbitmq_management, [
                  {oauth_enabled, true},
                  {oauth_client_id, "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"},                     
                  {oauth_provider_url, "https://login.microsoftonline.com/yyyyyyyy-yyyy-yyyy-yyyy-yyyyyyyyyyyy"}
              ]},
              {rabbitmq_auth_backend_oauth2, [
                {resource_server_id, <<"xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx">>},
                {extra_scopes_source, <<"roles">>},
                {key_config, [
                  {jwks_url, <<"https://login.microsoftonline.com/yyyyyyyy-yyyy-yyyy-yyyy-yyyyyyyyyyyy/discovery/v2.0/keys">>}
                ]}
              ]}
              ].

当我在浏览器中打开管理控制台链接时,我会看到常规登录屏幕(没有 sso 登录按钮)和 pod 日志中: 

2023-09-14 17:09:35.912239+02:00 [warning] <0.2349.0> Disabling OAuth 2 authorization, missing relevant configuration in management plugin

azure oauth-2.0 rabbitmq kubernetes-helm
1个回答
0
投票

我还不确定为什么会有差异,但当我添加时身份验证开始工作:

{
  oauth_client_secret, "PUT YOUR AZURE AD APPLICATION SECRET"
}

我还不确定为什么这些教程不同

作品: https://github.com/rabbitmq/rabbitmq-oauth2-tutorial/blob/main/use-cases/azure.md

不起作用: https://www.rabbitmq.com/oauth2-examples-azure.html

最新问题
© www.soinside.com 2019 - 2024. All rights reserved.