diff --git a/.gitignore b/.gitignore
index f413516..9fc74c6 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1,2 +1,40 @@
+# Local .terraform directories
 **/.terraform*
-**/terraform*
+
+# .tfstate files
+*.tfstate
+*.tfstate.*
+
+# Crash log files
+crash.log
+
+# Exclude all .tfvars files, which are likely to contain sentitive data, such as
+# password, private keys, and other secrets. These should not be part of version
+# control as they are data points which are potentially sensitive and subject
+# to change depending on the environment.
+#
+*.tfvars
+
+# Ignore override files as they are usually used to override resources locally and so
+# are not checked in
+override.tf
+override.tf.json
+*_override.tf
+*_override.tf.json
+
+# Include override files you do wish to add to version control using negated pattern
+#
+# !example_override.tf
+
+# Include tfplan files to ignore the plan output of command: terraform plan -out=tfplan
+# example: *tfplan*
+
+# Ignore CLI configuration files
+.terraformrc
+terraform.rc
+
+# IntelliJ project files
+.idea
+*.iml
+out
+gen
\ No newline at end of file
diff --git a/modules/rabbitmq-cluster/README.md b/modules/rabbitmq-cluster/README.md
new file mode 100644
index 0000000..9d93e2f
--- /dev/null
+++ b/modules/rabbitmq-cluster/README.md
@@ -0,0 +1,119 @@
+# RabbitMQ @ Kubernetes
+
+Deploy a RabbitMQ cluster on kubernetes using the RabbitmqOperator.
+
+## Notes
+
+* Use the label `spotinst.io/restrict-scale-down` to prevent right sizing.
+
+## Implementation
+
+```hcl
+#
+# Use the s3 bucket for state management.
+#
+terraform {
+
+    backend "s3" {}
+
+}
+
+#
+# Get kubernetes cluster info.
+#
+data "aws_eks_cluster" "cluster" {
+
+    #
+    # mlfabric k8 cluster specifically for github action runners.
+    #
+    name = var.cluster_name
+
+}
+
+#
+# Retrieve authentication for kubernetes from aws.
+#
+data "aws_eks_cluster_auth" "cluster" {
+
+    #
+    # mlfabric k8 cluster specifically for github action runners.
+    #
+    name = var.cluster_name
+
+}
+
+#
+# Install the rabbitmq cluster object.
+#
+variable "aws_profile" {}
+variable "aws_region" {}
+
+#
+# Retrieve authentication for kubernetes from aws.
+#
+provider "aws" {
+
+    profile = var.aws_profile
+    region  = var.aws_region
+
+}
+
+#
+# Get kubernetes cluster info.
+#
+data "aws_eks_cluster" "cluster" {
+
+    name = var.cluster_name
+
+}
+
+#
+# Retrieve authentication for kubernetes from aws.
+#
+data "aws_eks_cluster_auth" "cluster" {
+
+    name = var.cluster_name
+
+}
+
+provider "kubernetes" {
+    host                   = data.aws_eks_cluster.cluster.endpoint
+    token                  = data.aws_eks_cluster_auth.cluster.token
+    cluster_ca_certificate = base64decode(data.aws_eks_cluster.cluster.certificate_authority[ 0 ].data)
+}
+
+#
+# Install the rabbitmq cluster object.
+#
+module "rabbitmq-nontls" {
+
+    source  = "app.terraform.io/MAA-ML-DEVOPS/rabbitmq-cluster/kubernetes"
+    version = "2.0.7"
+
+    namespace        = "default"
+    name             = "rabbitmq"
+    internal_cidrs   = "8.0.0.224/32"
+    limit_cpu        = "7"
+    limit_memory     = "15Gi"
+    replicas         = 3
+    default_username = "rabbitmq"
+    default_password = "supersecret"
+    
+    #
+    # Restrict rabbitmq to running on nodes with this selector.
+    #
+    role             = "infra"
+
+    labels = {
+
+        #
+        # Prevent right sizing of the workload which causes rabbitmq
+        # to be rescheduled if downsizing occurs.
+        #
+        "spotinst.io/restrict-scale-down" = "true"
+
+    }
+
+}
+
+```
diff --git a/modules/rabbitmq-cluster/main.tf b/modules/rabbitmq-cluster/main.tf
new file mode 100644
index 0000000..81cdc06
--- /dev/null
+++ b/modules/rabbitmq-cluster/main.tf
@@ -0,0 +1,149 @@
+resource "kubernetes_manifest" "cluster" {
+
+    manifest = {
+
+        "apiVersion" = "rabbitmq.com/v1beta1"
+        "kind"       = "RabbitmqCluster"
+
+        "metadata" = {
+
+            "namespace" = var.namespace
+            "name"      = var.name
+            "labels"    = var.labels
+
+        }
+
+        "spec" = {
+
+            replicas = var.replicas
+            image    = var.image
+
+            service = {
+
+                type = "LoadBalancer"
+
+                annotations = {
+
+                    "service.beta.kubernetes.io/aws-load-balancer-type"     = "nlb"
+                    "service.beta.kubernetes.io/aws-load-balancer-internal" = var.internal_cidrs
+
+                }
+
+            }
+
+            affinity = {
+
+                nodeAffinity = {
+
+                    requiredDuringSchedulingIgnoredDuringExecution = {
+
+                        nodeSelectorTerms = [
+
+                            {
+
+                                matchExpressions = [
+
+                                    {
+
+                                        key      = "role"
+                                        operator = "In"
+                                        values   = [ var.role ]
+
+                                    }
+
+                                ]
+
+                            }
+
+                        ]
+
+                    }
+
+                }
+
+            }
+
+            override = {
+
+                statefulSet = {
+
+                    spec = {
+
+                        template = {
+
+                            metadata = {
+
+                                labels = var.labels
+
+                            }
+
+                        }
+
+                    }
+
+                }
+
+            }
+
+            persistence = {
+
+                storageClassName = "gp2"
+                storage          = "${ var.storage_gb }Gi"
+
+            }
+
+            resources = {
+
+                requests = {
+
+                    cpu    = var.limit_cpu
+                    memory = var.limit_memory
+
+                }
+
+                limits = {
+
+                    cpu    = var.limit_cpu
+                    memory = var.limit_memory
+
+                }
+
+            }
+
+            rabbitmq = {
+
+                additionalPlugins = var.additional_plugins
+                additionalConfig  = <<EOF
+prometheus.return_per_object_metrics = true
+consumer_timeout = 3600000
+default_user = ${ var.default_username }
+default_pass = ${ var.default_password }
+EOF
+
+            }
+
+            persistence = var.persistence
+
+            resources = {
+
+                requests = {
+
+                    cpu    = var.request_cpu
+                    memory = var.request_memory
+
+                }
+
+                limits = {
+
+                    cpu    = var.limit_cpu
+                    memory = var.limit_memory
+
+                }
+
+            }
+
+        }
+
+    }
+
+}
\ No newline at end of file
diff --git a/modules/rabbitmq-cluster/variables.tf b/modules/rabbitmq-cluster/variables.tf
new file mode 100644
index 0000000..1565ee7
--- /dev/null
+++ b/modules/rabbitmq-cluster/variables.tf
@@ -0,0 +1,157 @@
+variable "namespace" {
+
+    type        = string
+    description = "cluster namespace"
+
+}
+
+variable "name" {
+
+    type        = string
+    description = "cluster name"
+
+}
+
+variable "role" {
+
+    type        = string
+    description = "run on on nodes matching selector"
+
+}
+
+variable "image" {
+
+    type        = string
+    description = "docker image"
+    default     = "rabbitmq:3-management"
+
+}
+
+variable "cookie" {
+
+    type        = string
+    description = "rabbitmq cookie string"
+    default     = "changeme"
+
+}
+
+variable "request_cpu" {
+
+    type        = string
+    description = "cpu request"
+    default     = "1000m"
+
+}
+
+variable "request_memory" {
+
+    type        = string
+    description = "memory request"
+    default     = "2Gi"
+
+}
+
+variable "limit_cpu" {
+
+    type        = string
+    description = "cpu limit"
+    default     = "1000m"
+
+}
+
+variable "limit_memory" {
+
+    type        = string
+    description = "memory limit"
+    default     = "2Gi"
+
+}
+
+variable "replicas" {
+
+    type        = number
+    description = "number of replica pods"
+    default     = 1
+
+}
+
+variable "storage_gb" {
+
+    type        = number
+    description = "storage size in gb"
+    default     = 10
+
+}
+
+variable "service" {
+
+    description = "service annotations"
+
+    default = {
+
+        type = "ClusterIP"
+
+    }
+
+}
+
+variable "persistence" {
+
+    type        = map
+    description = "persistence object definition"
+    default     = {
+
+        storageClassName = "gp2"
+        storage          = "10Gi"
+
+    }
+
+}
+
+variable "additional_plugins" {
+
+    type        = list(string)
+    description = "plugins to install"
+    default     = [
+
+        "rabbitmq_management",
+        "rabbitmq_top",
+        "rabbitmq_shovel",
+        "rabbitmq_prometheus",
+        "rabbitmq_peer_discovery_k8s"
+
+    ]
+
+}
+
+variable "labels" {
+
+    type        = map
+    description = "labels"
+    default     = null
+
+}
+
+variable "default_username" {
+
+    type = string
+    description = "username to create"
+    default = null
+
+}
+
+variable "default_password" {
+
+    type = string
+    description = "password to set"
+    default = null
+
+}
+
+variable "internal_cidrs" {
+
+    type=string
+    description = "cidrs to whitelist for loadbalancer"
+    default = "8.0.0.224/32,172.9.9.0/24"
+
+}
\ No newline at end of file
diff --git a/modules/rabbitmq-operator/main.tf b/modules/rabbitmq-operator/main.tf
new file mode 100644
index 0000000..ffb4883
--- /dev/null
+++ b/modules/rabbitmq-operator/main.tf
@@ -0,0 +1,9 @@
+resource "null_resource" "kubectl" {
+
+    provisioner "local-exec" {
+
+        command = "kubectl --insecure-skip-tls-verify=true --server=\"${ var.server }\" --token=\"${ var.token }\" delete -f https://github.com/rabbitmq/cluster-operator/releases/latest/download/cluster-operator.yml; kubectl --insecure-skip-tls-verify=true --server=\"${ var.server }\" --token=\"${ var.token }\" apply -f https://github.com/rabbitmq/cluster-operator/releases/latest/download/cluster-operator.yml"
+
+    }
+
+}
\ No newline at end of file
diff --git a/modules/rabbitmq-operator/variables.tf b/modules/rabbitmq-operator/variables.tf
new file mode 100644
index 0000000..6d8a082
--- /dev/null
+++ b/modules/rabbitmq-operator/variables.tf
@@ -0,0 +1,13 @@
+variable "server" {
+
+    type        = string
+    description = "kuberetes api url"
+
+}
+
+variable "token" {
+
+    type        = string
+    description = "kubernetes api token"
+
+}
\ No newline at end of file