rabbitmq: Make helm test work with TLS

Update helm test pod and script to use TLS certificates.

Change-Id: Ic599014227ad63303bdc2758862f02dcefec66c7
This commit is contained in:
Sangeet Gupta 2021-05-28 19:09:13 +00:00
parent 948e07e151
commit 2a11071e8b
4 changed files with 29 additions and 7 deletions

View File

@ -15,6 +15,6 @@ apiVersion: v1
appVersion: v3.7.26
description: OpenStack-Helm RabbitMQ
name: rabbitmq
version: 0.1.7
version: 0.1.8
home: https://github.com/rabbitmq/rabbitmq-server
...

View File

@ -32,12 +32,27 @@ set -x
function rabbitmqadmin_authed () {
set +x
if [ -n "$RABBITMQ_X509" ]
then
rabbitmqadmin \
--ssl \
--ssl-disable-hostname-verification \
--ssl-ca-cert-file="/etc/rabbitmq/certs/ca.crt" \
--ssl-cert-file="/etc/rabbitmq/certs/tls.crt" \
--ssl-key-file="/etc/rabbitmq/certs/tls.key" \
--host="${RABBIT_HOSTNAME}" \
--port="${RABBIT_PORT}" \
--username="${RABBITMQ_ADMIN_USERNAME}" \
--password="${RABBITMQ_ADMIN_PASSWORD}" \
${@}
else
rabbitmqadmin \
--host="${RABBIT_HOSTNAME}" \
--port="${RABBIT_PORT}" \
--username="${RABBITMQ_ADMIN_USERNAME}" \
--password="${RABBITMQ_ADMIN_PASSWORD}" \
$@
fi
set -x
}

View File

@ -51,6 +51,10 @@ spec:
value: {{ tuple "oslo_messaging" "internal" "user" "http" $envAll | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup" | quote }}
- name: RABBIT_REPLICA_COUNT
value: {{ $envAll.Values.pod.replicas.server | quote }}
{{- if $envAll.Values.manifests.certificates }}
- name: RABBITMQ_X509
value: "REQUIRE X509"
{{- end }}
command:
- /tmp/rabbitmq-test.sh
volumeMounts:
@ -60,6 +64,7 @@ spec:
mountPath: /tmp/rabbitmq-test.sh
subPath: rabbitmq-test.sh
readOnly: true
{{- dict "enabled" .Values.manifests.certificates "name" .Values.secrets.tls.oslo_messaging.server.internal "path" "/etc/rabbitmq/certs" | include "helm-toolkit.snippets.tls_volume_mount" | indent 8 }}
volumes:
- name: pod-tmp
emptyDir: {}
@ -67,4 +72,5 @@ spec:
configMap:
name: {{ printf "%s-%s" $envAll.Release.Name "rabbitmq-bin" | quote }}
defaultMode: 0555
{{- dict "enabled" .Values.manifests.certificates "name" .Values.secrets.tls.oslo_messaging.server.internal | include "helm-toolkit.snippets.tls_volume" | indent 4 }}
{{- end }}

View File

@ -7,4 +7,5 @@ rabbitmq:
- 0.1.5 Update Rabbitmq exporter version
- 0.1.6 Disallow privilege escalation in rabbitmq server container
- 0.1.7 Adding TLS logic to rabbitmq
- 0.1.8 Make helm test work with TLS
...