optimize code of rabbitmq deploy
This commit is contained in:
parent
23bc2dab9f
commit
fff5dd9218
|
|
@ -10,7 +10,6 @@ data:
|
|||
# 允许admin用户通过远程方式连接
|
||||
loopback_users.admin = false
|
||||
# 默认心跳和监听配置可在此扩展
|
||||
# ssl 新增部分
|
||||
# 确定 ssl 连接时验证使用的用户名
|
||||
ssl_cert_login_from = common_name
|
||||
# 开启此项配置会导致只能通过TLS端口访问
|
||||
|
|
@ -20,11 +19,14 @@ data:
|
|||
ssl_options.cacertfile = /etc/rabbitmq/certs/ca_certificate.pem
|
||||
ssl_options.certfile = /etc/rabbitmq/certs/server_certificate.pem
|
||||
ssl_options.keyfile = /etc/rabbitmq/certs/server_key.pem
|
||||
ssl_options.verify = verify_peer
|
||||
ssl_options.fail_if_no_peer_cert = true
|
||||
# ssl_options.verify = verify_none
|
||||
# ssl_options.fail_if_no_peer_cert = false
|
||||
# management ssl config
|
||||
management.ssl.port = 15671
|
||||
management.ssl.port = 15671
|
||||
management.ssl.cacertfile = /etc/rabbitmq/certs/ca_certificate.pem
|
||||
management.ssl.certfile = /etc/rabbitmq/certs/server_certificate.pem
|
||||
management.ssl.keyfile = /etc/rabbitmq/certs/server_key.pem
|
||||
# 启用双向认证
|
||||
ssl_options.verify = verify_peer
|
||||
ssl_options.fail_if_no_peer_cert = true
|
||||
management.ssl.verify = verify_peer
|
||||
management.ssl.fail_if_no_peer_cert = true
|
||||
|
|
|
|||
|
|
@ -0,0 +1,5 @@
|
|||
# 创建一个名为 rabbitmq-certs 的 Secret,包含文件夹下的所有证书文件
|
||||
kubectl create secret generic rabbitmq-certs \
|
||||
--from-file=ca_certificate.pem=./certs/ca_certificate.pem \
|
||||
--from-file=server_certificate.pem=./certs/server_certificate.pem \
|
||||
--from-file=server_key.pem=./certs/server_key.pem
|
||||
Loading…
Reference in New Issue