optimize code of rabbitmq deploy

deploy/rabbitmq-config.yaml

@@ -10,7 +10,6 @@ data:
     # 允许admin用户通过远程方式连接
     loopback_users.admin = false
     # 默认心跳和监听配置可在此扩展
-    # ssl 新增部分
     # 确定 ssl 连接时验证使用的用户名
     ssl_cert_login_from = common_name
     # 开启此项配置会导致只能通过TLS端口访问
@@ -20,11 +19,14 @@ data:
     ssl_options.cacertfile = /etc/rabbitmq/certs/ca_certificate.pem
     ssl_options.certfile   = /etc/rabbitmq/certs/server_certificate.pem
     ssl_options.keyfile    = /etc/rabbitmq/certs/server_key.pem
+    ssl_options.verify     = verify_peer
+    ssl_options.fail_if_no_peer_cert = true
+    # ssl_options.verify     = verify_none
+    # ssl_options.fail_if_no_peer_cert = false
     # management ssl config
-    management.ssl.port       = 15671
+    management.ssl.port  = 15671
     management.ssl.cacertfile = /etc/rabbitmq/certs/ca_certificate.pem
     management.ssl.certfile   = /etc/rabbitmq/certs/server_certificate.pem
     management.ssl.keyfile    = /etc/rabbitmq/certs/server_key.pem
-    # 启用双向认证
+    management.ssl.verify     = verify_peer
-    ssl_options.verify     = verify_peer
+    management.ssl.fail_if_no_peer_cert = true
-    ssl_options.fail_if_no_peer_cert = true

deploy/secert.sh

@@ -0,0 +1,5 @@
+# 创建一个名为 rabbitmq-certs 的 Secret，包含文件夹下的所有证书文件
+kubectl create secret generic rabbitmq-certs \
+  --from-file=ca_certificate.pem=./certs/ca_certificate.pem \
+  --from-file=server_certificate.pem=./certs/server_certificate.pem \
+  --from-file=server_key.pem=./certs/server_key.pem