From 3ba23006c8c3c185503e0313f2323ff2ef331961 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Aitor=20P=C3=A9rez=20Cedres?= <1515757+Zerpet@users.noreply.github.com> Date: Tue, 9 Feb 2021 16:23:55 +0000 Subject: [PATCH] Test for documented examples (#590) * Tests for examples The examples now have test files to assert that RabbitMQ has been configured as intended by the example. Some examples do not have tests because they are either very basic or its use case is sufficiently tested in code. --- docs/examples/README.md | 39 +++++++++++++++++++ docs/examples/additionalPorts/test.sh | 9 +++++ docs/examples/community-plugins/test.sh | 4 ++ docs/examples/custom-configuration/.ci-skip | 0 docs/examples/federation-over-tls/README.md | 26 ++++++++++--- .../federation-over-tls/certificate.yaml | 11 ++++++ .../federation-over-tls/definitions.json | 1 + ...ream.yaml => rabbitmq-without-import.yaml} | 8 ++-- .../federation-over-tls/rabbitmq.yaml | 28 +++++++++++++ docs/examples/federation-over-tls/setup.sh | 35 +---------------- docs/examples/federation-over-tls/test.sh | 14 +++++++ .../federation-over-tls/upstream.yaml | 8 ---- docs/examples/hello-world/.ci-skip | 0 .../import-definitions/definitions.json | 1 + .../examples/import-definitions/rabbitmq.yaml | 2 +- docs/examples/import-definitions/setup.sh | 3 ++ docs/examples/import-definitions/test.sh | 15 +++++++ docs/examples/mtls-inter-node/setup.sh | 4 +- docs/examples/mtls-inter-node/test.sh | 6 +++ docs/examples/mtls/.ci-skip | 0 docs/examples/multiple-disks/rabbitmq.yaml | 5 +-- docs/examples/multiple-disks/test.sh | 8 ++++ docs/examples/plugins/.ci-skip | 0 docs/examples/production-ready/.ci-skip | 0 docs/examples/prometheus/.ci-skip | 0 docs/examples/resource-limits/.ci-skip | 0 docs/examples/tls/certificate.yaml | 11 ++++++ docs/examples/tls/setup.sh | 3 ++ docs/examples/tls/test.sh | 6 +++ docs/examples/tolerations/.ci-skip | 0 30 files changed, 190 insertions(+), 57 deletions(-) create mode 100644 docs/examples/README.md create mode 100755 docs/examples/additionalPorts/test.sh create mode 100755 docs/examples/community-plugins/test.sh create mode 100644 docs/examples/custom-configuration/.ci-skip create mode 100644 docs/examples/federation-over-tls/certificate.yaml create mode 100644 docs/examples/federation-over-tls/definitions.json rename docs/examples/federation-over-tls/{downstream.yaml => rabbitmq-without-import.yaml} (50%) create mode 100644 docs/examples/federation-over-tls/rabbitmq.yaml create mode 100755 docs/examples/federation-over-tls/test.sh delete mode 100644 docs/examples/federation-over-tls/upstream.yaml create mode 100644 docs/examples/hello-world/.ci-skip create mode 100644 docs/examples/import-definitions/definitions.json create mode 100755 docs/examples/import-definitions/setup.sh create mode 100755 docs/examples/import-definitions/test.sh create mode 100755 docs/examples/mtls-inter-node/test.sh create mode 100644 docs/examples/mtls/.ci-skip create mode 100755 docs/examples/multiple-disks/test.sh create mode 100644 docs/examples/plugins/.ci-skip create mode 100644 docs/examples/production-ready/.ci-skip create mode 100644 docs/examples/prometheus/.ci-skip create mode 100644 docs/examples/resource-limits/.ci-skip create mode 100644 docs/examples/tls/certificate.yaml create mode 100755 docs/examples/tls/setup.sh create mode 100755 docs/examples/tls/test.sh create mode 100644 docs/examples/tolerations/.ci-skip diff --git a/docs/examples/README.md b/docs/examples/README.md new file mode 100644 index 000000000..5f7027ed5 --- /dev/null +++ b/docs/examples/README.md @@ -0,0 +1,39 @@ +## RabbitMQ Cluster Operator examples + +This section contains examples on how to configure some features of RabbitMQ. +The examples are common use cases e.g. [tls](./tls) to configure specific RabbitMQ features +or how RabbitMQ Pods will behave inside Kubernetes. + +### Testing framework + +Some examples have tests to ensure that the example has achieved its intention. Any new examples +should have tests. Exceptions apply if the feature itself is sufficiently tested in the code, for +example, [resource limits](./resource-limits) is tested in the code to ensure that given a set of +inputs, the Pod resource requests are configured accordingly. Duplicating the same assertion here +would not make sense, and `exec`'ing into the container to ensure that Kubernetes has respected +the resource requests would fall under Kubernetes Core testing. + +### Writing tests for examples + +Every folder with an example must have a file `test.sh`. This executable Bash file has to assert on +the state of RabbitMQ to ensure that it has been configured according to the expectations of the example. + +If the test requires some preparation or setup, a file `setup.sh` can be provided to be executed +**before** the RabbitMQ cluster is created. This file must be a Bash executable. This file can assume +that `kubectl` is configured to execute commands against a working Kubernetes cluster. + +The script `test.sh` will be executed **after** `AllReplicasReady` condition is `True` in `RabbitmqCluster` +object. The script `test.sh` should exit with code 0 if all assertions were successful; the script `test.sh` should +exit with non-zero code if any test or assertion failed. The same is expected for `setup.sh`. + +If the example should not run any tests because of the reasons mentioned above, the folder should contain +a file `.ci-skip`, so that the example is not considered in our tests. + +Once the `test.sh` script has completed, the namespace where the example was applied will be deleted. This allows +for a clean slate for the next test to execute. This also means that `test.sh` does not need to +tear down namespaced resources. + +The test and setup scripts can assume that [Cert Manager](https://cert-manager.io/) is installed and available. +There is also a cluster issuer to produce self-signed certificates, named `selfsigned-issuer`. It is also +acceptable to create local `Issuer`s when needed. + diff --git a/docs/examples/additionalPorts/test.sh b/docs/examples/additionalPorts/test.sh new file mode 100755 index 000000000..ba40cc6cd --- /dev/null +++ b/docs/examples/additionalPorts/test.sh @@ -0,0 +1,9 @@ +#!/bin/bash +set -x +port12345=$(kubectl get pod -l app.kubernetes.io/name=rabbit \ + -ojsonpath='{.items[0].spec.containers[0].ports[?(@.containerPort==12345)].name}' 2> /dev/null) +## kubectl std. error is redirectd to null because the error output of jsonpath +## is not very helpful to troubleshoot + +[[ "$port12345" == "additional-port" ]] || exit 1 + diff --git a/docs/examples/community-plugins/test.sh b/docs/examples/community-plugins/test.sh new file mode 100755 index 000000000..76416f408 --- /dev/null +++ b/docs/examples/community-plugins/test.sh @@ -0,0 +1,4 @@ +#!/bin/bash + +kubectl exec community-plugins-server-0 -- rabbitmq-plugins is_enabled rabbitmq_message_timestamp + diff --git a/docs/examples/custom-configuration/.ci-skip b/docs/examples/custom-configuration/.ci-skip new file mode 100644 index 000000000..e69de29bb diff --git a/docs/examples/federation-over-tls/README.md b/docs/examples/federation-over-tls/README.md index b523ed46b..2e8372b61 100644 --- a/docs/examples/federation-over-tls/README.md +++ b/docs/examples/federation-over-tls/README.md @@ -1,15 +1,29 @@ # Federation Over TLS Example -This is the a more complex example of deploying two `RabbitmqCluster`s and setting up federation between them. Upstream cluster has TLS enabled and therefore federation works over a TLS connection. +This is a more complex example of deploying a `RabbitmqCluster` and setting up federation between two virtual hosts. The +cluster has TLS enabled and therefore federation works over a TLS connection. -First, please follow [TLS example](../tls) to create a TLS secret. Once you have a secret, run the `setup.sh` script: +First, please follow [TLS example](../tls) to create a TLS secret. Alternatively, if you have +[cert-manager](https://cert-manager.io/docs/installation/kubernetes/), you can apply the certificate `certificate.yaml` file. +The certificate expects to have a `ClusterIssuer` named `selfsigned-issuer`. Feel free to adapt this value accordingly to your +cert-manager installation. -```shell -./setup.sh +In addition, you have to create a ConfigMap to import the definitions with the topology pre-defined. + +```bash +kubectl apply -f certificate.yaml +kubectl create configmap definitions --from-file=./definitions.json ``` -The script will stop at some point and ask you to run `sudo kubefwd svc`. This is so that `rabbitmqadmin` can connect to the Management API and configure federation. +The example has two vhosts "upstream" and "downstream". Both vhosts have a fanout exchange 'example', bound to quorum queue 'qq2' +in "upstream", quorum queue 'qq1' and classic queue 'cq1' in "downstream". There is a policy in the "downstream" to federate +the exchange 'example'. All messages published to 'example' exchange in "upstream" will be federated/copied to 'example' exchange +in "downstream", where the bindings will be applied. + +The definitions also import two users: `admin` and `federation`, with passwords matching the usernames (e.g. admin/admin). Note that +due to the imported definitions, the credentials created by the Operator in Secret `federation-default-user` won't be applied/effective. -Therefore to use this script as-is, you need both [kubefwd](https://github.com/txn2/kubefwd) and [rabbitmqadmin](https://www.rabbitmq.com/management-cli.html) CLIs on your machine. +If you don't want to import the definitions, or want to manually create the topology, the file `rabbitmq-without-import.yaml` will +create a RabbitMQ single-node, with federation plugins enabled and TLS configured. Learn [more about RabbitMQ Federation](https://www.rabbitmq.com/federation.html). diff --git a/docs/examples/federation-over-tls/certificate.yaml b/docs/examples/federation-over-tls/certificate.yaml new file mode 100644 index 000000000..6478e0705 --- /dev/null +++ b/docs/examples/federation-over-tls/certificate.yaml @@ -0,0 +1,11 @@ +apiVersion: cert-manager.io/v1 +kind: Certificate +metadata: + name: selfsigned-cert +spec: + dnsNames: + - "federation-server-0.federation-nodes.default" + secretName: tls-secret + issuerRef: + kind: ClusterIssuer + name: selfsigned-issuer diff --git a/docs/examples/federation-over-tls/definitions.json b/docs/examples/federation-over-tls/definitions.json new file mode 100644 index 000000000..1e7e402cc --- /dev/null +++ b/docs/examples/federation-over-tls/definitions.json @@ -0,0 +1 @@ +{"rabbit_version":"3.8.9","rabbitmq_version":"3.8.9","product_name":"RabbitMQ","product_version":"3.8.9","users":[{"name":"federation","password_hash":"m3R0yEjfO0fv/Ye/oMn//10Uq5F3j49Ro2P8HE0z27DSJ9iT","hashing_algorithm":"rabbit_password_hashing_sha256","tags":""},{"name":"admin","password_hash":"0l9GJ5sSPU5FGnf95CKOyT/+/CLK+My13+G9fTgK0tn5EyDH","hashing_algorithm":"rabbit_password_hashing_sha256","tags":"administrator"}],"vhosts":[{"name":"/"},{"name":"downstream"},{"name":"upstream"}],"permissions":[{"user":"admin","vhost":"/","configure":".*","write":".*","read":".*"},{"user":"admin","vhost":"downstream","configure":".*","write":".*","read":".*"},{"user":"federation","vhost":"downstream","configure":".*","write":".*","read":".*"},{"user":"admin","vhost":"upstream","configure":".*","write":".*","read":".*"},{"user":"federation","vhost":"upstream","configure":".*","write":".*","read":".*"}],"topic_permissions":[],"parameters":[{"value":{"ack-mode":"on-confirm","trust-user-id":false,"uri":"amqps://federation:federation@federation-nodes.default.svc.cluster.local/upstream"},"vhost":"downstream","component":"federation-upstream","name":"example"},{"value":{"ack-mode":"on-confirm","trust-user-id":false,"uri":"amqps://federation:federation@federation-nodes.default.svc.cluster.local?certfile=/etc/rabbitmq-tls/tls.crt&keyfile=/etc/rabbitmq-tls/tls.key&verify=verify_peer"},"vhost":"upstream","component":"federation-upstream","name":"spike"}],"global_parameters":[{"name":"cluster_name","value":"upstream"},{"name":"internal_cluster_id","value":"rabbitmq-cluster-id-xKURl_Z4LyQqc1SlYvT5lw"}],"policies":[{"vhost":"downstream","name":"federation-policy","pattern":"example","apply-to":"exchanges","definition":{"federation-upstream":"example"},"priority":1}],"queues":[{"name":"qq1","vhost":"downstream","durable":true,"auto_delete":false,"arguments":{"x-queue-type":"quorum"}},{"name":"cq1","vhost":"downstream","durable":true,"auto_delete":false,"arguments":{"x-queue-type":"classic"}},{"name":"federation: example -> upstream:downstream:example","vhost":"upstream","durable":true,"auto_delete":false,"arguments":{"x-internal-purpose":"federation"}},{"name":"qq2","vhost":"upstream","durable":true,"auto_delete":false,"arguments":{"x-queue-type":"quorum"}}],"exchanges":[{"name":"example","vhost":"downstream","type":"fanout","durable":true,"auto_delete":false,"internal":false,"arguments":{}},{"name":"federation: example -> upstream:downstream:example B","vhost":"upstream","type":"x-federation-upstream","durable":true,"auto_delete":true,"internal":true,"arguments":{"x-downstream-name":"upstream","x-downstream-vhost":"downstream","x-internal-purpose":"federation","x-max-hops":1}},{"name":"example","vhost":"upstream","type":"fanout","durable":true,"auto_delete":false,"internal":false,"arguments":{}}],"bindings":[{"source":"example","vhost":"downstream","destination":"cq1","destination_type":"queue","routing_key":"","arguments":{}},{"source":"example","vhost":"downstream","destination":"qq1","destination_type":"queue","routing_key":"","arguments":{}},{"source":"example","vhost":"upstream","destination":"federation: example -> upstream:downstream:example B","destination_type":"exchange","routing_key":"","arguments":{"x-bound-from":[{"cluster-name":"upstream","exchange":"downstream:example B","hops":1,"vhost":"downstream"}]}},{"source":"example","vhost":"upstream","destination":"qq2","destination_type":"queue","routing_key":"","arguments":{}},{"source":"federation: example -> upstream:downstream:example B","vhost":"upstream","destination":"federation: example -> upstream:downstream:example","destination_type":"queue","routing_key":"","arguments":{}}]} \ No newline at end of file diff --git a/docs/examples/federation-over-tls/downstream.yaml b/docs/examples/federation-over-tls/rabbitmq-without-import.yaml similarity index 50% rename from docs/examples/federation-over-tls/downstream.yaml rename to docs/examples/federation-over-tls/rabbitmq-without-import.yaml index 5696d9373..2d1129027 100644 --- a/docs/examples/federation-over-tls/downstream.yaml +++ b/docs/examples/federation-over-tls/rabbitmq-without-import.yaml @@ -1,10 +1,12 @@ apiVersion: rabbitmq.com/v1beta1 kind: RabbitmqCluster metadata: - name: downstream + name: federation spec: replicas: 1 rabbitmq: additionalPlugins: - - rabbitmq_federation - - rabbitmq_federation_management + - rabbitmq_federation + - rabbitmq_federation_management + tls: + secretName: tls-secret diff --git a/docs/examples/federation-over-tls/rabbitmq.yaml b/docs/examples/federation-over-tls/rabbitmq.yaml new file mode 100644 index 000000000..e93394708 --- /dev/null +++ b/docs/examples/federation-over-tls/rabbitmq.yaml @@ -0,0 +1,28 @@ +apiVersion: rabbitmq.com/v1beta1 +kind: RabbitmqCluster +metadata: + name: federation +spec: + replicas: 1 + rabbitmq: + additionalConfig: | + load_definitions = /federation/definitions.json # Path to the mounted definitions file + additionalPlugins: + - rabbitmq_federation + - rabbitmq_federation_management + tls: + secretName: tls-secret + override: + statefulSet: + spec: + template: + spec: + containers: + - name: rabbitmq + volumeMounts: + - mountPath: /federation/ # filename left out intentionally + name: definitions + volumes: + - name: definitions + configMap: + name: definitions # Name of the ConfigMap which contains definitions you wish to import diff --git a/docs/examples/federation-over-tls/setup.sh b/docs/examples/federation-over-tls/setup.sh index 298a4974b..591a0b4ed 100755 --- a/docs/examples/federation-over-tls/setup.sh +++ b/docs/examples/federation-over-tls/setup.sh @@ -1,36 +1,5 @@ #!/bin/bash -kubectl apply -f upstream.yaml -kubectl apply -f downstream.yaml +kubectl create configmap definitions --from-file=definitions.json +kubectl apply -f certificate.yaml -sleep 2 - -kubectl wait --for=condition=Ready pod/upstream-server-0 -kubectl wait --for=condition=Ready pod/downstream-server-0 - -UPSTREAM_USERNAME=$(kubectl get secret upstream-default-user -o jsonpath="{.data.username}" | base64 --decode) -UPSTREAM_PASSWORD=$(kubectl get secret upstream-default-user -o jsonpath="{.data.password}" | base64 --decode) -DOWNSTREAM_USERNAME=$(kubectl get secret downstream-default-user -o jsonpath="{.data.username}" | base64 --decode) -DOWNSTREAM_PASSWORD=$(kubectl get secret downstream-default-user -o jsonpath="{.data.password}" | base64 --decode) - -kubectl exec downstream-server-0 -- rabbitmqctl set_parameter federation-upstream my-upstream "{\"uri\":\"amqps://${UPSTREAM_USERNAME}:${UPSTREAM_PASSWORD}@upstream\",\"expires\":3600001}" - -kubectl exec downstream-server-0 -- rabbitmqctl set_policy --apply-to exchanges federate-me "^amq\." '{"federation-upstream-set":"all"}' - -echo "**********************************************************" -echo "* PLEASE RUN 'sudo kubefwd svc' TO START PORT FORWARDING *" -echo "* and press ENTER when ready *" -echo "**********************************************************" -read - -UPSTREAM_RABBITMQADMIN="rabbitmqadmin -U http://upstream/ -u ${UPSTREAM_USERNAME} -p ${UPSTREAM_PASSWORD} -V /" -DOWNSTREAM_RABBITMQADMIN="rabbitmqadmin -U http://downstream/ -u ${DOWNSTREAM_USERNAME} -p ${DOWNSTREAM_PASSWORD} -V /" - -$UPSTREAM_RABBITMQADMIN declare queue name=test.queue queue_type=quorum -$UPSTREAM_RABBITMQADMIN declare binding source=amq.fanout destination=test.queue - -$DOWNSTREAM_RABBITMQADMIN declare queue name=test.queue queue_type=quorum -$DOWNSTREAM_RABBITMQADMIN declare binding source=amq.fanout destination=test.queue - -$UPSTREAM_RABBITMQADMIN publish exchange=amq.fanout routing_key=test payload="hello, world" -$DOWNSTREAM_RABBITMQADMIN get queue=test.queue ackmode=ack_requeue_false diff --git a/docs/examples/federation-over-tls/test.sh b/docs/examples/federation-over-tls/test.sh new file mode 100755 index 000000000..2079540cb --- /dev/null +++ b/docs/examples/federation-over-tls/test.sh @@ -0,0 +1,14 @@ +#!/bin/bash + +set -ex +kubectl exec -it federation-server-0 -- rabbitmqadmin --username admin --password admin \ + --vhost=upstream publish exchange=example routing_key=123 payload="1234" + +kubectl exec -it federation-server-0 -- rabbitmqadmin --username admin --password admin \ + --vhost=downstream --format=pretty_json get queue=qq1 ackmode='ack_requeue_false' \ + | jq -e '.[].payload' + +kubectl exec -it federation-server-0 -- rabbitmqadmin --username admin --password admin \ + --vhost=downstream --format=pretty_json get queue=cq1 ackmode='ack_requeue_false' \ + | jq -e '.[].payload' + diff --git a/docs/examples/federation-over-tls/upstream.yaml b/docs/examples/federation-over-tls/upstream.yaml deleted file mode 100644 index d41a4ffab..000000000 --- a/docs/examples/federation-over-tls/upstream.yaml +++ /dev/null @@ -1,8 +0,0 @@ -apiVersion: rabbitmq.com/v1beta1 -kind: RabbitmqCluster -metadata: - name: upstream -spec: - replicas: 1 - tls: - secretName: tls-secret diff --git a/docs/examples/hello-world/.ci-skip b/docs/examples/hello-world/.ci-skip new file mode 100644 index 000000000..e69de29bb diff --git a/docs/examples/import-definitions/definitions.json b/docs/examples/import-definitions/definitions.json new file mode 100644 index 000000000..1e7142e0f --- /dev/null +++ b/docs/examples/import-definitions/definitions.json @@ -0,0 +1 @@ +{"rabbit_version":"3.8.11","rabbitmq_version":"3.8.11","product_name":"RabbitMQ","product_version":"3.8.11","users":[{"name":"hello-world","password_hash":"JQ6+ZVMAIIpmGS/pXb9Q6elneY94TrchYGYJAKE9wtRiIpRt","hashing_algorithm":"rabbit_password_hashing_sha256","tags":"administrator","limits":{}},{"name":"guest","password_hash":"X5L0vwDQq2g8bu2Rr3oGc+uJiU+tRSFqSOj14w6zYqRK/lDU","hashing_algorithm":"rabbit_password_hashing_sha256","tags":"administrator","limits":{}}],"vhosts":[{"name":"hello-world"},{"name":"/"}],"permissions":[{"user":"guest","vhost":"hello-world","configure":".*","write":".*","read":".*"},{"user":"guest","vhost":"/","configure":".*","write":".*","read":".*"},{"user":"hello-world","vhost":"hello-world","configure":".*","write":".*","read":".*"}],"topic_permissions":[],"parameters":[],"global_parameters":[{"name":"cluster_name","value":"rabbit@73cf1fdf05d2"},{"name":"internal_cluster_id","value":"rabbitmq-cluster-id-j-jeqGlk6rJYvqR_Tb06yw"}],"policies":[],"queues":[{"name":"qq1","vhost":"hello-world","durable":true,"auto_delete":false,"arguments":{"x-queue-type":"quorum"}},{"name":"cq1","vhost":"hello-world","durable":true,"auto_delete":false,"arguments":{"x-queue-type":"classic"}}],"exchanges":[{"name":"example","vhost":"hello-world","type":"fanout","durable":true,"auto_delete":false,"internal":false,"arguments":{}}],"bindings":[{"source":"example","vhost":"hello-world","destination":"qq1","destination_type":"queue","routing_key":"","arguments":{}},{"source":"example","vhost":"hello-world","destination":"cq1","destination_type":"queue","routing_key":"1234","arguments":{}}]} \ No newline at end of file diff --git a/docs/examples/import-definitions/rabbitmq.yaml b/docs/examples/import-definitions/rabbitmq.yaml index 803bf70a1..8969e8dbe 100644 --- a/docs/examples/import-definitions/rabbitmq.yaml +++ b/docs/examples/import-definitions/rabbitmq.yaml @@ -12,7 +12,7 @@ spec: containers: - name: rabbitmq volumeMounts: - - mountPath: /path/to/exported/definitions.json + - mountPath: /path/to/exported/ # filename left out intentionally name: definitions volumes: - name: definitions diff --git a/docs/examples/import-definitions/setup.sh b/docs/examples/import-definitions/setup.sh new file mode 100755 index 000000000..903b5b602 --- /dev/null +++ b/docs/examples/import-definitions/setup.sh @@ -0,0 +1,3 @@ +#!/bin/bash + +kubectl create configmap definitions --from-file=definitions.json diff --git a/docs/examples/import-definitions/test.sh b/docs/examples/import-definitions/test.sh new file mode 100755 index 000000000..76d1cfbb9 --- /dev/null +++ b/docs/examples/import-definitions/test.sh @@ -0,0 +1,15 @@ +#!/bin/bash + +pushd "$(mktemp -d)" || exit 1 + +set -x +kubectl exec import-definitions-server-0 -- rabbitmqadmin \ + --format=raw_json --vhost=hello-world --username=hello-world \ + --password=hello-world --host=import-definitions.default.svc \ + list queues &> queues.json + +[[ "$(jq '.[0].name' queues.json)" == '"cq1"' ]] || exit 2 +[[ "$(jq '.[1].name' queues.json)" == '"qq1"' ]] || exit 2 + +popd || exit 1 + diff --git a/docs/examples/mtls-inter-node/setup.sh b/docs/examples/mtls-inter-node/setup.sh index a2649ca30..a931fbf8f 100755 --- a/docs/examples/mtls-inter-node/setup.sh +++ b/docs/examples/mtls-inter-node/setup.sh @@ -15,7 +15,7 @@ $OPENSSL genrsa -out rabbitmq-ca-key.pem 2048 $OPENSSL req -x509 -new -nodes -key rabbitmq-ca-key.pem -subj "/CN=mtls-inter-node" -days 3650 -reqexts v3_req -extensions v3_ca -out rabbitmq-ca.pem # Create a CA secret -kubectl create secret tls rabbitmq-ca --cert=rabbitmq-ca.pem --key=rabbitmq-ca-key.pem +kubectl create secret tls rabbitmq-ca --cert=rabbitmq-ca.pem --key=rabbitmq-ca-key.pem # Create an Issuer (Cert Manager CA) kubectl apply -f rabbitmq-ca.yaml @@ -26,5 +26,3 @@ kubectl apply -f rabbitmq-certificate.yaml # Create a configuration file for Erlang Distribution kubectl create configmap mtls-inter-node-tls-config --from-file=inter_node_tls.config -# Deploy a RabbitMQ cluster -kubectl apply -f rabbitmq.yaml \ No newline at end of file diff --git a/docs/examples/mtls-inter-node/test.sh b/docs/examples/mtls-inter-node/test.sh new file mode 100755 index 000000000..3935db908 --- /dev/null +++ b/docs/examples/mtls-inter-node/test.sh @@ -0,0 +1,6 @@ +#!/bin/bash + +set -ex +kubectl exec -t mtls-inter-node-server-0 -- rabbitmq-diagnostics command_line_arguments > kubectl.out +grep '{proto_dist,\["inet_tls"\]}' kubectl.out + diff --git a/docs/examples/mtls/.ci-skip b/docs/examples/mtls/.ci-skip new file mode 100644 index 000000000..e69de29bb diff --git a/docs/examples/multiple-disks/rabbitmq.yaml b/docs/examples/multiple-disks/rabbitmq.yaml index 12c357068..fa324c21b 100644 --- a/docs/examples/multiple-disks/rabbitmq.yaml +++ b/docs/examples/multiple-disks/rabbitmq.yaml @@ -5,6 +5,8 @@ metadata: spec: replicas: 1 rabbitmq: + envConfig: | + RABBITMQ_QUORUM_DIR=/var/lib/rabbitmq/quorum-segments advancedConfig: | [ {ra, [ @@ -23,9 +25,6 @@ spec: name: quorum-segments - mountPath: /var/lib/rabbitmq/quorum-wal name: quorum-wal - env: - - name: RABBITMQ_QUORUM_DIR - value: /var/lib/rabbitmq/quorum-segments volumeClaimTemplates: - apiVersion: v1 kind: PersistentVolumeClaim diff --git a/docs/examples/multiple-disks/test.sh b/docs/examples/multiple-disks/test.sh new file mode 100755 index 000000000..b734ee0e6 --- /dev/null +++ b/docs/examples/multiple-disks/test.sh @@ -0,0 +1,8 @@ +#!/bin/bash + +set -ex +kubectl exec -t multiple-disks-server-0 -- rabbitmqctl environment > rabbitmq-environment.out + +grep 'data_dir,"/var/lib/rabbitmq/quorum-segments"' rabbitmq-environment.out +grep "{wal_data_dir,'/var/lib/rabbitmq/quorum-wal'}" rabbitmq-environment.out + diff --git a/docs/examples/plugins/.ci-skip b/docs/examples/plugins/.ci-skip new file mode 100644 index 000000000..e69de29bb diff --git a/docs/examples/production-ready/.ci-skip b/docs/examples/production-ready/.ci-skip new file mode 100644 index 000000000..e69de29bb diff --git a/docs/examples/prometheus/.ci-skip b/docs/examples/prometheus/.ci-skip new file mode 100644 index 000000000..e69de29bb diff --git a/docs/examples/resource-limits/.ci-skip b/docs/examples/resource-limits/.ci-skip new file mode 100644 index 000000000..e69de29bb diff --git a/docs/examples/tls/certificate.yaml b/docs/examples/tls/certificate.yaml new file mode 100644 index 000000000..acf881c73 --- /dev/null +++ b/docs/examples/tls/certificate.yaml @@ -0,0 +1,11 @@ +apiVersion: cert-manager.io/v1 +kind: Certificate +metadata: + name: selfsigned-cert +spec: + dnsNames: + - '*.tls-nodes.default.svc.cluster.local' + secretName: tls-secret + issuerRef: + kind: ClusterIssuer + name: selfsigned-issuer diff --git a/docs/examples/tls/setup.sh b/docs/examples/tls/setup.sh new file mode 100755 index 000000000..176d50d1e --- /dev/null +++ b/docs/examples/tls/setup.sh @@ -0,0 +1,3 @@ + +kubectl apply -f certificate.yaml + diff --git a/docs/examples/tls/test.sh b/docs/examples/tls/test.sh new file mode 100755 index 000000000..263bab347 --- /dev/null +++ b/docs/examples/tls/test.sh @@ -0,0 +1,6 @@ + +set -e +kubectl exec -it tls-server-0 -- openssl s_client -connect tls-nodes.default.svc.cluster.local:5671