intra-cluster-tls: restore setup.sh, fix README

mkuratczyk · mkuratczyk · commit 86e948edcaf4 · 2024-09-12T12:07:49.000+02:00
diff --git a/docs/examples/mtls-inter-node/README.md b/docs/examples/mtls-inter-node/README.md
@@ -65,5 +65,5 @@ OpenSSL command line tools. This methodology helps narrow down connectivity issu
 In the context of Kubernetes, OpenSSL CLI tools can be run on RabbitMQ nodes using `kubectl exec`, e.g.:
 
 ``` shell
-kubectl exec -it tls-server-0 -- openssl s_client -connect tls-nodes.examples.svc.cluster.local:25672 </dev/null
+kubectl exec -it mtls-inter-node-server-0 -- openssl s_client -connect mtls-inter-node-nodes.examples.svc.cluster.local:25672 </dev/null
 ```
diff --git a/docs/examples/mtls-inter-node/setup.sh b/docs/examples/mtls-inter-node/setup.sh
@@ -0,0 +1,30 @@
+#!/bin/bash
+
+OPENSSL=${OPENSSL:-openssl}
+
+# Generate CA certificate and key
+#
+# These commands do not work with LibreSSL which is shipped with MacOS. Please use openssl
+#
+if $OPENSSL version | grep -q LibreSSL; then
+  echo "Please do not use LibreSSL. Set OPENSSL variable to actual OpenSSL binary."
+  exit 1
+fi
+
+$OPENSSL genrsa -out rabbitmq-ca-key.pem 2048
+$OPENSSL req -x509 -new -nodes -key rabbitmq-ca-key.pem -subj "/CN=mtls-inter-node" -days 3650 -reqexts v3_req -extensions v3_ca -out rabbitmq-ca.pem
+
+# Create a CA secret
+kubectl create secret tls rabbitmq-ca --cert=rabbitmq-ca.pem --key=rabbitmq-ca-key.pem
+
+# Create an Issuer (Cert Manager CA)
+kubectl apply -f rabbitmq-ca.yaml
+
+# Create a certificate for the cluster
+kubectl apply -f rabbitmq-certificate.yaml
+
+# Create a configuration file for Erlang Distribution
+kubectl create configmap mtls-inter-node-tls-config --from-file=inter_node_tls.config
+
+# Deploy the RabbitMQ cluster
+kubectl apply -f rabbitmq.yaml
