If the RabbitmqClusters managed by the Messaging Topology Operator are configured to serve the HTTP API and management UI over HTTPS, it will be necessary for the Topology Operator to trust the Certificate Authority (CA) that signed the TLS certificates that the RabbitmqClusters use.
One or more trusted certificates must be mounted as volumes to the trust store of the Topology Operator Pod located at /etc/ssl/certs/
This guide assumes you have the following:
For example:
kubectl -n rabbitmq-system create secret generic rabbitmq-ca --from-file=ca.crt=$CA_PATH
kubectl -n rabbitmq-system patch deployment messaging-topology-operator --patch "spec: template: spec: containers: - name: manager volumeMounts: - mountPath: /etc/ssl/certs/rabbitmq-ca.crt name: rabbitmq-ca subPath: ca.crt volumes: - name: rabbitmq-ca secret: defaultMode: 420 secretName: rabbitmq-ca"
The Topology Operator Pod will be recreated, and will now trust the certificates signed by the newly mounted CA. Any communication the Pod performs with the RabbitmqCluster will be done over HTTPS.
If you have questions about the contents of this guide or any other topic related to RabbitMQ, don't hesitate to ask them on the RabbitMQ mailing list.
If you'd like to contribute an improvement to the site, its source is available on GitHub. Simply fork the repository and submit a pull request. Thank you!