From 0c641830c9fc384e41fc5b6465cadfd0c88b864c Mon Sep 17 00:00:00 2001
From: Karthik <kkartz@gmail.com>
Date: Tue, 15 Aug 2017 15:20:50 +0530
Subject: [PATCH 1/2] Moving ERLANG cookie value to secrets

---
 Makefile              | 11 +++++++++--
 kube/secret.yml       |  9 +++++++++
 kube/stateful.set.yml |  5 +++++
 3 files changed, 23 insertions(+), 2 deletions(-)
 create mode 100644 kube/secret.yml

diff --git a/Makefile b/Makefile
index 49ca508..94d2739 100644
--- a/Makefile
+++ b/Makefile
@@ -4,6 +4,7 @@ SUDO?=sudo
 
 RABBITMQ_APP_NAME=rabbitmq
 RABBITMQ_SERVICE_NAME=rabbitmq
+RABBITMQ_SECRET_NAME=rabbitmq-secret
 RABBITMQ_MANAGEMENT_SERVICE_NAME=rabbitmq-management
 RABBITMQ_HEADLESS_SERVICE_NAME=rmq-cluster
 RABBITMQ_DOCKER_DIR=docker
@@ -31,13 +32,18 @@ define generate-rabbitmq-svc
 	sed -e 's/{{APP_NAME}}/$(RABBITMQ_APP_NAME)/g;s/{{SVC_NAME}}/$(RABBITMQ_SERVICE_NAME)/g' kube/svc.yml
 endef
 
+RABBITMQ_ERLANG_COOKIE_BASE64_ENCODED= $(echo $(RABBITMQ_ERLANG_COOKIE) | base64)
+
+define generate-rabbitmq-secret
+	sed -e 's/{{APP_NAME}}/$(RABBITMQ_APP_NAME)/g;s/{{SECRET_NAME}}/$(RABBITMQ_SECRET_NAME)/g;s/{{ERLANG_COOKIE_KEY}}/$(RABBITMQ_ERLANG_COOKIE_BASE64_ENCODED)/g' kube/secret.yml
+endef
+
 define generate-rabbitmq-stateful-set
 	if [ -z "$(RABBITMQ_REPLICAS)" ]; then echo "ERROR: RABBITMQ_REPLICAS is empty!"; exit 1; fi
 	if [ -z "$(RABBITMQ_DEFAULT_USER)" ]; then echo "ERROR: RABBITMQ_DEFAULT_USER is empty!"; exit 1; fi
 	if [ -z "$(RABBITMQ_DEFAULT_PASS)" ]; then echo "ERROR: RABBITMQ_DEFAULT_PASS is empty!"; exit 1; fi
-	if [ -z "$(RABBITMQ_ERLANG_COOKIE)" ]; then echo "ERROR: RABBITMQ_ERLANG_COOKIE is empty!"; exit 1; fi
 	if [ -z "$(RABBITMQ_LOG_LEVEL)" ]; then echo "ERROR: RABBITMQ_LOG_LEVEL is empty!"; exit 1; fi
-	sed -e 's/{{SVC_NAME}}/$(RABBITMQ_HEADLESS_SERVICE_NAME)/g;s/{{APP_NAME}}/$(RABBITMQ_APP_NAME)/g;s,{{IMAGE_NAME}},$(RABBITMQ_IMAGE_NAME),g;s/{{REPLICAS}}/$(RABBITMQ_REPLICAS)/g;s/{{RABBITMQ_DEFAULT_USER}}/$(RABBITMQ_DEFAULT_USER)/g;s/{{RABBITMQ_DEFAULT_PASS}}/$(RABBITMQ_DEFAULT_PASS)/g;s/{{RABBITMQ_ERLANG_COOKIE}}/$(RABBITMQ_ERLANG_COOKIE)/g;s/{{RABBITMQ_LOG_LEVEL}}/$(RABBITMQ_LOG_LEVEL)/g' kube/stateful.set.yml
+	sed -e 's/{{SVC_NAME}}/$(RABBITMQ_HEADLESS_SERVICE_NAME)/g;s/{{APP_NAME}}/$(RABBITMQ_APP_NAME)/g;s,{{IMAGE_NAME}},$(RABBITMQ_IMAGE_NAME),g;s/{{REPLICAS}}/$(RABBITMQ_REPLICAS)/g;s/{{RABBITMQ_DEFAULT_USER}}/$(RABBITMQ_DEFAULT_USER)/g;s/{{RABBITMQ_DEFAULT_PASS}}/$(RABBITMQ_DEFAULT_PASS)/g;s/{{RABBITMQ_LOG_LEVEL}}/$(RABBITMQ_LOG_LEVEL)/g;s/{{SECRET_NAME}}/$(RABBITMQ_SECRET_NAME)/g' kube/stateful.set.yml
 endef
 
 define set-ha-policy-on-rabbitmq-cluster
@@ -47,6 +53,7 @@ endef
 deploy-rabbitmq: docker-rabbitmq
 	kubectl get ns $(NAMESPACE) || kubectl create ns $(NAMESPACE)
 	kubectl get svc -n $(NAMESPACE) $(RABBITMQ_APP_NAME) || $(call generate-rabbitmq-svc) | kubectl create -n $(NAMESPACE) -f -
+	kubectl get secret -n $(NAMESPACE) $(RABBITMQ_APP_NAME) || $(call generate-rabbitmq-secret) | kubectl create -n $(NAMESPACE) -f -
 	kubectl get svc -n $(NAMESPACE) $(RABBITMQ_HEADLESS_SERVICE_NAME) || $(call generate-rabbitmq-headless-svc) | kubectl create -n $(NAMESPACE) -f -
 	if [ "$(RABBITMQ_EXPOSE_MANAGEMENT)" = "TRUE" ]; then kubectl get svc -n $(NAMESPACE) $(RABBITMQ_MANAGEMENT_SERVICE_NAME) || $(call generate-rabbitmq-management-svc) | kubectl create -n $(NAMESPACE) -f - ; fi
 	$(call generate-rabbitmq-stateful-set) | kubectl apply -n $(NAMESPACE) -f -
diff --git a/kube/secret.yml b/kube/secret.yml
new file mode 100644
index 0000000..bd17daa
--- /dev/null
+++ b/kube/secret.yml
@@ -0,0 +1,9 @@
+apiVersion: v1
+kind: Secret
+metadata:
+  name: {{SECRET_NAME}}
+  labels:
+    app: {{APP_NAME}}  
+type: Opaque
+data:
+  erlang-cookie: {{ERLANG_COOKIE_KEY}}
\ No newline at end of file
diff --git a/kube/stateful.set.yml b/kube/stateful.set.yml
index 76f4f89..7279f2c 100644
--- a/kube/stateful.set.yml
+++ b/kube/stateful.set.yml
@@ -40,3 +40,8 @@ spec:
                 fieldPath: metadata.name
           - name: RABBITMQ_NODENAME
             value: rabbit@$(NODE_NAME).{{SVC_NAME}}
+          - name: RABBITMQ_ERLANG_COOKIE
+            valueFrom:
+              secretKeyRef:
+                name: {{SECRET_NAME}}
+                key: erlang-cookie                

From ed18101080903968e0f413fc394f147b3a80bde2 Mon Sep 17 00:00:00 2001
From: Karthik <kkartz@gmail.com>
Date: Tue, 15 Aug 2017 15:54:36 +0530
Subject: [PATCH 2/2] Removed duplicate RABBITMQ_ERLANG_COOKIE from statefulset

---
 kube/stateful.set.yml | 2 --
 1 file changed, 2 deletions(-)

diff --git a/kube/stateful.set.yml b/kube/stateful.set.yml
index 7279f2c..ca43473 100644
--- a/kube/stateful.set.yml
+++ b/kube/stateful.set.yml
@@ -30,8 +30,6 @@ spec:
             value: "{{RABBITMQ_DEFAULT_PASS}}"
           - name: RABBITMQ_LOG_LEVEL
             value: "{{RABBITMQ_LOG_LEVEL}}"
-          - name: RABBITMQ_ERLANG_COOKIE
-            value: "{{RABBITMQ_ERLANG_COOKIE}}"
           - name: RABBITMQ_USE_LONGNAME
             value: "true"
           - name: NODE_NAME