Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

  1. Save the example XML file as enterprise-security-extension.xml

    Code Block
    languageyaml
    <?xml version="1.0" encoding="UTF-8" ?>
    <enterprise-security-extension
            xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
            xsi:noNamespaceSchemaLocation="enterprise-security-extension.xsd"
            version="1">
    
        <pipelines>
            <listener-pipeline listener="ALL">
                <allow-all-authentication-manager/>
                <allow-all-authorization-manager/>
            </listener-pipeline>
        </pipelines>
    </enterprise-security-extension>

  2. Create the Secret in your Kubernetes cluster:

    Code Block
    languagebash
    kubectl create secrect generic 'eseconfig' \
      --from-file=enterprise-security-extension.xml \
      --namespace ${namespace}

    where eseconfig will be the name of the new secret and ${namespace} variable contains the name of the target namespace.

  3. Update the HiveMQ Cluster configuration in the HiveMQ extensions section of your values.yaml file and remove the reference to the configMap:

    Code Block
    languageyaml
        #configMap: eseconfig

    This example shows the HiveMQ Cluster enterprise security extension configuration that is NOT referencing any configMap that contains the extension configuration information, as the configMap: entry is commented out:

    Code Block
    languageyaml
    ...
    hivemq:
    ...
      extensions:
    
       ...     - name: hivemq-enterprise-security-extension
          extensionUri: preinstalled
          enabled: true
          #configMap: eseconfig
          # Note that this is just an example initialization routine. Make sure this points to the current JDBC version you require for your configuration.
          initialization: |
            # A little hack because k8s configMaps can't handle sub-directories
            [[ -e /conf-override/extensions/hivemq-enterprise-security-extension/enterprise-security-extension.xml ]] &&
            rm -f $(pwd)/conf/enterprise-security-extension.xml &&
            cp -s /conf-override/extensions/hivemq-enterprise-security-extension/enterprise-security-extension.xml $(pwd)/conf/enterprise-security-extension.xml
    
            [[ ! -f drivers/postgres-jdbc.jar ]] &&
            curl -L https://jdbc.postgresql.org/download/postgresql-42.2.14.jar --output drivers/jdbc/postgres.jar
  4. Update the HiveMQ Cluster configuration in the HiveMQ additionalVolumes and additionalVolumeMounts section of your values.yaml file:

    Code Block
    languageyaml
    ...
    hivemq:
      ...
      # Additional volumes to add to the HiveMQ Pod
      additionalVolumes:
        - name: my-secret-volume
          secret:
            secretName: eseconfig
      # Additional volume mounts for the HiveMQ container
      additionalVolumeMounts:
        - name: my-secret-volume
          mountPath: /conf-override/extensions/hivemq-enterprise-security-extension
          
  5. Install HiveMQ Operator using your my-values.yaml file:

    Code Block
    languagebash
    helm upgrade ${hivemqReleaseName} --install hivemq/hivemq-operator \
      --values my-values.yaml
  6. As a result, the secret will be added to the HiveMQ pod as a volume my-secret-volume. The volume will be mounted to the hivemq container of the pod to the directory /conf-override/extensions/hivemq-enterprise-security-extension/conf. The initialization script will then create a symbolic link to the configuration file in the correct directory:

    Code Block
    languagebash
    cp -s /conf-override/extensions/hivemq-enterprise-security-extension/enterprise-security 

...