...
Prequisites
Access to infrastructure with Kubectl
Running HiveMQ Cluster Install HiveMQ using Kubernetes Operator
Values.yaml file https://hivemq.atlassian.net/wiki/spaces/HMS/pages/2691039283/Install+HiveMQ+using+Kubernetes+Operator#Add-Helm-repository-and-download-values.yaml-file
(optional) You have added a valid license to the HiveMQ broker Add a valid license to HiveMQ Cluster
(optional) You have added a load balancer and verified the connection Expose MQTT port 1883 and test message flow using MQTT CLI
Prepare your HiveMQ Enterprise Security Extension configuration files
HiveMQ Enterprise Security Extension is preinstalled with HiveMQ so once you enable it, it will look for its configuration file. You must prepare this file before enabling the extension. If you skip this step, the extension will not find its configuration file and will not load any configuration.
Please download the following sample files
config.xml
View file name config.xml file-realm.xml
View file name file-realm.xml
In case you are running a local setup, please place your HiveMQ Enterprise Security Extension configuration files in the conf folder of your HiveMQ Enterprise Security Extension.
Setting up the ESE license as a ConfigMap
...
HiveMQ Enterprise Security Extension requires a separate license file, e.g. ese-license.elic, in the $HIVEMQ_HOME/license directory. To add the ese-license.elic along with the hivemq-license.lic, create a new configmap hivemq-license including all desired license files:
Code Block kubectl create configmap hivemq-license --namespace=hivemq \ --from-file hivemq-license.lic \ --from-file ese-license.elic
Edit the values.yaml file of the hivemq-operator, section
hivemq.configMaps. Update this:Code Block configMaps: [] # ConfigMaps to mount to the HiveMQ pods. These can be mounted to existing directories without shadowing the folder contents as well. #- name: hivemq-license # path: /opt/hivemq/license
To this:
Code Block configMaps: - name: hivemq-license path: /opt/hivemq/licenseThis will mount the content of the configMap
hivemq-licenseto the directory/opt/hivemq/licenseof the hivemq-broker pods.
Prepare your HiveMQ Enterprise Security Extension configuration files
HiveMQ Enterprise Security Extension is preinstalled with HiveMQ so once you enable it, it will look for its configuration file. You must prepare this file before enabling the extension. If you skip this step, the extension will not find its configuration file and will not load any configuration.
Please download the following sample files
config.xml
View file name config.xml ese-file-realm.xml
View file name ese-file-realm.xml
In case you are running a local setup, please place your HiveMQ Enterprise Security Extension configuration files in the conf folder of your HiveMQ Enterprise Security Extension.
Setting up the ESE config as a ConfigMap
...
Create a new configMap ese-config including all desired config files:
Code Block language bash kubectl create configmap ese-config --namespace=hivemq \ --from-file config.xml \ --from-file ese-file-realm.xmlEdit the values.yaml file of the hivemq-operator, section
hivemq.extensions. Update this:Code Block language yaml hivemq: extensions: ... - name: hivemq-enterprise-security-extension extensionUri: preinstalled enabled: false # Note that this is just an example initialization routine. Make sure this points to the current JDBC version you require for your configuration. initialization: | # Download JDBC driver for PostgreSQL [[ ! -f drivers/postgres-jdbc.jar ]] && curl -L https://jdbc.postgresql.org/download/postgresql-42.2.14.jar --output drivers/jdbc/postgres.jarTo this:
Code Block language yaml hivemq: extensions: ... - name: hivemq-enterprise-security-extension extensionUri: preinstalled enabled: true configMap: ese-config initialization: | [[ ! -f conf/config.xml ]] && [[ -f /conf-override/extensions/hivemq-enterprise-security-extension/config.xml ]] && ln -s /conf-override/extensions/hivemq-enterprise-security-extension/config.xml conf/config.xml && [[ ! -f conf/ese-file-realm.xml ]] && [[ -f /conf-override/extensions/hivemq-enterprise-security-extension/ese-file-realm.xml ]] && ln -s /conf-override/extensions/hivemq-enterprise-security-extension/ese-file-realm.xml conf/ese-file-realm.xml
...