Versions Compared

Version Old Version 10 New Version 11
Changes made by

Daria Samkova

Daria Samkova

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

  1. If you do not have values.yaml file yet, you can get the latest version from the Helm chart repository and store it as a file, for example, values-hivemq.yaml:

    Code Block
    languagebash
    helm show values hivemq/hivemq-operator > values-hivemq.yaml

  2. Edit the values-hivemq.yaml file. Add annotations to the hivemq pods.

    Code Block
    languageyaml
    hivemq:
  # Annotations to add to the HiveMQ Pods
  podAnnotations:
    vault.hashicorp.com/agent-inject: "true"
    vault.hashicorp.com/role: "hivemq"
    vault.hashicorp.com/agent-inject-status: 'update'
    vault.hashicorp.com/agent-inject-secret-hivemq.lic: "hivemq/data/myenv/license"
    vault.hashicorp.com/secret-volume-path-hivemq.lic: "/opt/hivemq/license/"
    vault.hashicorp.com/agent-inject-template-hivemq.lic: |
      {{- with secret \"hivemq/data/myenv/license\" -}}
      {{- $hivemq_broker_license := base64Decode .Data.data.hivemq_license_b64 -}}
      {{- $hivemq_broker_license -}}
      {{- end -}}

  3. (Re)install hivemq

    Code Block
    languagebash
    helm upgrade hivemq --install hivemq/hivemq-operator -n hivemq -f values-hivemq.yaml

  4. Get all the pods in the hivemq namespace.

    Code Block
    $ kubectl get pods -n hivemq
NAME                                    READY   STATUS     RESTARTS   AGE
hivemq-599cb74d9c-s8hhm                 0/2     Init:0/1   0          23s
hivemq-69697d9598-l878s                 1/1     Running    0          20m
vault-0                                 1/1     Running    0          78m
vault-agent-injector-5945fb98b5-tpglz   1/1     Running    0          78m

    Wait until the re-deployed hivemq pod reports that it is Running and ready (2/2).

    This new pod now launches two containers. The application container, named hivemq, and the Vault Agent container, named vault-agent.

  5. Display the logs of the vault-agent container in the new orgchart pod.

    Code Block
    languagebash
    $ kubectl logs \
      $(kubectl get pod -l app=hivemq -o jsonpath="{.items[0].metadata.name}") \
      --container vault-agent

    Vault Agent manages the token lifecycle and the secret retrieval. The secret is rendered in the orgchart hivemq container at the path /vaultopt/secretshivemq/hivemq-license/.

  6. Display the secret written to the hivemq container.

    Code Block
    languagebash
    $ kubectl exec \
      $(kubectl get pod -l app=hivemq -o jsonpath="{.items[0].metadata.name}") \
      --container hivemq -- cat /opt/hivemq/license/hivemq.lic

    The base64-decoded secret data is present on the container (smile)

...