Versions Compared

Old Version 4

changes.mady.by.user Daria Samkova

Saved on

compared with

New Version Current

changes.mady.by.user Daria Samkova

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

  1. If you do not have values.yaml file yet, you can get the latest version from the Helm chart repository and store it as a file:

    Code Block
    languagebash
    helm show values hivemq/hivemq-platform > values-hivemq-platform-with-annotations.yaml

  2. Edit the values-hivemq-platform-with-annotations.yaml file. Add annotations to the HiveMQ Pods.

    Code Block
    languageyaml
    nodes:
  # Annotations to add to the HiveMQ Pods
  annotations:
    vault.hashicorp.com/agent-inject: "true"
    vault.hashicorp.com/role: "hivemq-platform"
    vault.hashicorp.com/agent-inject-status: 'update'
    vault.hashicorp.com/agent-inject-secret-hivemq4.lic: "hivemq/data/test/license"
    vault.hashicorp.com/secret-volume-path-hivemq4.lic: "/opt/hivemq/license/"
    vault.hashicorp.com/agent-inject-template-hivemq4.lic: |
      {{- with secret "hivemq/data/test/license" -}}
      {{- $hivemq_broker_license := base64Decode .Data.data.hivemq_license_b64 -}}
      {{- $hivemq_broker_license -}}
      {{- end -}}

  3. (Re)install hivemq

    Code Block
    languagebash
    helm upgrade operop --install hivemq/hivemq-platform-operator
sleep 30
helm upgrade broker --install hivemq/hivemq-platform -n hivemq -f values-hivemq-platform-with-annotations.yaml --set nodes.replicaCount=1

  4. Get all the pods in the hivemq namespace.

    Code Block
    languagebash
    kubectl get pods --namespace hivemq
    Code Block
    languagetext
    NAME                   READY   STATUS    RESTARTS   AGE
broker-0               2/2     Running   0          18m
hivemq-operop-bc-vbd25     1/1     Running   0          46m

    Wait until the re-deployed hivemq pod reports that it is Running and ready (2/2).

    This new pod now launches two containers. The application container, named hivemq, and the Hashicorp Vault Agent container, named vault-agent.

  5. Display the logs of the vault-agent container in the new hivemq pod.

    Code Block
    languagebash
    kubectl logs \
      $(kubectl get pod -l hivemq-platform=broker -o jsonpath="{.items[0].metadata.name}") \
      --container vault-agent

    Hashicorp Vault Agent manages the token lifecycle and the secret retrieval. The secret is rendered in the hivemq container at the path /opt/hivemq/license/.

  6. Display the secret written to the hivemq container.

    Code Block
    languagebash
    kubectl exec \
      $(kubectl get pod -l hivemq-platform=broker -o jsonpath="{.items[0].metadata.name}") \
      --container hivemq -- cat /opt/hivemq/license/hivemq4.lic

    The base64-decoded secret data is present on the container (smile)

...