Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

  1. Put secrets to the vault and enable to read them via policy “hivemq”:

    Code Block
    languagebash
    vault secrets enable -path=hivemq-poc1 kv-v2
    
    cd /tmp
    
    vault kv put hivemq-poc1/opt/hivemq/conf/hivemq.jks.b64 mydata="$(base64 </tmp/hivemq.jks)" \
      keystore.password=changeme keystore.passphrase=changeme
    vault kv put hivemq-poc1/opt/hivemq/conf/hivemqtruststore.jks.b64 mydata="$(base64 </tmp/hivemqtruststore.jks)"
    vault kv put hivemq-poc1/opt/hivemq/license/hivemq.lic.b64 "mydata=$(base64 </tmp/hivemq.lic)"
    
    vault policy write hivemq - <<EOF
    path \"hivemq-poc1/data/opt/hivemq/license\" {
       capabilities = [\"read\"]
    }
    path \"hivemq-poc1/data/opt/hivemq/conf\" {
       capabilities = [\"read\"]
    }
    EOF
  2. Create the HCL template to fetch and decode the secrets:

    View file
    nameconsul-template-sidecar.hcl

    Code Block
    languagebash
    kubectl apply -f consul-template-sidecar.hcl --namespace hivemq
  3. Add init container to the hivemq-platform values.yaml

    Code Block
    languageyaml
    AadditionalInitContainers:
      - name: init-consul-template
        image: hashicorp/consul-template:latest
        command: [ "consul-template", "-once", "-config", "/consul-template/consul-template-sidecar.hcl" ]
        env:
          - name: CONSUL_TEMPLATE_LOG_LEVEL
            value: DEBUG
          - name: VAULT_ADDR
            value: http://vault.vault.svc.cluster.local:8200
          - name: VAULT_TOKEN
            value: root
          - name: TARGET_ENV
            value: hivemq-poc1/data
        volumeMounts:
          - name: consul-template
            mountPath: /consul-template
          - name: hivemq-license
            mountPath: /opt/hivemq/license
          - name: hivemq-keystore
            mountPath: /opt/hivemq/consul

  4. Add additional container:

    Code Block
    languageyaml
      - name: sidecar-consul-template
        image: hashicorp/consul-template:latest
        command: [ '/bin/sh', '-c' ]
        args:
          - |
            trap 'echo "Terminating container"; exit 0' SIGTERM
            consul-template -config /consul-template/consul-template-sidecar.hcl &
            while true; do sleep 1; done
        env:
          - name: CONSUL_TEMPLATE_LOG_LEVEL
            value: DEBUG
          - name: VAULT_ADDR
            value: http://vault.vault.svc.cluster.local:8200
          - name: VAULT_TOKEN
            value: root
          - name: TARGET_ENV
            value: hivemq-poc1/data
        volumeMounts:
          - name: consul-template
            mountPath: /consul-template
          - name: hivemq-license
            mountPath: /opt/hivemq/license
          - name: hivemq-keystore
            mountPath: /opt/hivemq/consul
  5. Add additional volumes

    Code Block
    languageyaml
    additionalVolumes:
      - name: hivemq-license
        path: /opt/hivemq/license
        type: emptyDir
        containerName: hivemq
      - type: emptyDir
        name: hivemq-keystore
        containerName: hivemq
        path: /tls-hivemqpokeystore
      - type: configMap
        name: consul-template
        containerName: sidecar-consul-template
        path: /consul-template

  6. Install HiveMQ Platform Operator

    Code Block
    languagebash
    helm upgrade op --install hivemq/hivemq-platform-operator --set logLevel=DEBUG
  7. Install HiveMQ Platform broker

    Code Block
    languagebash
    helm upgrade broker --install hivemq/hivemq-platform --values values-hivemq-platform.yaml

...