Page Comparison

...

1. Put secrets to the vault and enable to read them via policy “hivemq”:

   Code Block
   language bash
   vault secrets enable -path=hivemq-poc1 kv-v2 cd /tmp vault kv put hivemq-poc1/opt/hivemq/conf/hivemq.jks.b64 mydata keystore_base64="$(base64 </tmp/hivemqbroker-keystore.jks)" \ keystore.password=changeme key.passphrase=changeme vault kv put hivemq-poc1/opt/hivemq/conf/hivemqtruststore.jks.b64 mydata truststore_base64="$(base64 </tmp/hivemqtruststorebroker-truststore.jks)" vault kv put hivemq-poc1/opt/hivemq/license/hivemq.lic.b64 "mydata= license_base64="$(base64 </tmp/hivemqhivemq4.lic)" vault policy write hivemq - <<EOF path "hivemq-poc1/data/opt/hivemq/license" { capabilities = ["read"] } path "hivemq-poc1/data/opt/hivemq/conf" { capabilities = ["read"] } EOF

2. Create the HCL template to fetch and decode the secrets:
   View filenameconsul-template-sidecar.hclconsul-template.yaml

   Code Block
   language yaml
   apiVersion: v1 kind: ConfigMap metadata: name: consul-template namespace: hivemq data: consul-template.hcl: | template { contents = "{{ with secret (printf \"%s/opt/hivemq/license\" (mustEnv \"TARGET_ENV\")) }}{{ base64Decode .Data.data.license_base64 }}{{ end }}" destination = "/opt/hivemq/license/hivemq4.lic" } template { contents = "{{ with secret (printf \"%s/opt/hivemq/conf\" (mustEnv \"TARGET_ENV\")) }}{{ base64Decode .Data.data.keystore_base64 }}{{ end }}" destination = "/opt/hivemq/keystore/broker-keystore.jks" } template { contents = "{{ with secret (printf \"%s/opt/hivemq/conf\" (mustEnv \"TARGET_ENV\")) }}{{ base64Decode .Data.data.truststore_base64 }}{{ end }}" destination = "/opt/hivemq/keystore/broker-truststore.jks" }

   Code Block
   language bash
   kubectl apply -f consul-template-sidecar.hclyaml --namespace hivemq

3. Add init container to the hivemq-platform values.yaml

   Code Block
   language yaml
   AadditionalInitContainers: - name: init-consul-template image: hashicorp/consul-template:latest command: [ "consul-template", "-once", "-config", "/consul-template/consul-template-sidecar.hcl" ] env: - name: CONSUL_TEMPLATE_LOG_LEVEL, "-kill-signal", "SIGTERM", "-log-level", "debug" ] valueenv: DEBUG - name: VAULT_ADDR value: http://vault.vault.svc.cluster.local:8200 - name: VAULT_TOKEN value: root - name: TARGET_ENV value: hivemq-poc1/data volumeMounts: - name: consul-template mountPath: /consul-template - name: hivemq-license mountPath: /opt/hivemq/license - name: hivemq-keystore mountPath: /opt/hivemq/consulkeystore

4. Add additional container:

   Code Block
   language yaml
   - name: sidecar-consul-template image: hashicorp/consul-template:latest command: [ '/bin/sh', '-c' ] args: - | trap 'echo "Terminating container"; exit 0' SIGTERM consul-template -config /consul-template/consul-template-sidecar.hcl -kill-signal SIGTERM -log-level debug" & while true; do sleep 1; done env: - name: CONSUL_TEMPLATE_LOG_LEVEL value: DEBUG - name: VAULT_ADDR value: http://vault.vault.svc.cluster.local:8200 - name: VAULT_TOKEN value: root - name: TARGET_ENV value: hivemq-poc1/data volumeMounts: - name: consul-template mountPath: /consul-template - name: hivemq-license mountPath: /opt/hivemq/license - name: hivemq-keystore mountPath: /opt/hivemq/consulkeystore

5. Add additional volumes

   Code Block
   language yaml
   additionalVolumes: - name: hivemq-license path: /opt/hivemq/license type: emptyDir containerName: hivemq - type: emptyDir name: hivemq-keystore containerName: hivemq path: /tls-hivemqpokeystoreopt/hivemq/keystore - type: configMap name: consul-template containerName: sidecar-consul-template path: /consul-template

6. Install HiveMQ Platform Operator

   Code Block
   language bash
   helm upgrade op --install hivemq/hivemq-platform-operator --set logLevel=DEBUG

7. Install HiveMQ Platform broker

   Code Block
   language bash
   helm upgrade broker --install hivemq/hivemq-platform --values values-hivemq-platform.yaml

...