Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

Version 1 Next »

HiveMQ extensions are configured with configuration files. To allow the HiveMQ Kubernetes Operator to manage the extension configuration files, you provide the extension configuration in a ConfigMap.

\uD83D\uDCD8 Instructions

The following procedure shows you how to place the enterprise-security-extension.xml into a ConfigMap that a HiveMQ Cluster configuration references.

  1. Save the example XML file as enterprise-security-extension.xml

    <?xml version="1.0" encoding="UTF-8" ?>
<enterprise-security-extension
        xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
        xsi:noNamespaceSchemaLocation="enterprise-security-extension.xsd"
        version="1">

    <pipelines>
        <listener-pipeline listener="ALL">
            <allow-all-authentication-manager/>
            <allow-all-authorization-manager/>
        </listener-pipeline>
    </pipelines>
</enterprise-security-extension>

  2. Create the ConfigMap in Kubernetes cluster:

    kubectl create configmap 'eseconfig' --from-file=enterprise-security-extension.xml \
  --namespace ${namespace}

    where eseconfig will be the name of the new configmap and ${namespace} variable contains the name of the target namespace.

  3. Update the HiveMQ Cluster configuration in HiveMQ extensions section of your values.yaml file with

        configMap: eseconfig

    This example shows the HiveMQ Cluster enterprise security extension configuration that references the ConfigMap eseconfig that contains the extension configuration information:

    ...
hivemq:
...
  extensions:
    ...
    - name: hivemq-enterprise-security-extension
      extensionUri: preinstalled
      enabled: true
      configMap: eseconfig
      # Note that this is just an example initialization routine. Make sure this points to the current JDBC version you require for your configuration.
      initialization: |
        # A little hack because k8s configMaps can't handle sub-directories
        [[ -e /conf-override/extensions/hivemq-enterprise-security-extension/enterprise-security-extension.xml ]] &&
        rm -f $(pwd)/conf/enterprise-security-extension.xml &&
        cp -s /conf-override/extensions/hivemq-enterprise-security-extension/enterprise-security-extension.xml $(pwd)/conf/enterprise-security-extension.xml

        [[ ! -f drivers/postgres-jdbc.jar ]] &&
        curl -L https://jdbc.postgresql.org/download/postgresql-42.2.14.jar --output drivers/jdbc/postgres.jar

  4. Install HiveMQ Operator using your my-values.yaml file:

    helm upgrade ${hivemqReleaseName} --install hivemq/hivemq-operator \
  --values my-values.yaml

  5. HiveMQ Kubernetes Operator will automatically add configmap eseconfig to the hivemq pod as a volume eseconfig. Volume eseconfig will be mounted to hivemq container as directory /conf-override/extensions/hivemq-enterprise-security-extension. The initialization script will then create a symbolic link to the configuration file in the correct directory:

    cp -s /conf-override/extensions/hivemq-enterprise-security-extension/enterprise-security-extension.xml $(pwd)/conf/enterprise-security-extension.xml

HiveMQ Kubernetes Operator will automatically handle only ConfigMap, not a Secret. For configuration with a Secret refer to article Enterprise Security Extension Configuration with a secret with HiveMQ Kubernetes Operator .

  • No labels