HiveMQ license as a Kubernetes Secret

How to use Kubernetes Secret to specify HiveMQ license with HiveMQ Operator.
HiveMQ requires a license as a file in /opt/hivemq/license directory. There are 3 ways to add the license with HiveMQ Operator:

1. as a raw value in the values.yaml file,

2. as a configMap in the values.yaml file,

3. as a secret in the values.yaml file.

This article explains how to use Kubernetes Secret to specify a HiveMQ license with HiveMQ Operator.

\uD83D\uDCD8 Instructions

1. Edit the values.yaml file to specify that the license file is contained in hivemq-license secret, which will be mounted to the directory /opt/hivemq/license

   hivemq:
   ...
     secrets: 
     # Secrets to mount to the HiveMQ pods. These can be mounted to existing directories without shadowing the folder contents as well.
     - name: hivemq-license
       path: /opt/hivemq/license
   ...

2. If there is no namespace for the HiveMQ, then create one and switch the kubectl context to it

   kubectl create namespace 'hivemq'
   kubectl config set-context --current --namespace='hivemq'

3. Create the secret with nave hivemq-license in the namespace hivemq from the license file hivemq-2023.lic

   kubectl create secret generic 'hivemq-license' \
     --from-file 'hivemq-license.lic' \
     --namespace 'hivemq'

4. Install HiveMQ with the release name hivemq-mine from the Helm chart hivemq-operator to the namespace hivemq and use parameter values from the file values.yaml

   helm upgrade 'hivemq-release' \
     --install 'hivemq/hivemq-operator' \
     --namespace 'hivemq' \
     --values 'values.yaml'

\uD83D\uDCCB Related articles

• Page:
  Inject license via Hashicorp Vault Agent Annotations | HiveMQ Platform Operator (new) —

  Vault Agent Sidecar Injector service leverages the sidecar container pattern and Kubernetes mutating admission webhook to intercept pods that define specific annotations and inject a Vault Agent container to manage these secrets.

  This is beneficial because:

  • Applications remain Vault unaware as the secrets are stored on the file-system in their container.

• Page:
  Inject license via Hashicorp Vault Agent Init Container | HiveMQ Platform Operator (new) —

  Vault Agent provides a number of different helper features, specifically addressing the following challenges:

  • Automatic authentication

• Page:
  Inject license via Hashicorp Vault Agent | HiveMQ Operator (legacy) —

  In this knowledge base article, we set up Hashicorp Vault and injector service with the Hashicorp Vault Helm chart and store a HiveMQ License as a secret. Then we will deploy the HiveMQ broker cluster with the hivemq-operator Helm chart to demonstrate how the Hashicorp Vault injector service retrieves, decodes and writes the secret to /opt/hivemq/license/hivmq.lic file on the pod for the HiveMQ application to use.

• Page:
  Set the HiveMQ License File from a Kubernetes Secret —

  HiveMQ requires a valid license file placed in the /opt/hivemq/license directory within the HiveMQ container to operate properly. You can specify this license file using HiveMQ Operator in three different ways: as a raw value in the values.yaml file, as a configMap in the values.yaml file, or as a Secret in the values.yaml file. This article will guide you through the process of using a Kubernetes Secret.

• Page:
  Retrieving HiveMQ licence information —

  Question

  How can I access information about the loaded HiveMQ license?

  Answer