\uD83D\uDCD8 Instructions
Put secrets to the vault and enable to read them via policy “hivemq”:
vault secrets enable -path=hivemq-poc1 kv-v2 cd /tmp vault kv put hivemq-poc1/opt/hivemq/conf/hivemq.jks.b64 mydata="$(base64 </tmp/hivemq.jks)" \ keystore.password=changeme keystore.passphrase=changeme vault kv put hivemq-poc1/opt/hivemq/conf/hivemqtruststore.jks.b64 mydata="$(base64 </tmp/hivemqtruststore.jks)" vault kv put hivemq-poc1/opt/hivemq/license/hivemq.lic.b64 "mydata=$(base64 </tmp/hivemq.lic)" vault policy write hivemq - <<EOF path "hivemq-poc1/data/opt/hivemq/license" { capabilities = ["read"] } path "hivemq-poc1/data/opt/hivemq/conf" { capabilities = ["read"] } EOFCreate the HCL template to fetch and decode the secrets:
kubectl apply -f consul-template-sidecar.hcl --namespace hivemq
Add init container to the hivemq-platform values.yaml
AadditionalInitContainers: - name: init-consul-template image: hashicorp/consul-template:latest command: [ "consul-template", "-once", "-config", "/consul-template/consul-template-sidecar.hcl" ] env: - name: CONSUL_TEMPLATE_LOG_LEVEL value: DEBUG - name: VAULT_ADDR value: http://vault.vault.svc.cluster.local:8200 - name: VAULT_TOKEN value: root - name: TARGET_ENV value: hivemq-poc1/data volumeMounts: - name: consul-template mountPath: /consul-template - name: hivemq-license mountPath: /opt/hivemq/license - name: hivemq-keystore mountPath: /opt/hivemq/consulAdd additional container:
- name: sidecar-consul-template image: hashicorp/consul-template:latest command: [ '/bin/sh', '-c' ] args: - | trap 'echo "Terminating container"; exit 0' SIGTERM consul-template -config /consul-template/consul-template-sidecar.hcl & while true; do sleep 1; done env: - name: CONSUL_TEMPLATE_LOG_LEVEL value: DEBUG - name: VAULT_ADDR value: http://vault.vault.svc.cluster.local:8200 - name: VAULT_TOKEN value: root - name: TARGET_ENV value: hivemq-poc1/data volumeMounts: - name: consul-template mountPath: /consul-template - name: hivemq-license mountPath: /opt/hivemq/license - name: hivemq-keystore mountPath: /opt/hivemq/consulAdd additional volumes
additionalVolumes: - name: hivemq-license path: /opt/hivemq/license type: emptyDir containerName: hivemq - type: emptyDir name: hivemq-keystore containerName: hivemq path: /tls-hivemqpokeystore - type: configMap name: consul-template containerName: sidecar-consul-template path: /consul-templateInstall HiveMQ Platform Operator
helm upgrade op --install hivemq/hivemq-platform-operator --set logLevel=DEBUG
Install HiveMQ Platform broker
helm upgrade broker --install hivemq/hivemq-platform --values values-hivemq-platform.yaml
If Helm upgrade broker fails, for example, because of a mistake in a test configuration, do not immediately force-delete broker pods. Instead, first uninstall the release:
helm uninstall broker
Only if the uninstallation cannot terminate broker pods, force delete them:
kubectl delete pod --selector hivemq-platform=broker --grace-period=0 --force
Tested with:
Helm v3.15.4
Kubernetes v1.29.7
Kubectl v1.29.2
Kubernetes provider: AKS 2xStandard_A8_v2