This article explains about how to set secrets with the combination of environmental variables when using Hivemq operator. Also explains How to use them in Enterprise security extension for Username and Password.
Also you can also use just secrets for hivemq-licenses or any other sensitive data based on your usecase.
\uD83D\uDCD8 Instructions
Create secret file name as
db-secret.yaml(note username and password values are converted to base64)
for example:echo -n 'admin' | base64.. ====> “YWRtaW4=”apiVersion: v1 kind: Secret metadata: name: ese-secret type: Opaque data: dbusername: YWRtaW4= dbpassword: MWYyZDFlMmU2N2Rm
kubectl apply -f db-secret.yaml
You can verify if secret is created using following command
kubectl get secret
Use created secret in Hivemq operator’s values.yaml
hivemq: ... env: - name: DB_USERNAME valueFrom: secretKeyRef: name: ese-secret key: dbusername - name: DB_PASSWORD valueFrom: secretKeyRef: name: ese-secret key: dbpasswordUse same env variables in your ESE configuration and then create configMap of the same file. Also use same configMap name in your Hivemq’s values.yaml
... <realms> <!-- a postgresql db--> <sql-realm> <name>postgres-backend</name> <enabled>true</enabled> <configuration> <db-type>POSTGRES</db-type> <db-name>ese</db-name> <db-host>localhost</db-host> <db-port>5432</db-port> <db-username>${ENV:DB_USERNAME}</db-username> <db-password>${ENV:DB_PASSWORD}</db-password> </configuration> </sql-realm> </realms> ...Deploy Hivemq using values.yaml and that’s it.