/
Setup ESE with Postgres using k8s operator

Setup ESE with Postgres using k8s operator

Prerequisites:

  1. Helm version v3+

  2. Running Kubernetes cluster version 1.18.0 or higher

  3. kubectl latest version


Instructions

  1. Create a Namespace for the HiveMQ/Postgres deployment.
    You can skip this step you want to run everything in “default” namespace.

    Execute the following command to create a namespace:

    kubectl create namespace <namespace name>

    Switch to the newly created namespace:

    kubectl config set-context --current --namespace=<namespace name>
  2. Deploy Postgres

    Add the Bitnami Helm repository:

    helm repo add bitnami https://charts.bitnami.com/bitnami

    Create a postgres_values.yaml file to configure Postgres deployment:

    Create a ConfigMap called ese-db-init containing the ese-db-init.sql script, which creates tables and inserts data for testing purposes:

    Deploy Postgres using Helm:

    Verify the status of the pod:

    If an error occurs, check the pod logs:

    Connect to the Postgres pod to verify the connection:

    Use the following commands in the Postgres shell to interact with the database:

    • \l: List the databases.

    • \c <db name>: Connect to a specific database.

    • \dt: List the tables from the connected database.

    • select * from users;

  3. Deploy HiveMQ with Enterprise Security Extension (ESE)

Create a ConfigMap for the HiveMQ license (skip this step if you don't have a license yet):

Create a config.xml configuration file for the Enterprise Security Extension: You can also find examples of this file in the extension folder under conf/examples

configure sql-realm.

db-name - you can find this in the ese-db-init.sql, default it is postgres

db-host - this should be your postgres service name, you can get this via kubetctl get svc command

db-username - This should be from postgres_values.yaml auth.username block

db-password - This should be from postgres_values.yaml auth.password block

Configure the listener-pipeline. Since here we are using role-based authorization we need to set <use-authorization-key> to false and <use-authorization-role-key> to true.

Create a ConfigMap for the ESE configuration:

Create a hivemq_values.yaml file to deploy HiveMQ using the Kubernetes operator. Ensure that the ESE extension is preinstalled: Full values of the operator can be found here

(Note: CPU and Memory configs we have set for demo purposes. For production, we recommend qualifying our minimum hardware requirements for HiveMQ to run as expected. )

Deploy the HiveMQ cluster using Helm:

Check the status of the pods:

Verify the extension logs if it has started successfully:

Use the MQTT CLI to perform quick tests.

 

Related content

Expose MQTT port 1883 and test message flow using MQTT CLI
Expose MQTT port 1883 and test message flow using MQTT CLI
Read with this
Setting Up Enterprise PostgreSQL Extension with HiveMQ Platform Operator
Setting Up Enterprise PostgreSQL Extension with HiveMQ Platform Operator
More like this