{"type":"doc","content":[{"type":"heading","attrs":{"level":2},"content":[{"text":"Prerequisites:","type":"text"}]},{"type":"orderedList","attrs":{"order":1},"content":[{"type":"listItem","content":[{"type":"paragraph","content":[{"text":"Helm version v3+","type":"text"}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"text":"Running Kubernetes cluster version 1.18.0 or higher","type":"text"}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"text":"kubectl","type":"text","marks":[{"type":"underline"},{"type":"em"},{"type":"link","attrs":{"href":"https://kubernetes.io/docs/tasks/tools/install-kubectl/"}}]},{"text":" latest version","type":"text"}]}]}]},{"type":"heading","attrs":{"level":2},"content":[{"type":"hardBreak"},{"text":"Instructions","type":"text"}]},{"type":"orderedList","attrs":{"order":1},"content":[{"type":"listItem","content":[{"type":"paragraph","content":[{"text":"Create a Namespace for the HiveMQ/Postgres deployment.","type":"text","marks":[{"type":"strong"}]},{"text":" ","type":"text"},{"type":"hardBreak"},{"text":"You can skip this step you want to run everything in “default” namespace.","type":"text"}]},{"type":"paragraph","content":[{"text":"Execute the following command to create a namespace:","type":"text"}]},{"type":"codeBlock","attrs":{"language":"shell"},"content":[{"text":"kubectl create namespace ","type":"text"}]},{"type":"paragraph","content":[{"text":"Switch to the newly created namespace:","type":"text"}]},{"type":"codeBlock","attrs":{"language":"shell"},"content":[{"text":"kubectl config set-context --current --namespace=","type":"text"}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"text":"Deploy Postgres","type":"text","marks":[{"type":"strong"}]}]},{"type":"paragraph","content":[{"text":"Add the Bitnami Helm repository:","type":"text"}]},{"type":"codeBlock","attrs":{"language":"shell"},"content":[{"text":"helm repo add bitnami https://charts.bitnami.com/bitnami","type":"text"}]},{"type":"paragraph","content":[{"text":"Create a ","type":"text"},{"text":"postgres_values.yaml","type":"text","marks":[{"type":"code"}]},{"text":" file to configure Postgres deployment:","type":"text"}]},{"type":"codeBlock","attrs":{"language":"yaml"},"content":[{"text":"global:\n #storageClass: \"rook-ceph-block\"\n postgresql:\n auth:\n password: password\n postgresPassword: password\n username: admin\n\nprimary:\n initdb:\n scriptsConfigMap: ese-db-init","type":"text"}]},{"type":"paragraph","content":[{"text":"Create a ConfigMap called ","type":"text"},{"text":"ese-db-init","type":"text","marks":[{"type":"code"}]},{"text":" containing the ","type":"text"},{"text":"ese-db-init.sql","type":"text","marks":[{"type":"code"}]},{"text":" script, which creates tables and inserts data for testing purposes:","type":"text"},{"type":"hardBreak"},{"type":"mediaInline","attrs":{"id":"5d3e17c3-b943-426b-90d6-f3f19ce7876a","collection":"contentId-2225930241"}},{"text":" ","type":"text"},{"type":"mediaInline","attrs":{"id":"01d1e019-ec59-40e1-a145-10072d158b7a","collection":"contentId-2225930241"}},{"text":" ","type":"text"}]},{"type":"codeBlock","attrs":{"language":"shell"},"content":[{"text":"kubectl create configmap ese-db-init --from-file 0_ese-db-init.sql --from-file 1_permissions.sql","type":"text"}]},{"type":"paragraph","content":[{"text":"Deploy Postgres using Helm:","type":"text"}]},{"type":"codeBlock","attrs":{"language":"shell"},"content":[{"text":"helm upgrade postgres --install bitnami/postgresql --values postgres_values.yaml","type":"text"}]},{"type":"paragraph","content":[{"text":"Verify the status of the pod:","type":"text"}]},{"type":"codeBlock","attrs":{"language":"shell"},"content":[{"text":"kubectl get pods","type":"text"}]},{"type":"paragraph","content":[{"text":"If an error occurs, check the pod logs:","type":"text"}]},{"type":"codeBlock","attrs":{"language":"shell"},"content":[{"text":"kubectl logs ","type":"text"}]},{"type":"paragraph","content":[{"text":"Connect to the Postgres pod to verify the connection:","type":"text"}]},{"type":"codeBlock","attrs":{"language":"shell"},"content":[{"text":"psql --host 127.0.0.1 -U postgres -d postgres -p 5432","type":"text"}]},{"type":"paragraph","content":[{"text":"Use the following commands in the Postgres shell to interact with the database:","type":"text"}]},{"type":"bulletList","content":[{"type":"listItem","content":[{"type":"paragraph","content":[{"text":"\\l","type":"text","marks":[{"type":"code"}]},{"text":": List the databases.","type":"text"}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"text":"\\c ","type":"text","marks":[{"type":"code"}]},{"text":": Connect to a specific database.","type":"text"}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"text":"\\dt","type":"text","marks":[{"type":"code"}]},{"text":": List the tables from the connected database.","type":"text"}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"text":"select * from users;","type":"text"},{"type":"hardBreak"}]}]}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"text":"Deploy HiveMQ with Enterprise Security Extension (ESE)","type":"text","marks":[{"type":"strong"}]}]}]}]},{"type":"paragraph","content":[{"text":"Create a ConfigMap for the HiveMQ license (skip this step if you don't have a license yet):","type":"text"}]},{"type":"codeBlock","attrs":{"language":"shell"},"content":[{"text":"kubectl create configmap hivemq-license --from-file=hivemq-ese-2021.lic","type":"text"}]},{"type":"paragraph","content":[{"text":"Create a ","type":"text"},{"text":"config.xml","type":"text","marks":[{"type":"code"}]},{"text":" configuration file for the Enterprise Security Extension: You can also find examples of this file in the extension folder under ","type":"text"},{"text":"conf/examples","type":"text","marks":[{"type":"code"}]}]},{"type":"paragraph","marks":[{"type":"indentation","attrs":{"level":1}}],"content":[{"text":"configure ","type":"text"},{"text":"sql-realm","type":"text","marks":[{"type":"code"}]},{"text":". ","type":"text"}]},{"type":"paragraph","marks":[{"type":"indentation","attrs":{"level":2}}],"content":[{"text":"db-name","type":"text","marks":[{"type":"strong"}]},{"text":" - you can find this in the ese-db-init.sql, default it is ","type":"text"},{"text":"postgres","type":"text","marks":[{"type":"em"}]}]},{"type":"paragraph","marks":[{"type":"indentation","attrs":{"level":2}}],"content":[{"text":"db-host ","type":"text","marks":[{"type":"strong"}]},{"text":"- this should be your postgres service name, you can get this via ","type":"text"},{"text":"kubetctl get svc","type":"text","marks":[{"type":"code"}]},{"text":" command","type":"text"}]},{"type":"paragraph","marks":[{"type":"indentation","attrs":{"level":2}}],"content":[{"text":"db-username","type":"text","marks":[{"type":"strong"}]},{"text":" - This should be from postgres_values.yaml auth.username block","type":"text"}]},{"type":"paragraph","marks":[{"type":"indentation","attrs":{"level":2}}],"content":[{"text":"db-password","type":"text","marks":[{"type":"strong"}]},{"text":" - This should be from postgres_values.yaml auth.password block","type":"text"}]},{"type":"paragraph","marks":[{"type":"indentation","attrs":{"level":1}}],"content":[{"text":"Configure the ","type":"text"},{"text":"listener-pipeline","type":"text","marks":[{"type":"code"}]},{"text":". Since here we are using role-based authorization we need to set ","type":"text"},{"text":" ","type":"text","marks":[{"type":"code"}]},{"text":"to false and ","type":"text"},{"text":"","type":"text","marks":[{"type":"code"}]},{"text":" to true. ","type":"text"},{"type":"hardBreak"}]},{"type":"codeBlock","attrs":{"language":"xml"},"content":[{"text":"\n\n \n \n \n postgres-backend\n true\n \n POSTGRES\n hivemq\n postgres-servicename\n 5432\n hivemq\n password\n \n \n \n \n \n \n \n \n postgres-backend\n \n \n \n postgres-backend\n false\n true\n \n \n \n","type":"text"}]},{"type":"paragraph","content":[{"text":"Create a ConfigMap for the ESE configuration:","type":"text"}]},{"type":"codeBlock","attrs":{"language":"shell"},"content":[{"text":"kubectl create configmap enterprise-security-extension-config --from-file config.xml","type":"text"}]},{"type":"paragraph","content":[{"text":"Create a ","type":"text"},{"text":"hivemq_values.yaml","type":"text","marks":[{"type":"code"}]},{"text":" file to deploy HiveMQ using the Kubernetes operator. Ensure that the ESE extension is preinstalled: Full values of the operator can be found ","type":"text"},{"text":"here","type":"text","marks":[{"type":"link","attrs":{"href":"https://github.com/hivemq/helm-charts/blob/master/charts/hivemq-operator/values.yaml"}}]}]},{"type":"paragraph","content":[{"text":"(Note: CPU and Memory configs we have set for demo purposes. For production, we recommend qualifying our ","type":"text"},{"text":"minimum hardware requirements","type":"text","marks":[{"type":"link","attrs":{"href":"https://docs.hivemq.com/hivemq/4.16/user-guide/system-requirements.html#minimum"}}]},{"text":" for HiveMQ to run as expected. )","type":"text"}]},{"type":"codeBlock","attrs":{"language":"yaml"},"content":[{"text":"hivemq:\n cpu: 2\n memory: 2Gi\n nodeCount: \"2\"\n \n extensions:\n - enabled: true\n extensionUri: preinstalled\n initialization: |\n # A little hack because k8s configMaps can't handle sub-directories\n [[ -e /conf-override/extensions/hivemq-enterprise-security-extension/config.xml ]] &&\n rm -f $(pwd)/conf/config.xml &&\n cp -s /conf-override/extensions/hivemq-enterprise-security-extension/config.xml $(pwd)/conf/config.xml\n [[ ! -f drivers/postgres-jdbc.jar ]] &&\n curl -L https://jdbc.postgresql.org/download/postgresql-42.2.14.jar --output drivers/jdbc/postgres.jar\n name: hivemq-enterprise-security-extension\n configMap: enterprise-security-extension-config\n \n ports:\n - name: \"mqtt\"\n port: 1883\n expose: true\n patch:\n - '[{\"op\":\"add\",\"path\":\"/spec/selector/hivemq.com~1node-offline\",\"value\":\"false\"},{\"op\":\"add\",\"path\":\"/metadata/annotations\",\"value\":{\"service.spec.externalTrafficPolicy\":\"Local\"}}]'\n # If you want Kubernetes to expose the MQTT port to external traffic\n # - '[{\"op\":\"add\",\"path\":\"/spec/type\",\"value\":\"LoadBalancer\"}]'\n - name: \"cc\"\n port: 8080\n expose: true\n patch:\n - '[{\"op\":\"add\",\"path\":\"/spec/sessionAffinity\",\"value\":\"ClientIP\"}]'\n # If you want Kubernetes to expose the MQTT port to external traffic\n # - '[{\"op\":\"add\",\"path\":\"/spec/type\",\"value\":\"LoadBalancer\"}]'\n configMaps:\n - name: hivemq-license\n path: /opt/hivemq/license\noperator:\n admissionWebhooks:\n enabled: false","type":"text"}]},{"type":"paragraph","content":[{"text":"Deploy the HiveMQ cluster using Helm:","type":"text"}]},{"type":"codeBlock","attrs":{"language":"shell"},"content":[{"text":"helm upgrade --install -f hivemq_values.yaml hivemq/hivemq-operator","type":"text"}]},{"type":"paragraph","content":[{"text":"Check the status of the pods:","type":"text"}]},{"type":"codeBlock","attrs":{"language":"shell"},"content":[{"text":"kubectl get pods","type":"text"}]},{"type":"paragraph","content":[{"text":"Verify the extension logs if it has started successfully:","type":"text"}]},{"type":"codeBlock","attrs":{"language":"shell"},"content":[{"text":"kubectl logs ","type":"text"}]},{"type":"paragraph","content":[{"text":"Use the MQTT CLI to perform quick tests.","type":"text"}]},{"type":"paragraph"}],"version":1}

Browser not supported