Expose the HiveMQ Control Center and Rest API using Ingress
This article explains how to expose the HiveMQ Control Center and Rest API using Ingress.
Exposing the HiveMQ resources without a proper TLS implementation is not recommended in production so keep in mind to enhance the Ingress configuration with TLS as documented by the Ingress provider.
Prerequisites
The Kubernetes Ingress Controller of your choice (e.g. NGINX, Traefik, Voyager, …) is already set up and running.
k8s version 1.16+ is installed
Helm version 3 is installed
The Hivemq k8s operator repo is already added in the helm repo
Architecture Overview
Instructions
To deploy HiveMQ in Kubernetes using Helm you have to download the default
values.yaml
file from the official GitHub repository first.After this, you have to edit the file so the HiveMQ Control Center “cc” and the HiveMQ Rest API “api” will not get exposed (
expose: false
). You also have to uncomment the "api" section as you can see in the following example. With this configuration, the HiveMQ Kubernetes Operator will not create Kubernetes services for those HiveMQ components:
...
# The ports can be edited or expanded upon, but the MQTT port must be the first one.
ports:
- name: "mqtt"
port: 1883
expose: true
patch:
- '[{"op":"add","path":"/spec/selector/hivemq.com~1node-offline","value":"false"},{"op":"add","path":"/metadata/annotations","value":{"service.spec.externalTrafficPolicy":"Local"}}]'
# If you want Kubernetes to expose the MQTT port to external traffic
# - '[{"op":"add","path":"/spec/type","value":"LoadBalancer"}]'
- name: "cc"
port: 8080
expose: false
patch:
- '[{"op":"add","path":"/spec/sessionAffinity","value":"ClientIP"}]'
# If you want Kubernetes to expose the HiveMQ control center via load balancer.
# Warning: You should consider configuring proper security and TLS beforehand. Ingress may be a better option here.
# - '[{"op":"add","path":"/spec/type","value":"LoadBalancer"}]'
# To enable the HiveMQ REST API and expose it as a service. Be aware of the security risks of exposing the REST API
- name: "api"
port: 8888
expose: false
patch:
- '[{"op":"add","path":"/spec/sessionAffinity","value":"ClientIP"}]'
...
3. HiveMQ installation using custom values
For the installation using Helm, you have to add the official HiveMQ Helm repository and install the Helm chart using the modified values.yaml
file.
helm upgrade --install -f values.yaml hivemq-prod hivemq/hivemq-operator # you can change "hivemq-prod" to fit your needs
The HiveMQ Kubernetes Operator will automatically create all the necessary Kubernetes resources for you.
4. Expose the HiveMQ Control Center and REST API inside the Kubernetes Cluster
The following file hivemq-service.yaml
will create a Service called "hivemq-cc-service" with type ClusterIP to expose the HiveMQ Control Center and REST API inside your Kubernetes cluster.
apiVersion: v1
kind: Service
metadata:
name: hivemq-cc-service # The service name
spec:
ports:
- name: "cc"