ESE Configuration in a Secret

Owned by Daria Samkova, created
Last updated: May 04, 2023
3 min read

HiveMQ extensions are configured with configuration files. To allow the HiveMQ Kubernetes Operator to manage the extension configuration files, usually you provide the extension configuration in a ConfigMap. However, it is possible to provide the extension configuration in a Kubernetes Secret.

 Instructions

The following procedure shows you how to place the enterprise-security-extension.xml into a Secret that a HiveMQ Cluster configuration references.

  1. Save the example XML file as enterprise-security-extension.xml

    <?xml version="1.0" encoding="UTF-8" ?> <enterprise-security-extension xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:noNamespaceSchemaLocation="enterprise-security-extension.xsd" version="1"> <pipelines> <listener-pipeline listener="ALL"> <allow-all-authentication-manager/> <allow-all-authorization-manager/> </listener-pipeline> </pipelines> </enterprise-security-extension>

  2. Create the Secret in your Kubernetes cluster:

    kubectl create secrect generic 'eseconfig' \ --from-file=enterprise-security-extension.xml \ --namespace ${namespace}

    where eseconfig will be the name of the new secret and ${namespace} variable contains the name of the target namespace.

  3. Update the HiveMQ Cluster configuration in the HiveMQ extensions section of your values.yaml file and remove the reference to the configMap:

    #configMap: eseconfig

    This example shows the HiveMQ Cluster enterprise security extension configuration that is NOT referencing any configMap that contains the extension configuration information, as the configMap: entry is commented out:

  4. Update the HiveMQ Cluster configuration in the HiveMQ additionalVolumes and additionalVolumeMounts section of your values.yaml file:

  5. Install HiveMQ Operator using your my-values.yaml file:

  6. As a result, the secret will be added to the HiveMQ pod as a volume my-secret-volume. The volume will be mounted to the hivemq container of the pod to the directory /conf-override/extensions/hivemq-enterprise-security-extension/conf. The initialization script will then create a symbolic link to the configuration file in the correct directory:

     

This approach is not a standard one. The standard approach is Extension Configuration with a ConfigMap: https://www.hivemq.com/docs/operator/4.8/kubernetes-operator/configuration.html#extension-config