Utilizing a ConfigMap with File-Based RBAC Extension

Pre-requisites

• An existing HiveMQ Kubernetes-Based deployment

• Access from a machine that has Kubectl installed, and has access to the HiveMQ Kubernetes Cluster (we will be performing modifications to the values.yaml, and using Helm to upgrade the HiveMQ operator)

Steps

1. Create a credentials configuration file (credentials.xml) that includes the configuration of Users, Roles and Permissions as meets your requirements. You can find an example by downloading the extension and modifying the included, pre-configured credentials.xml here. Please be sure to review the extension documentation for more details on configuration options. This credentials.xml will be used in the next steps to create a config map which will be utilized by the HiveMQ Kubernetes Operator.
   
   

2. The next step is to create a config map for credentials.xml by using the following command. Note that this requires the command be run from a machine that has kubectl installed, and will have access to the Kubernetes cluster.

   1. kubectl create configmap <name> --from-file path/to/credentials.xml

       

3. Edit your custom values.yaml and add the following hivemq-file-rbac-extension block to under the extensions:

   1. hivemq: ... extensions: - name: hivemq-file-rbac-extension extensionUri: https://github.com/hivemq/hivemq-file-rbac-extension/releases/download/4.5.3/hivemq-file-rbac-extension-4.5.3.zip configMap: <configmap name you have created in step 2> enabled: true

       

4. Apply changes using the Helm upgrade command:

   1. helm upgrade <release name> \ --install hivemq/hivemq-operator \ --values <values.yaml>

       

5. To verify the changes, please check the logs of any of the hivemq pods. If successful, the logs will indicate that the extension has started successfully, and the credentials.xml should be applied to these pods.