HiveMQ license and Argo CD Vault Plugin Helm | HiveMQ Platform Operator (new)
- Daria Samkova
How to create HiveMQ Broker and Extensions licenses with Argo CD Vault Plugin Helm and Hashicorp Vault.
Instructions
Install Vault
helm repo add hashicorp https://helm.releases.hashicorp.com
helm repo update hashicorp
helm install vault hashicorp/vault --set server.dev.enabled=true --namespace vault --create-namespaceAdd HiveMQ licenses to the Vault
Considering that your HiveMQ Broker and Extensions licenses are organized in the licenses directory:
licenses
├── ese.elic
├── hivemq.lic
└── kafka.elicWait until the vault pod is ready and then copy the license files to the vault pod
kubectl wait --for=condition=Ready pod --selector app.kubernetes.io/instance=vault --namespace vault --timeout=30s
kubectl cp licenses/hivemq.lic vault-0:/tmp/hivemq.lic --namespace vault
kubectl cp licenses/ese.elic vault-0:/tmp/ese.elic --namespace vault
kubectl cp licenses/kafka.elic vault-0:/tmp/kafka.elic --namespace vaultCopy the bash script to the vault pod as well and execute it. This will set up the vault with the HiveMQ license secret, created from the license files uploaded before. This script also will enable Kubernetes Authorisation for the argocd/argocd-repo-server Kubernetes Service Account to read from the Vault from the HiveMQ license secret created.
kubectl cp 3-init-vault-argocd-hivemq.sh vault-0:/tmp/init-vault-argocd-hivemq.sh --namespace vault
kubectl exec --namespace vault --stdin --tty vault-0 -- /bin/sh -c "/tmp/init-vault-argocd-hivemq.sh"Add Argo CD configurations necessary to work with Vault
First, the argocd namespace must exist
kubectl create namespace argocdWhen the argocd namespace exists, it is possible to create the needed secret and configmap needed by the Argo CD Vault Plugin to access the vault and to handle the incoming Helm Charts based on the Vault Plugin Template
Download the referred config files:
Download the referred config files for DEBUGging issue helm charts:
kubectl apply --namespace argocd --filename vault-auth-secret.yaml
kubectl apply --namespace argocd --filename argocd-vault-plugin-credentials.yaml
kubectl apply --namespace argocd --filename argocd-vault-plugin-configmap-debug.yamlInstall Argo CD with Vault Plugin
Download the needed
helm upgrade --namespace argocd --install argocd argo/argo-cd --create-namespace --set server.config.insecure=true --values argocd-with-avp-values.yamlInstall HiveMQ Platform Operator with Argo CD
From a public Helm Repository https://hivemq.github.io/helm-charts, Chart hivemq-platform-operator revision 0.2.14
kubectl port-forward --namespace argocd service/argocd-server 8069:443 2>/dev/null >/dev/null &
while ! lsof -i :8069 2>/dev/null >/dev/null ; do echo -n . ; done
argocd login localhost:8069 --username admin --password $argocd_admin_password --insecure
argocd app create hpo-from-hivemq-helm \
--project default \
--repo https://hivemq.github.io/helm-charts \
--helm-chart hivemq-platform-operator \
--revision 0.2.14 \
--dest-server https://kubernetes.default.svc \
--dest-namespace hivemq \
--sync-policy automatedInstall HiveMQ Platform with Argo CD with a license secret created by the Vault Plugin from a Vault secret.
Download the example configuration file
This example configuration file is referencing git@github.com:/myusername/my-helm-charts-private.git
Replace the git@github.com:myusername/my-helm-charts-private.git with your own private repo containing the HiveMQ Helm Charts.
Add the private Docker repo to the Argo CD.
argocd repo add git@github.com:myusername/my-helm-charts-private.git --ssh-private-key-path argocd-read-my-helm-charts-private --type gitThen apply the manifest file, creating a new Argo CD application.
kubectl apply --file argocd-hivemq-platform-private-git-app.yaml