ESE Quick Start with File Realm | HiveMQ Platform Kubernetes Operator
- Daria Samkova
Basic authentication for broker connectivity can be enabled by using HiveMQ Enterprise Security Extension with File Realm.
Instructions
With HiveMQ Platform Operator for Kubernetes, the Enterprise Security Extension is preinstalled, – present on the HiveMQ Platform container image, and it is only necessary to enable it in the HiveMQ Platform’s values.yaml and add necessary configuration files as secret.
Step 1. Create a secret with HiveMQ Enterprise Security Extension’s configuration files. Please see the example configuration files attached hereby:
ESE config.xml
ESE File Realm config:
kubectl create secret generic ese-config-files --namespace hivemq --from-file config.xml --from-file ese-file-realm.xmlStep 2. Update values.yaml
Enable The HiveMQ Enterprise Security Extension (set enabled: true) and specify the secret, containing the configuration files (secretName: "ese-config-files")
# HiveMQ Enterprise Security Extension
# This extension does not support hot-reload of the configuration.
- name: hivemq-enterprise-security-extension
enabled: true
# The secret name that contains the Security extension configuration.
secretName: "ese-config-files"Disable the HiveMQ Allow All Extension (set enabled: false)
# HiveMQ Allow All Extension
# By default, the HiveMQ Platform is installed with this extension to permit all MQTT connections for testing.
# For production, add a security extension and disable this extension.
- name: hivemq-allow-all-extension
enabled: falseStep 3. License
The HiveMQ Enterprise Security Extension is using a separate license file with .elic extension. It is possible simply to add the ESE license file to the HiveMQ License secret:
kubectl create secret generic hivemq-license-files --namespace=hivemq \
--from-file hivemq-license.lic \
--from-file ese-license.elicThe values.yaml:
# Configures all HiveMQ licenses.
license:
# Creates a Kubernetes Secret for the configured HiveMQ licenses.
create: false
# The name of the Kubernetes Secret with all HiveMQ licenses.
# To create a new Kubernetes Secret with licenses, set create=true. Otherwise, false to reuse an existing Secret.
name: "hivemq-license-files"Step 4. After updating the HiveMQ deployment with Enterprise Security Extension and rolling out the changes to the HiveMQ cluster, test the login the HiveMQ Control Center. It should be possible to login with user cc-user-1 and password cc-password-1 (see ese-file-realm.xml for more details).