HiveMQ extensions are configured with configuration files. To allow the HiveMQ Kubernetes Operator to manage the extension configuration files, usually you provide the extension configuration in a ConfigMap. However, it is possible to provide the extension configuration in a Kubernetes Secret.
\uD83D\uDCD8 Instructions
The following procedure shows you how to place the enterprise-security-extension.xml into a Secret that a HiveMQ Cluster configuration references.
Save the example XML file as
enterprise-security-extension.xml<?xml version="1.0" encoding="UTF-8" ?> <enterprise-security-extension xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:noNamespaceSchemaLocation="enterprise-security-extension.xsd" version="1"> <pipelines> <listener-pipeline listener="ALL"> <allow-all-authentication-manager/> <allow-all-authorization-manager/> </listener-pipeline> </pipelines> </enterprise-security-extension>Create the Secret in your Kubernetes cluster:
kubectl create secrect generic 'eseconfig' \ --from-file=enterprise-security-extension.xml \ --namespace ${namespace}where
eseconfigwill be the name of the new secret and${namespace}variable contains the name of the target namespace.Update the HiveMQ Cluster configuration in the HiveMQ
extensionssection of yourvalues.yamlfile and remove the reference to the configMap:#configMap: eseconfig
This example shows the HiveMQ Cluster enterprise security extension configuration that is NOT referencing any configMap that contains the extension configuration information, as the
configMap:entry is commented out:... hivemq: ... extensions: ... - name: hivemq-enterprise-security-extension extensionUri: preinstalled enabled: true #configMap: eseconfig # Note that this is just an example initialization routine. Make sure this points to the current JDBC version you require for your configuration. initialization: | # A little hack because k8s configMaps can't handle sub-directories [[ -e /conf-override/extensions/hivemq-enterprise-security-extension/enterprise-security-extension.xml ]] && rm -f $(pwd)/conf/enterprise-security-extension.xml && cp -s /conf-override/extensions/hivemq-enterprise-security-extension/enterprise-security-extension.xml $(pwd)/conf/enterprise-security-extension.xml [[ ! -f drivers/postgres-jdbc.jar ]] && curl -L https://jdbc.postgresql.org/download/postgresql-42.2.14.jar --output drivers/jdbc/postgres.jarUpdate the HiveMQ Cluster configuration in the HiveMQ
additionalVolumesandadditionalVolumeMountssection of yourvalues.yamlfile:... hivemq: ... # Additional volumes to add to the HiveMQ Pod additionalVolumes: - name: my-secret-volume secret: secretName: eseconfig # Additional volume mounts for the HiveMQ container additionalVolumeMounts: - name: my-secret-volume mountPath: /conf-override/extensions/hivemq-enterprise-security-extensionInstall HiveMQ Operator using your
my-values.yamlfile:helm upgrade ${hivemqReleaseName} --install hivemq/hivemq-operator \ --values my-values.yamlAs a result, the secret will be added to the HiveMQ pod as a volume
my-secret-volume. The volume will be mounted to thehivemqcontainer of the pod to the directory/conf-override/extensions/hivemq-enterprise-security-extension/conf. The initialization script will then create a symbolic link to the configuration file in the correct directory:cp -s /conf-override/extensions/hivemq-enterprise-security-extension/enterprise-security
This approach is not a standard one. The standard approach is Extension Configuration with a ConfigMap: https://www.hivemq.com/docs/operator/4.8/kubernetes-operator/configuration.html#extension-config