Hello all,
i am currenly working on migrating deployments from on-prem to cloud. For that i am using the hivemq comunity edition broker and deploying on kubernetes.
I am unable to config the extensions to autheticate the mqtt clients.
For this deployment i am not using helm chart instead i am using normal manifest files to deploy as pods in cloud.
Can someone help me why i am unable to copy my jar to extension inside my container.
for the broker configuration i passed config.xml and create configmap and pass as volumemount and volumes for the container , but i am unable config the extensions.
please helpme , where i am missing the logic.
Did anyone encounter this problem,?
i would like to hear from you soon.
Thanks and Regards
Gowtham
Hello @gowtham ,
Thank you for reaching out to us. I appreciate your message, and I’m glad to assist you with your issue. However, to better understand your situation and provide the best solution, could you please provide more details about the HiveMQ image you are using, the security extension you are referring to, and how you are trying to configure it?
Additionally, it would be helpful if you could share the link to your repository with the manifests and any error messages you have encountered.
As a general solution, you can add the extension and its configuration files to a custom image, and deploy it using that image. This approach has the advantage of not needing to worry about the configMap. However, a drawback is that updating the configuration will require rebuilding and pushing the new image.
Please let me know if you have any further questions or concerns, and I will be happy to assist you.
Best regards,
Dasha from HiveMQ Team
Hello @Daria_H,
Good morning,
The image i am using for deployment image as ’ hivemq/hivemq-ce ’ from hivemq dockerhub.
Extension :- File Role based Access Control that contains jar file, credentials, extension-config and hivemq-extension files in extension folder.
As you said using custom image for config and excatly we are deploying as docker-compose and disadvantage every time when we add new user or any details for clients to autheticate broker, we need to restart the broker.
We don’t want to do that with k8s we can pass as configmap and mount as volume mounts and volumes to deployment of broker.
If you understand my question properly, i want to deploy in kubernetes and using k8s objects.
Do you have any examples how to work with extensions especially deploying on k8s, if you have any usecases. please provide some manifest files or any thing that helps for my problem.
I would like to hear from you soon.
Thank you.
Best,
Gowtham
Hi @gowtham ,
HiveMQ does not provide specific instructions for HiveMQ-CE in Kubernetes.
For deployment and management of HiveMQ Cluster in Kubernetes, HiveMQ provides HiveMQ Kubernetes Operator.
The operator works only with HiveMQ Enterprise edition, as HiveMQ-CE does not support clustering. It is still possible to use HiveMQ Enterprise for a test without a license. In this case, the broker can function for 5 hours and handle up to 25 connections. If more connections/hours are required, you are welcome to reach out to sales@hivemq.com to deep dive into the use case and purchase a suitable license.
For the documentation and features of the HiveMQ Kubernetes Operator please refer to: HiveMQ Kubernetes Operator :: HiveMQ Documentation
For the manifests and Helm chart please refer to the following public repo: GitHub - hivemq/helm-charts: HiveMQ Helm charts or get from Helm with command helm pull hivemq/hivemq-operator --untar
.
I hope this helps.
Kind regards,
Dasha from HiveMQ Team
1 Like
Hello @Daria_H,
Thanks for the introducing your products and recommondations,
i would like to thank you for that. In the above problem i have created dockerfile with extensions and attach image to deployment , its work. But the problem with file-rbac extension for the version 4.5.3 its asking JAXB api dependency to read java objects but its worked for 4.5.1. I would request may be in the future will you add the @xml group class in the .xml files as dependency . I have idea about adding dependency with manual installation in pom.xml but for kubernetes deployments can you provide any source to solve this problem.
I would like to hear from you soon.
Thank you.
Best,
Gowtham Reddy Eeda
Hi @gowtham ,
Thank you for your further questions about HiveMQ Community Edition. We appreciate your interest in our software.
We regret to inform you that HiveMQ CE does not currently support clustering and is officially not compatible with Kubernetes. However, we do have an official HiveMQ Kubernetes Operator that you can use for Kubernetes deployments. You can find detailed installation instructions for the operator at Deploy the HiveMQ Kubernetes Operator :: HiveMQ Documentation.
If you have managed to run HiveMQ CE in Kubernetes on your own, we would be interested in seeing your manifests. We kindly request that you share them with us by providing a link to your repository. This will allow us to test and verify their compatibility with our software. Additionally, we would like to ask for the exact error message you are encountering when trying to add the HiveMQ File RBAC Extension. Providing this information will help us to better understand the issue and provide effective assistance.
Thank you for choosing HiveMQ Community Edition, and we look forward to hearing back from you.
Best regards,
Dasha
Hello @Daria_H @hivemq-support ,
I have some questions while deploying hivemq on k8s. I understand that you said its offically at the moment Hivemq not supporting for k8s deployments but supports as operator but as of now i am not using for my development.
How to validate the logs that are getting from hivemq promethus extension on prometheus…In the documentation i didnt find much information about that.
when i build through custom docker image and use those image for deployment its working but when i try to take out my user credentials.xml and pass as a secret its not working. Can you please help me out this issues .
please find the below error image…
Please guide me how can i achieve this.
I would like to hear from you soon.
if you dont understand, please write me back may be i can normalize my scenario even more better.
Best,
Gowtham
Hello Gautam,
I hope this message finds you well. I understand that you are having difficulty adding a Docker Secret to your project. Docker documentation provides clear instructions on how to do this using the long syntax format, which can be found here: Compose file version 3 reference | Docker Documentation.
If you’re still unsure how to proceed, I recommend referring to this repository on GitHub: GitHub - guinp1n/docker-compose-hivemq-ce: Docker compose YAML for running HiveMQ-CE with Prometheus Monitoring Extension and Grafana. It contains an example of running HiveMQ CE in a Docker container with Prometheus, Grafana, Prometheus Monitoring Extension, and File RBAC Extension. In this example, the credentials.xml
file is mounted from a Docker Secret.
Originally, you had asked for help with Kubernetes, and we are happy to help you. However, when we asked you to provide your manifests for Kubernetes, you did not do so. If you still require assistance with Kubernetes, we kindly request that you provide the necessary files. Without these files, we will not be able to help you effectively.
Please refrain from providing screenshots of your files, as this is disrespectful when you are explicitly asked to provide the files themselves.
Thank you for your understanding and cooperation.
Best regards,
Dasha from HiveMQ Team
Hello @Daria_H, Thanks for the feedback and providing source.
Meanwhile in the past we do same with docker compose and now trying to deploy on k8s.
Please read the goal.txt folder .
This is the sample repo it contains all the files GitHub - chinnu0209/hivemqce-k8s .
If you don’t understand what i am trying to achieve please let me know i can try to describe better.
if you have any sample example deployment repo please share and please let me know where i am missing.
I would like to hear from you soon.
Thank you.
Best,
Gowtham
Hello @Daria_H , Please find the below repo for the logs generated by broker. Sorry for the screenshot .I have already created repo and here is the link GitHub - chinnu0209/hivemqce-k8s. I would like to hear from you soon.
Thank you
Best,
Gowtham Reddy Eeda.
Hello @gowtham ,
To confirm, the configuration that we are looking to create requires that the credentials.xml file to be read by the RBAC extension is not stored within the expected directory (hivemq/extensions/credentials.xml) but instead in a K8S secret object, correct?
The RBAC extension does require access to the credentials.xml file for proper execution, though it does read and register changes to this file during runtime. My initial thought is to create an additional service on the device, or additional step within the start-up script for the broker that will make the credentials.xml available from the secret store in the expected directory during broker runtime, but this will likely prevent the RBAC extension from updating during runtime if changes are made to the secret and not replicated to the local credentials.xml. This will also require that the credentials file be available in the expected broker location for the duration of broker uptime, which seems to go against the intent of keeping this credentials.xml secure.
At this time, the RBAC extension does not provide support for additional/modified paths for the credentials.xml file.
Best,
Aaron from HiveMQ Team