Enable RBAC for the MQTT Broker
2 minute read
- Open UMHLens / OpenLens
- Navigate to Helm > Releases.
- Select the united-manufacturing-hub release and click Upgrade.
- Find the
- Locate the
rbacEnabledparameter and change its value from
- Click Upgrade.
Now all MQTT connections require password authentication with the following defaults:
Change default credentials
Open UMHLens / OpenLens
Navigate to Workloads > Pods.
Select the united-manufacturing-hub-hivemqce-0 Pod.
Click the Pod Shell button to open a shell in the container.
Navigate to the installation directory of the RBAC extension.
Generate a password hash with this command.
java -jar hivemq-file-rbac-extension-<version>.jar -p <password>
<version>with the version of the HiveMQ CE extension. If you are not sure which version is installed, you can press
java -jar hivemq-file-rbac-extension-to autocomplete the version.
<password>with your desired password. Do not use any whitespaces.
Copy the output of the command. It should look similar to this:
Navigate to Config > ConfigMaps.
Select the united-manufacturing-hub-hivemqce-extension ConfigMap.
Click the Edit button to open the ConfigMap editor.
data.credentials.xmlsection, replace the strings inbetween the
<password>tags with the password hash generated in step 7.You can use a different password for each different microservice. Just remember that you will need to update the configuration in each one to use the new password.
Click Save to apply the changes.
Go back to Workloads > Pods and select the united-manufacturing-hub-hivemqce-0 Pod.
Click the Delete button to delete the Pod.