Enable RBAC for the MQTT Broker
2 minute read
Enable RBAC
- Open UMHLens / OpenLens
- Navigate to Helm > Releases.
- Select the united-manufacturing-hub release and click Upgrade.
- Find the
mqtt_broker
section. - Locate the
rbacEnabled
parameter and change its value fromfalse
totrue
. - Click Upgrade.
Now all MQTT connections require password authentication with the following defaults:
- Username:
node-red
- Password:
INSECURE_INSECURE_INSECURE
Change default credentials
Open UMHLens / OpenLens
Navigate to Workloads > Pods.
Select the united-manufacturing-hub-hivemqce-0 Pod.
Click the Pod Shell button to open a shell in the container.
Navigate to the installation directory of the RBAC extension.
cd extensions/hivemq-file-rbac-extension/
Generate a password hash with this command.
java -jar hivemq-file-rbac-extension-<version>.jar -p <password>
- Replace
<version>
with the version of the HiveMQ CE extension. If you are not sure which version is installed, you can pressTab
after typingjava -jar hivemq-file-rbac-extension-
to autocomplete the version. - Replace
<password>
with your desired password. Do not use any whitespaces.
- Replace
Copy the output of the command. It should look similar to this:
$2a$10$Q8ZQ8ZQ8ZQ8ZQ8ZQ8ZQ8Zu
Navigate to Config > ConfigMaps.
Select the united-manufacturing-hub-hivemqce-extension ConfigMap.
Click the Edit button to open the ConfigMap editor.
In the
data.credentials.xml
section, replace the strings inbetween the<password>
tags with the password hash generated in step 7.You can use a different password for each different microservice. Just remember that you will need to update the configuration in each one to use the new password.Click Save to apply the changes.
Go back to Workloads > Pods and select the united-manufacturing-hub-hivemqce-0 Pod.
Click the Delete button to delete the Pod.