TechQA.

how to add password in vernemq with eks

260 views Asked by At

I have created a VerneMQ and hosted it in AWS EKS. I want to add password authentication to the VerneMQ so I created a K8 secret and added it to the stateful set but every time I try to make a client connection I'm getting disconnected with the below error message in paho client

disconnected. rc - 5 userdata

Below is my YAML file:

---
apiVersion: v1
kind: Secret
metadata:
  name: vernemq-passwd
type: Opaque
data:
  username: <encrypted username>
  password: <encrypted password>
--- 
apiVersion: apps/v1
kind: StatefulSet
metadata: 
  name: vernemq
spec: 
  replicas: 1
  selector: 
    matchLabels: 
      app: vernemq
  serviceName: vernemq
  template: 
    metadata: 
      labels: 
        app: vernemq
    spec:
      serviceAccountName: vernemq
      terminationGracePeriodSeconds: 200
      containers:
      - name: vernemq
        image: vernemq/vernemq:latest
        imagePullPolicy: Always
        lifecycle:
          preStop:
            exec:
              command:
              - /bin/bash
              - -c
              - /usr/sbin/vmq-admin cluster leave node=VerneMQ@${MY_POD_NAME}.vernemq.${DOCKER_VERNEMQ_KUBERNETES_NAMESPACE}.svc.cluster.local ; sleep 5 ; /usr/sbin/vmq-admin cluster leave node=VerneMQ@${MY_POD_NAME}.vernemq.${DOCKER_VERNEMQ_KUBERNETES_NAMESPACE}.svc.cluster.local -k; sleep 5;
        ports:
        - containerPort: 1883
          name: mqtt
          hostPort: 1883
        - containerPort: 8883
        - containerPort: 4369
          name: epmd
        - containerPort: 44053
          name: vmq
        - containerPort: 8888
          name: health
        - containerPort: 9100
        - containerPort: 9101
        - containerPort: 9102
        - containerPort: 9103
        - containerPort: 9104
        - containerPort: 9105
        - containerPort: 9106
        - containerPort: 9107
        - containerPort: 9108
        - containerPort: 9109
        - containerPort: 8888
        resources:
          limits:
            cpu: "2"
            memory: 3Gi
          requests:
            cpu: "1"
            memory: 1Gi
        env:
        - name: DOCKER_VERNEMQ_ACCEPT_EULA
          value: "yes"
        - name: MY_POD_NAME
          valueFrom:
           fieldRef:
             fieldPath: metadata.name
        - name: DOCKER_VERNEMQ_DISCOVERY_KUBERNETES
          value: "1"
        - name: DOCKER_VERNEMQ_KUBERNETES_APP_LABEL
          value: "vernemq"
        - name: DOCKER_VERNEMQ_KUBERNETES_NAMESPACE
          valueFrom:
           fieldRef:
             fieldPath: metadata.namespace
        - name: DOCKER_VERNEMQ_ERLANG__DISTRIBUTION__PORT_RANGE__MINIMUM
          value: "9100"
        - name: DOCKER_VERNEMQ_ERLANG__DISTRIBUTION__PORT_RANGE__MAXIMUM
          value: "9109"
        - name: DOCKER_VERNEMQ_ALLOW_ANONYMOUS
          value: "on"
        - name:  DOCKER_VERNEMQ_LISTENER__TCP__DEFAULT
          value: "0.0.0.0:1883"
        - name: DOCKER_VERNEMQ_VMQ_WEBHOOKS__POOL_timeout
          value: "6000"
        - name: DOCKER_VERNEMQ_LISTENER__HTTP__DEFAULT
          value: "0.0.0.0:8888"
        - name: DOCKER_VERNEMQ_LISTENER__MAX_CONNECTIONS
          value: "infinity"
        - name: DOCKER_VERNEMQ_LISTENER__NR_OF_ACCEPTORS
          value: "10000"
        - name: DOCKER_VERNEMQ_MAX_INFLIGHT_MESSAGES
          value: "0"
        - name:  DOCKER_VERNEMQ_ALLOW_MULTIPLE_SESSIONS
          value: "on"
        - name: DOCKER_VERNEMQ_ALLOW_REGISTER_DURING_NETSPLIT
          value: "on"
        - name: DOCKER_VERNEMQ_ALLOW_PUBLISH_DURING_NETSPLIT
          value: "on"
        - name: DOCKER_VERNEMQ_ALLOW_SUBSCRIBE_DURING_NETSPLIT
          value: "on"
        - name: DOCKER_VERNEMQ_ALLOW_UNSUBSCRIBE_DURING_NETSPLIT
          value: "on"
        - name: DOCKER_VERNEMQ_VMQ_PASSWD__PASSWORD_FILE
          value: "/etc/vernemq/vmq.passwd"
        volumeMounts:
        - mountPath: /etc/vernemq-passwd
          name: vernemq-passwd
          readOnly: true
      volumes:
      - name: vernemq-passwd
        secret:
          secretName: vernemq-passwd
---
apiVersion: v1
kind: Service
metadata:
  name: vernemq
  labels:
    app: vernemq
spec:
  clusterIP: None
  selector:
    app: vernemq
  ports:
  - port: 4369
    name: empd
  - port: 44053
    name: vmq
---
apiVersion: v1
kind: Service
metadata:
  name: mqtt
  labels:
    app: mqtt
spec:
  type: LoadBalancer
  selector:
    app: vernemq
  ports:
  - name: mqtt
    port: 1883
    targetPort: 1883
  - name: health
    port: 8888
    targetPort: 8888
---
apiVersion: v1
kind: ServiceAccount
metadata:
  name: vernemq
---
kind: Role
apiVersion: rbac.authorization.k8s.io/v1
metadata:
  name: endpoint-reader
rules:
- apiGroups: ["", "extensions", "apps"]
  resources: ["endpoints", "deployments", "replicasets", "pods", "statefulsets", "persistentvolumeclaims"]
  verbs: ["get", "patch", "list", "watch", "delete"]
---
kind: RoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
  name: endpoint-reader
subjects:
- kind: ServiceAccount
  name: vernemq
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: Role
  name: endpoint-reader
---
apiVersion: autoscaling/v1
kind: HorizontalPodAutoscaler
metadata:
  name: vernemq
spec:
  scaleTargetRef:
    apiVersion: apps/v1
    kind: StatefulSet
    name: vernemq
  minReplicas: 1
  maxReplicas: 1
  targetCPUUtilizationPercentage: 80

I'm not able to find out what is the mistake I'm doing here

kubernetes amazon-eks mqtt-vernemq
Original Q&A
0

There are 0 answers

Related Questions in KUBERNETES

Related Questions in AMAZON-EKS

Related Questions in MQTT-VERNEMQ

Popular Questions

Popular Tags

javascript python java c# php android html jquery c++ css ios sql mysql r reactjs node.js arrays c asp.net json python-3.x ruby-on-rails .net sql-server swift django angular objective-c pandas excel

Trending Questions