HiveMQ Platform Operator for Kubernetes 1.6.0 is now available!

The HiveMQ Team is excited to announce the release of HiveMQ Platform Operator for Kubernetes Operator 1.6.0. This release changes the base container image of the operator, adds numerous configuration options to the HiveMQ Helm charts, and provides bug fixes and improvements for the HiveMQ Platform Operator.

IMPORTANT: Starting with version 1.6.0, the HiveMQ Platform Operator uses the same base container image as the HiveMQ Platform. The previous base container image was based on Red Hat Enterprise Linux (RHEL) 9. The current HiveMQ Platform base container image is provided by the Eclipse Foundation and is based on Ubuntu 22.04. This alignment improves the security of the operator base image and simplifies image management. Find more information on HiveMQ and container images, see HiveMQ and Docker.

Highlights

• Added configuration options in the HiveMQ Helm charts.

Flexible New HiveMQ Helm Chart Configuration Options

New support for custom logging configurations

HiveMQ implements a powerful Logback logging system that helps you diagnose and troubleshoot your HiveMQ application. Now, the HiveMQ Helm Chart allows you to override the default HiveMQ Platform cluster Logback logging configuration file with a customized logback.xml configuration. Custom logback.xml files can be added and removed dynamically at runtime without triggering a rolling restart. For more information on the HiveMQ Logback logging configuration options, see Logging.

After you create your custom Logback configuration file, use the following Helm command to override the default:

helm install <your-hivemq-platform> hivemq/hivemq-platform --set-file 
config.customLogbackConfig=your-logback-config.xml

Added support for HiveMQ proxy configuration

The HiveMQ Platform supports the PROXY protocol for all listeners. The TCP-based PROXY protocol allows you to transport client details such as the IP address and port over multiple proxies. Now, you can configure the HiveMQ PROXY protocol as part of the services configuration in the HiveMQ Platform Helm chart. For more information on the HiveMQ Proxy Protocol Enterprise feature, see PROXY Protocol.

Example to enable the PROXY protocol in the Services section of the HiveMQ Platform Helm chart:

services:
  - type: mqtt
    exposed: true
    containerPort: 1883
    hivemqProxyProtocol: true

Extended support for license configuration

The HiveMQ Platform Helm chart gives you several options for deploying your licenses. License data can be inlined into the values.yaml file, set from one or more files, or provided in an existing Kubernetes Secret. Our newly extended HiveMQ Platform Helm chart provides license configuration options for all HiveMQ license types including HiveMQ Enterprise Extensions, HiveMQ Data Hub, and additional HiveMQ licenses.

The new additionalLicenses option allows you to use multiple HiveMQ licenses simultaneously. This can be helpful when your existing HiveMQ license is about to expire and you need to verify that your renewed license is correct. For more information, see Multiple HiveMQ Licenses.

Example to inline HiveMQ licenses into the values.yaml file:

license:
  - create: true
    data: base-64 string of HiveMQ main license
    additionalLicenses: 
      new-license: 
        data: base-64 string of updated HiveMQ main license
    extensions:
      hivemq-kafka-extension-license: 
        data: base-64 string of Enterprise Extension for Kafka
      hivemq-security-extension-license:
        data: base-64 string of Enterprise Security Extension

Example to set multiple HiveMQ licenses from files:

helm upgrade --install <my-hivemq-platform> hivemq/hivemq-platform --set license.create=true --set-file license.overrideLicense=files/license.lic --set-file license.dataHub.license.overrideLicense=files/license.plic --set-file license.extensions.kafka.overrideLicense=files/kafka-license.elic

Added Kubernetes container security context configuration

HiveMQ Platform Operator 1.6.0 introduces the option to define a Kubernetes Security Context for your HiveMQ Platform containers. This new configuration option expands the existing configuration option for the Pod Security Context. Keep in mind that options in the Container Security Context take precedence over options in the Pod Security Context. This behavior is defined by Kubernetes.

Example to set the Container Security Context:

containerSecurityContext:
  runAsNonRoot: true
  allowPrivilegeEscalation: false

Added HiveMQ and extension configuration in Kubernetes secrets

New options are now available to deploy your HiveMQ configuration and your HiveMQ Enterprise Extension configurations as Kubernetes Secrets (in addition to the current option to use a Kubernetes ConfigMap).

Example to configure a Kubernetes Secret for the HiveMQ configuration and the Kafka extension configuration:

config:
  create: true
  createAs: Secret

extensions:
  - name: hivemq-kafka-extension
    enabled: true
    supportsHotReload: true
    secretName: "my-kafka-extension-secret-name"

Added configuration for HiveMQ listener names

You now have the option to define custom HiveMQ MQTT listener and WebSocket listener names in the HiveMQ Platform Helm chart. Custom names can be helpful in various scenarios. For example, listener names can be referred to in the Enterprise Security Extension configuration to achieve an exact authentication and authorization behavior for a specific listener.

Example to set a custom HiveMQ listener name in the Service section:

services:
  - type: mqtt
    exposed: true
    containerPort: 1883
    hivemqListenerName: my-custom-listener-name

Additional Features and Improvements

HiveMQ Platform Operator Helm Charts

• Added a toggle switch in the HiveMQ Platform Operator Helm chart to disable automatic CRD creation.
• Changed the default CPU resources in the HiveMQ Platform Operator Helm chart and HiveMQ Platform Helm chart from 1024 to 1000 millicores.
• Added the option to configure session affinity for services in the HiveMQ Platform Helm chart.
• Fixed an issue in the HiveMQ Platform Operator Helm chart that could prevent the correct creation of the Platform Operator service when the serviceAccount.create value is not enabled.
• Added the option to skip HTTPS certificate validation and hostname verification for custom extension and extension customization downloads to the HiveMQ Platform Helm chart.

HiveMQ Platform Operator for Kubernetes

• Fixed an issue that initiated an unnecessary rolling restart for changes on files other than the config.xml in the ConfigMap.
• Updated the HiveMQ DNS Cluster Discovery and Prometheus extensions to the latest versions.
• Improved validation and error handling for extension configurations that use Kubernetes Secrets.
• Fixed an issue with operations executed on the HiveMQ Pods that could lead to erroneous timeout detection.

HiveMQ Swarm Helm Chart

• Updated the HiveMQ Swarm Helm chart and removed the Prometheus Monitoring Stack dependency to ensure proper installation on Kubernetes cluster version 1.24 or lower.

Get Started Today

To get started with the new HiveMQ Platform Operator, see our HiveMQ Platform Operator Quick Start Guide.

To update from a previous version of the HiveMQ Platform Operator for Kubernetes, you need to update your HiveMQ Platform custom resource definition (CRD). For step-by-step instructions, see our Upgrade Guide.

To learn more about our new operator, see HiveMQ Platform Operator for Kubernetes.