docker-vernemq icon indicating copy to clipboard operation
docker-vernemq copied to clipboard
verified publisher icon vernemq

ACL using environment variables

Open dannyyy opened this issue 5 years ago • 8 comments

In the README.md is noted that new users can be created through environment variables in the form of DOCKER_VERNEMQ_USER_<USERNAME>='password'.

Is there a similar way to define the ACLs for the created users through environment variables?

I guess I can create a secret to mount the vmq.passwd and vmq.acl and change the path to these files with DOCKER_VERNEMQ_VMQ_PASSWD__PASSWORD_FILE and ´DOCKER_VERNEMQ_VMQ_ACL__.ACL_FILE´. But an easier way would be preferable over managing different files.

dannyyy avatar Jan 11 '20 15:01 dannyyy

@dannyyy , did you manage to set ACL rules via environment variables or some other way?

mladen-djordjevic avatar Apr 16 '20 14:04 mladen-djordjevic

I managed to do it by creating a configmap containing the vmq.acl file like

apiVersion: v1
kind: ConfigMap
metadata:  
  name: vernemq-acl
  labels:
{{ include "labels" . | indent 4}}    
data:  
  vernemq-acl: |-  
{{ .Files.Get .Values.vernemq.acl | indent 4 }}

and, later, referencing it on values.yaml with the extra volume options:

extraVolumeMounts:
    - name: vernemq-acl
      mountPath: /vernemq/etc/vmq.acl
      subPath: vernemq-acl 
      readOnly: true  
extraVolumes:
    - name: vernemq-acl
      configMap:
        name: vernemq-acl

masantiago avatar Sep 13 '20 16:09 masantiago

@masantiago great, they should document it somewhere right?

cedricve avatar Feb 28 '21 20:02 cedricve

I managed to do it by creating a configmap containing the vmq.acl file like

apiVersion: v1
kind: ConfigMap
metadata:  
  name: vernemq-acl
  labels:
{{ include "labels" . | indent 4}}    
data:  
  vernemq-acl: |-  
{{ .Files.Get .Values.vernemq.acl | indent 4 }}

and, later, referencing it on values.yaml with the extra volume options:

extraVolumeMounts:
    - name: vernemq-acl
      mountPath: /vernemq/etc/vmq.acl
      subPath: vernemq-acl 
      readOnly: true  
extraVolumes:
    - name: vernemq-acl
      configMap:
        name: vernemq-acl

@masantiago Did you made changes to the help project, to include that configmap or ?

cedricve avatar Feb 28 '21 20:02 cedricve

@cedricve I compiled this configmap as part of my own deployment. BTW, I'm not up-to-date in the version of vernemq helm, so there might be anything that can help to do it easier. I assume you already checked it right?

masantiago avatar Feb 28 '21 20:02 masantiago

correct they didnt integrate it in the helm repository, thats why i was asking myself how you did it.

cedricve avatar Mar 01 '21 07:03 cedricve

they should document it somewhere right?

"they" should do a lot of things, shouldn't they :)

Open and hoping for PRs if you have clear improvements.

ioolkos avatar Mar 01 '21 07:03 ioolkos

@ioolkos sorry wasnt meant like that. I actually meant "we" ;)

cedricve avatar Mar 01 '21 07:03 cedricve