You need to install the operator. Once you have installed the operator, you can create a new hawkBit instance by
create a new custom resource of type Hawkbit
.
The operator is available on OperatorHub.
You can also install the operator using Helm:
helm install hawkbit-operator ./helm/hawkbit-operator
On OpenShift, you can also build a local instance using S2I:
helm install hawkbit-operator ./helm/hawkbit-operator --set s2i.enabled=true --set openshift.enabled=true
The following sections describe briefly what is required to create a new instance.
hawkBit requires a database to run. You can provide an existing database instance, or you can choose from the following options:
This can be achieved by using the following database
configuration in the Hawkbit
resource:
spec:
database:
embedded: {}
NOTE: This uses an embedded instance of H2. This is only intended for testing.
NOTE: This currently requires a manually provide hawkBit image.
helm install hawkbit-db bitnami/postgresql --set securityContext.enabled=false --set postgresqlDatabase=hawkbit --set postgresqlUsername=hawkbit --set postgresqlPassword=hawkbit
And use the following database
configuration in the Hawkbit
resource:
spec:
database:
postgres:
database: hawkbit
host: hawkbit-db-postgresql
username: hawkbit
passwordSecret:
name: hawkbit-db-postgresql
field: postgresql-password
helm install hawkbit-db bitnami/mysql --set master.securityContext.enabled=false --set db.name=hawkbit --set db.user=hawkbit --set db.password=hawkbit --set replication.enabled=false
Use the following database
configuration in the Hawkbit
resource:
spec:
database:
mysql:
database: hawkbit
host: hawkbit-db-mysql
username: hawkbit
passwordSecret:
name: hawkbit-db-mysql
field: mysql-password
Eclipse hawkBit requires a RabbitMQ broker. You can use an existing instance or let the operator manage one for you.
spec:
rabbit:
managed: {}
helm install hawkbit-rabbit bitnami/rabbitmq --set podSecurityContext= --set auth.username=hawkbit --set auth.password=hawkbit
Use the following configuration:
spec:
rabbit:
external:
host: hawkbit-rabbit-rabbitmq
username: hawkbit
passwordSecret:
name: hawkbit-rabbit-rabbitmq
field: rabbitmq-password
The console requires some kind of authentication/authorization backend:
Basic username/password
By default, the operator creates static username/password combination for login in to the hawkBit instance.
Once the instance is deployed, you can retrieve the information using the following commands:
kubectl get secret default-admin -o jsonpath='{.data.adminUsername}' | base64 -d
kubectl get secret default-admin -o jsonpath='{.data.adminPassword}' | base64 -d | cut -c7-
You can update the secret with your own credentials, and the operator will reconcile the deployment.
Using OAuth2 with Keycloak
It is also possible to use Keycloak as a sign-on solution. To enable Keycloak, you need to:
Use the following configuration:
spec:
signOn:
keycloak: {}
This will create a new Keycloak instance, realm, client, and initial admin user. You can retrieve the access credentials using the following command once the instance is deployed:
kubectl describe keycloakuser default-admin
Also, see the snippets above or the other examples: examples/.
kind: Hawkbit
apiVersion: iot.eclipse.org/v1alpha1
metadata:
name: default
spec:
database:
embedded: {}
rabbit:
managed: {}