Access the MQTT Broker Outside the Cluster
2 minute read
By default the MQTT Broker is only available from within the cluster, therefore you cannot access it from external applications.
You can enable external access from the MQTT Broker configuration.
Before you begin
You need to have a UMH cluster. If you do not already have a cluster, you can create one by using the Management Console .
Enable external access from MQTT Broker configuration
From UMHLens / OpenLens, go to Network > Services.
Find the
united-manufacturing-hub-mqttService.The MQTT service name has changed since version 0.9.10. If you are using an older version, use
united-manufacturing-hub-vernemqinstead ofunited-manufacturing-hub-mqtt.Click the Edit button.
Scroll down to the
status.loadBalancersection and change it to the following:status: loadBalancer: ingress: - ip: <external-ip>Replace
<external-ip>with the external IP address of the node.Scroll to the
spec.typesection and change the value from ClusterIp to LoadBalancer.Click Save to apply the changes.
Now you can connect to the MQTT broker from outside the Kubernetes cluster using the external IP address of the node as the hostname. The port is 1883.
Security considerations
There are some security considerations to keep in mind when exposing the MQTT broker.
By default, the MQTT broker is configured to allow anonymous connections. This means that anyone can connect to the broker without providing any credentials. This is not recommended for production environments.
To secure the MQTT broker, you can configure it to require authentication. For that, you can either enable RBAC or set up HiveMQ PKI (recommended for production environments).
If you are using a version of the United Manufacturing Hub older than 0.9.10, then you need to change the ACL configuration to allow your MQTT client to connect to the broker.
What’s next
- See Access Kafka Outside the Cluster
- See Access Factoryinsight Outside the Cluster
- See Access Services from Within the Cluster