feat: Add MQTT ingress and remove mgmt references (enterprise)

deploy/charts/emqx-enterprise/README.md

@@ -40,7 +40,7 @@ The following table lists the configurable parameters of the emqx chart and thei
 | Parameter | Description | Default Value |
 |--------------------------------------|--------------------------------------------------------------------------------------------------------------------------------------------------------------|---------------------------------------------------------|
 | `replicaCount` | It is recommended to have odd number of nodes in a cluster, otherwise the emqx cluster cannot be automatically healed in case of net-split. | 3 |
-| `image.repository` | EMQX Image name | `emqx/emqx-enterprise` |
+| `image.repository` | EMQX Image name | emqx/emqx |
 | `image.pullPolicy` | The image pull policy | IfNotPresent |
 | `image.pullSecrets ` | The image pull secrets | `[]` (does not add image pull secrets to deployed pods) |
 | `serviceAccount.create` | If `true`, create a new service account | `true` |
@@ -68,28 +68,30 @@ The following table lists the configurable parameters of the emqx chart and thei
 | `service.dashboard` | Port for dashboard and API. | 18083 |
 | `service.nodePorts.mqtt` | Kubernetes node port for MQTT. | nil |
 | `service.nodePorts.mqttssl` | Kubernetes node port for MQTT(SSL). | nil |
-| `service.nodePorts.mgmt` | Kubernetes node port for mgmt API. | nil |
 | `service.nodePorts.ws` | Kubernetes node port for WebSocket/HTTP. | nil |
 | `service.nodePorts.wss` | Kubernetes node port for WSS/HTTPS. | nil |
 | `service.nodePorts.dashboard` | Kubernetes node port for dashboard. | nil |
 | `service.loadBalancerIP` | loadBalancerIP for Service | nil |
 | `service.loadBalancerSourceRanges` | Address(es) that are allowed when service is LoadBalancer | [] |
 | `service.externalIPs` | ExternalIPs for the service | [] |
-`service.externalTrafficPolicy` |	External Traffic Policy for the service |	`Cluster`
+| `service.externalTrafficPolicy` |	External Traffic Policy for the service |	`Cluster`
 | `service.annotations` | Service annotations | {}(evaluated as a template) |
 | `ingress.dashboard.enabled` | Enable ingress for EMQX Dashboard | false |
 | `ingress.dashboard.ingressClassName` | Set the ingress class for EMQX Dashboard | |
 | `ingress.dashboard.path` | Ingress path for EMQX Dashboard | / |
 | `ingress.dashboard.pathType` | Ingress pathType for EMQX Dashboard | `ImplementationSpecific` |
-| `ingress.dashboard.hosts` | Ingress hosts for EMQX Mgmt API | dashboard.emqx.local |
+| `ingress.dashboard.hosts` | Ingress hosts for EMQX Dashboard | dashboard.emqx.local |
-| `ingress.dashboard.tls` | Ingress tls for EMQX Mgmt API | [] |
+| `ingress.dashboard.tls` | Ingress tls for EMQX Dashboard | [] |
-| `ingress.dashboard.annotations` | Ingress annotations for EMQX Mgmt API | {} |
+| `ingress.dashboard.annotations` | Ingress annotations for EMQX Dashboard | {} |
-| `ingress.mgmt.enabled` | Enable ingress for EMQX Mgmt API | false |
+| `ingress.dashboard.ingressClassName` | Set the ingress class for EMQX Dashboard | |
-| `ingress.dashboard.ingressClassName` | Set the ingress class for EMQX Mgmt API | |
+| `ingress.mqtt.enabled` | Enable ingress for MQTT | false |
-| `ingress.mgmt.path` | Ingress path for EMQX Mgmt API | / |
+| `ingress.mqtt.ingressClassName` | Set the ingress class for MQTT | |
-| `ingress.mgmt.hosts` | Ingress hosts for EMQX Mgmt API | api.emqx.local |
+| `ingress.mqtt.path` | Ingress path for MQTT | / |
-| `ingress.mgmt.tls` | Ingress tls for EMQX Mgmt API | [] |
+| `ingress.mqtt.pathType` | Ingress pathType for MQTT | `ImplementationSpecific` |
-| `ingress.mgmt.annotations` | Ingress annotations for EMQX Mgmt API | {} |
+| `ingress.mqtt.hosts` | Ingress hosts for MQTT | mqtt.emqx.local |
+| `ingress.mqtt.tls` | Ingress tls for MQTT | [] |
+| `ingress.mqtt.annotations` | Ingress annotations for MQTT | {} |
+| `ingress.mqtt.ingressClassName` | Set the ingress class for MQTT | |
 | `metrics.enable` | If set to true, [prometheus-operator](https://github.com/prometheus-operator/prometheus-operator) needs to be installed, and emqx_prometheus needs to enable | false |
 | `metrics.type` | Now we only supported "prometheus" | "prometheus" |
 | `ssl.enabled` | Enable SSL support | false |
@@ -121,3 +123,17 @@ which needs to explicitly configured by either changing the emqx config file or
 
 If you chose to use an existing certificate, make sure, you update the filenames accordingly.
 
+## Tips
+Enable the Proxy Protocol V1/2 if the EMQX cluster is deployed behind HAProxy or Nginx.
+In order to preserve the original client's IP address, you could change the emqx config by passing the following environment variable:
+
+```
+EMQX_LISTENERS__TCP__DEFAULT__PROXY_PROTOCOL: "true"
+```
+
+With haproxy you'd also need the following ingress annotation:
+
+```
+haproxy-ingress.github.io/proxy-protocol: "v2"
+```
+

deploy/charts/emqx-enterprise/templates/ingress.yaml

@@ -48,3 +48,53 @@ spec:
   {{- end }}
 ---
 {{- end }}
+{{- if .Values.ingress.mqtt.enabled -}}
+{{- if semverCompare ">=1.19-0" .Capabilities.KubeVersion.GitVersion -}}
+apiVersion: networking.k8s.io/v1
+{{- else if semverCompare ">=1.14-0" .Capabilities.KubeVersion.GitVersion -}}
+apiVersion: networking.k8s.io/v1beta1
+{{- else -}}
+apiVersion: extensions/v1beta1
+{{- end }}
+kind: Ingress
+metadata:
+  name: {{ printf "%s-%s" (include "emqx.fullname" .) "mqtt" }}
+  labels:
+    app.kubernetes.io/name: {{ include "emqx.name" . }}
+    helm.sh/chart: {{ include "emqx.chart" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{- if .Values.ingress.mqtt.annotations }}
+  annotations:
+    {{- toYaml .Values.ingress.mqtt.annotations | nindent 4 }}
+  {{- end }}
+spec:
+{{- if and .Values.ingress.mqtt.ingressClassName (semverCompare ">=1.18-0" .Capabilities.KubeVersion.GitVersion) }}
+  ingressClassName: {{ .Values.ingress.mqtt.ingressClassName }}
+{{- end }}
+  rules:
+  {{- range $host := .Values.ingress.mqtt.hosts }}
+  - host: {{ $host }}
+    http:
+      paths:
+      - path: {{ $.Values.ingress.mqtt.path | default "/" }}
+        {{- if (semverCompare ">=1.18-0" $.Capabilities.KubeVersion.GitVersion) }}
+        pathType: {{ $.Values.ingress.mqtt.pathType | default "ImplementationSpecific" }}
+        {{- end }}
+        backend:
+          {{- if semverCompare ">=1.19-0" $.Capabilities.KubeVersion.GitVersion }}
+          service:
+            name: {{ include "emqx.fullname" $ }}
+            port:
+              number: {{ $.Values.service.mqtt }}
+          {{- else }}
+          serviceName: {{ include "emqx.fullname" $ }}
+          servicePort: {{ $.Values.service.mqtt }}
+          {{- end }}
+  {{- end -}}
+  {{- if .Values.ingress.mqtt.tls }}
+  tls:
+    {{- toYaml .Values.ingress.mqtt.tls | nindent 4 }}
+  {{- end }}
+---
+{{- end }}

deploy/charts/emqx-enterprise/values.yaml

@@ -189,6 +189,20 @@ ingress:
     hosts:
     - dashboard.emqx.local
     tls: []
+  ## ingress for MQTT
+  mqtt:
+    enabled: false
+    # ingressClassName: haproxy
+    annotations: {}
+      # kubernetes.io/ingress.class: haproxy
+      # kubernetes.io/tls-acme: "true"
+      # haproxy-ingress.github.io/tcp-service-port: "8883"
+      # haproxy-ingress.github.io/proxy-protocol: "v2"
+    path: /
+    pathType: ImplementationSpecific
+    hosts:
+    - mqtt.emqx.local
+    tls: []
 
 podSecurityContext:
   enabled: true

deploy/charts/emqx/README.md

@@ -123,3 +123,17 @@ which needs to explicitly configured by either changing the emqx config file or
 
 If you chose to use an existing certificate, make sure, you update the filenames accordingly.
 
+## Tips
+Enable the Proxy Protocol V1/2 if the EMQX cluster is deployed behind HAProxy or Nginx.
+In order to preserve the original client's IP address, you could change the emqx config by passing the following environment variable:
+
+```
+EMQX_LISTENERS__TCP__DEFAULT__PROXY_PROTOCOL: "true"
+```
+
+With haproxy you'd also need the following ingress annotation:
+
+```
+haproxy-ingress.github.io/proxy-protocol: "v2"
+```
+