feat(helm-chart): split ingress into separate files for readability

feat(helm-chart): fix ingress to allow custom user path as need (eg. mgmt) feat(helm-chart): revised README to include missing contents
2022-01-25 11:57:20 +00:00 · 2022-01-25 11:57:20 +00:00 · ec902871cf
parent 268b1ded50
commit ec902871cf
5 changed files with 188 additions and 99 deletions
--- a/deploy/charts/emqx/README.md
+++ b/deploy/charts/emqx/README.md
@ -1,5 +1,5 @@
 # Introduction
-This chart bootstraps an emqx deployment on a Kubernetes cluster using the Helm package manager. 
+This chart bootstraps an emqx deployment on a Kubernetes (K8s) cluster using the Helm package manager.

 # Prerequisites
 + Kubernetes 1.6+
@ -8,7 +8,7 @@ This chart bootstraps an emqx deployment on a Kubernetes cluster using the Helm
 # Installing the Chart
 To install the chart with the release name `my-emqx`:

-+   From github 
+   From github
    ```
    $ git clone https://github.com/emqx/emqx.git
    $ cd emqx/deploy/charts/emqx
@ -29,51 +29,69 @@ $ helm del  my-emqx
 ```

 # Configuration
-The following table lists the configurable parameters of the emqx chart and their default values.
+The following sections describe the configurable parameters of the EMQx chart and their default values.
+## Kubernetes-specific
+The following table lists the configurable K8s parameters of the EMQx chart and their default values.
+| Parameter  | Description | Default Value
+| ---        |  ---        | ---
+| `replicaCount` | It is recommended to have odd number of nodes in a cluster, otherwise the emqx cluster cannot be automatically healed in case of net-split. | `3`
+| `image.repository` | EMQ X Image name | `emqx/emqx`
+| `image.pullPolicy`  | The image pull policy  | `IfNotPresent`
+| `image.pullSecrets `  | The image pull secrets (does not add image pull secrets to deployed pods)  |``[]``
+| `envFromSecret` | The name pull a secret in the same kubernetes namespace which contains values that will be added to the environment | `nil`
+| `recreatePods` | Forces the recreation of pods during upgrades, which can be useful to always apply the most recent configuration. | `false`
+| `persistence.enabled` | Enable EMQX persistence using PVC | `false`
+| `persistence.storageClass` | Storage class of backing PVC (uses alpha storage class annotation) | `nil`
+| `persistence.existingClaim` | EMQ X data Persistent Volume existing claim name, evaluated as a template | `""`
+| `persistence.accessMode` | PVC Access Mode for EMQX volume | `ReadWriteOnce`
+| `persistence.size` | PVC Storage Request for EMQX volume | `20Mi`
+| `initContainers` | Containers that run before the creation of EMQX containers. They can contain utilities or setup scripts. |`{}`
+| `resources` | CPU/Memory resource requests/limits |`{}`
+| `nodeSelector` | Node labels for pod assignment |`{}`
+| `tolerations` | Toleration labels for pod assignment |``[]``
+| `affinity` | Map of node/pod affinities |`{}`
+| `service.type`  | Kubernetes Service type. | `ClusterIP`
+| `service.mqtt`  | Port for MQTT. | `1883`
+| `service.mqttssl` | Port for MQTT(SSL). | `8883`
+| `service.mgmt`  | Port for mgmt API. | `8081`
+| `service.ws`  | Port for WebSocket/HTTP. | `8083`
+| `service.wss`  | Port for WSS/HTTPS. | `8084`
+| `service.dashboard`  | Port for dashboard. | `18083`
+| `service.nodePorts.mqtt`  | Kubernetes node port for MQTT. | `nil`
+| `service.nodePorts.mqttssl` | Kubernetes node port for MQTT(SSL). | `nil`
+| `service.nodePorts.mgmt`  | Kubernetes node port for mgmt API. | `nil`
+| `service.nodePorts.ws`  | Kubernetes node port for WebSocket/HTTP. | `nil`
+| `service.nodePorts.wss`  | Kubernetes node port for WSS/HTTPS. | `nil`
+| `service.nodePorts.dashboard`  | Kubernetes node port for dashboard. | `nil`
+| `service.loadBalancerIP`  | loadBalancerIP for Service |	`nil`
+| `service.loadBalancerSourceRanges` |	Address(es) that are allowed when service is LoadBalancer |	`[]`
+| `service.externalIPs` |	ExternalIPs for the service |	`[]`
+| `service.annotations` |	Service annotations (evaluated as a template) |	`{}`
+| `ingress.dashboard.enabled` |	Enable ingress for EMQX Dashboard |	false
+| `ingress.dashboard.ingressClassName` |	Set the ingress class for EMQX Dashboard
+| `ingress.dashboard.path` | Ingress path for EMQX Dashboard |	`/`
+| `ingress.dashboard.hosts` | Ingress hosts for EMQX Mgmt API |	dashboard.emqx.local
+| `ingress.dashboard.tls` | Ingress tls for EMQX Mgmt API |	`[]`
+| `ingress.dashboard.annotations` | Ingress annotations for EMQX Mgmt API |	`{}`
+| `ingress.mgmt.enabled` |	Enable ingress for EMQX Mgmt API |	`false`
+| `ingress.mqtt.ingressClassName` |	Set the ingress class for EMQX Mgmt API | `nil`
+| `ingress.mgmt.path` | Ingress path for EMQX Mgmt API | `/`
+| `ingress.mgmt.hosts` | Ingress hosts for EMQX Mgmt API |	`api.emqx.local`
+| `ingress.mgmt.tls` | Ingress tls for EMQX Mgmt API |	`[]`
+| `ingress.mgmt.annotations` | Ingress annotations for EMQX Mgmt API |	`{}`
+| `ingress.wss.enabled` |	Enable ingress for EMQX Mgmt API |	`false`
+| `ingress.wss.ingressClassName` |	Set the ingress class for EMQX Mgmt API | `nil`
+| `ingress.wss.path` | Ingress path for EMQX WSS |	`/`
+| `ingress.wss.hosts` | Ingress hosts for EMQX WSS |    `wss.emqx.local`
+| `ingress.wss.tls` | Ingress tls for EMQX WSS |	`[]`
+| `ingress.wss.annotations` | Ingress annotations for EMQX WSS |	`{}`

-| Parameter  | Description | Default Value |
-| ---        |  ---        | ---           |
-| `replicaCount` | It is recommended to have odd number of nodes in a cluster, otherwise the emqx cluster cannot be automatically healed in case of net-split. |3|
-| `image.repository` | EMQ X Image name |emqx/emqx|
-| `image.pullPolicy`  | The image pull policy  |IfNotPresent|
-| `image.pullSecrets `  | The image pull secrets  |`[]` (does not add image pull secrets to deployed pods)|
-| `recreatePods` | Forces the recreation of pods during upgrades, which can be useful to always apply the most recent configuration. | false |
-| `persistence.enabled` | Enable EMQX persistence using PVC |false|
-| `persistence.storageClass` | Storage class of backing PVC |`nil` (uses alpha storage class annotation)|
-| `persistence.existingClaim` | EMQ X data Persistent Volume existing claim name, evaluated as a template |""|
-| `persistence.accessMode` | PVC Access Mode for EMQX volume |ReadWriteOnce|
-| `persistence.size` | PVC Storage Request for EMQX volume |20Mi|
-| `initContainers` | Containers that run before the creation of EMQX containers. They can contain utilities or setup scripts. |`{}`|
-| `resources` | CPU/Memory resource requests/limits |{}|
-| `nodeSelector` | Node labels for pod assignment |`{}`|
-| `tolerations` | Toleration labels for pod assignment |`[]`|
-| `affinity` | Map of node/pod affinities |`{}`|
-| `service.type`  | Kubernetes Service type. |ClusterIP|
-| `service.mqtt`  | Port for MQTT. |1883|
-| `service.mqttssl` | Port for MQTT(SSL). |8883|
-| `service.mgmt`  | Port for mgmt API. |8081|
-| `service.ws`  | Port for WebSocket/HTTP. |8083|
-| `service.wss`  | Port for WSS/HTTPS. |8084|
-| `service.dashboard`  | Port for dashboard. |18083|
-| `service.nodePorts.mqtt`  | Kubernetes node port for MQTT. |nil|
-| `service.nodePorts.mqttssl` | Kubernetes node port for MQTT(SSL). |nil|
-| `service.nodePorts.mgmt`  | Kubernetes node port for mgmt API. |nil|
-| `service.nodePorts.ws`  | Kubernetes node port for WebSocket/HTTP. |nil|
-| `service.nodePorts.wss`  | Kubernetes node port for WSS/HTTPS. |nil|
-| `service.nodePorts.dashboard`  | Kubernetes node port for dashboard. |nil|
-| `service.loadBalancerIP`  | loadBalancerIP for Service |	nil |
-| `service.loadBalancerSourceRanges` |	Address(es) that are allowed when service is LoadBalancer |	[] |
-| `service.externalIPs` |      ExternalIPs for the service |   [] |
-| `service.annotations` |	Service annotations |	{}(evaluated as a template)|
-| `ingress.dashboard.enabled` |	Enable ingress for EMQX Dashboard |	false |
-| `ingress.dashboard.path` | Ingress path for EMQX Dashboard |	/ |
-| `ingress.dashboard.hosts` | Ingress hosts for EMQX Mgmt API |	dashboard.emqx.local |
-| `ingress.dashboard.tls` | Ingress tls for EMQX Mgmt API |	[] |
-| `ingress.dashboard.annotations` | Ingress annotations for EMQX Mgmt API |	{} |
-| `ingress.mgmt.enabled` |	Enable ingress for EMQX Mgmt API |	false |
-| `ingress.mgmt.path` | Ingress path for EMQX Mgmt API |	/ |
-| `ingress.mgmt.hosts` | Ingress hosts for EMQX Mgmt API |	api.emqx.local |
-| `ingress.mgmt.tls` | Ingress tls for EMQX Mgmt API |	[] |
-| `ingress.mgmt.annotations` | Ingress annotations for EMQX Mgmt API |	{} |
-| `emqxConfig` | Emqx configuration item, see the [documentation](https://hub.docker.com/r/emqx/emqx) | |
-| `emqxAclConfig` | Emqx acl configuration item, see the [documentation](https://docs.emqx.io/broker/latest/en/advanced/acl-file.html) | |
+## EMQx-specific
+The following table lists the configurable EMQx parameters of the EMQx chart and their default values.
+| Parameter  | Description | Default Value
+| ---        |  ---        | ---
+| `emqxConfig` | [Global configuration](https://hub.docker.com/r/emqx/emqx) items | `nil`
+| `emqxLicenseSecretName` | Name of the secret that holds the license information | `nil`
+| `emqxAclConfig` | [ACL]((https://docs.emqx.io/broker/latest/en/advanced/acl-file.html)) configuration | `{allow, {user, "dashboard"}, subscribe, ["$SYS/#"]}. {allow, {ipaddr, "127.0.0.1"}, pubsub, ["$SYS/#", "#"]}. {deny, all, subscribe, ["$SYS/#", {eq, "#"}]}. {allow, all}.`
+| `emqxLoadedModules` | Modules to load on start | `{emqx_mod_acl_internal, true}. {emqx_mod_presence, true}. {emqx_mod_delayed, false}. {emqx_mod_rewrite, false}. {emqx_mod_subscription, false}. {emqx_mod_topic_metrics, false}.`
+| `emqxLoadedPlugins` | Plugins to load on start | `{emqx_management, true}. {emqx_recon, true}. {emqx_retainer, true}. {emqx_dashboard, true}. {emqx_telemetry, true}. {emqx_rule_engine, true}. {emqx_bridge_mqtt, false}.`
--- a/deploy/charts/emqx/templates/ingress.dashboard.yaml
+++ b/deploy/charts/emqx/templates/ingress.dashboard.yaml
@ -48,53 +48,3 @@ spec:
  {{- end }}
 ---
 {{- end }}
-{{- if .Values.ingress.mgmt.enabled -}}
-{{- if semverCompare ">=1.19-0" .Capabilities.KubeVersion.GitVersion -}}
-apiVersion: networking.k8s.io/v1
-{{- else if semverCompare ">=1.14-0" .Capabilities.KubeVersion.GitVersion -}}
-apiVersion: networking.k8s.io/v1beta1
-{{- else -}}
-apiVersion: extensions/v1beta1
-{{- end }}
-kind: Ingress
-metadata:
-  name: {{ printf "%s-%s" (include "emqx.fullname" .) "mgmt" }}
-  labels:
-    app.kubernetes.io/name: {{ include "emqx.name" . }}
-    helm.sh/chart: {{ include "emqx.chart" . }}
-    app.kubernetes.io/instance: {{ .Release.Name }}
-    app.kubernetes.io/managed-by: {{ .Release.Service }}
-  {{- if .Values.ingress.mgmt.annotations }}
-  annotations:
-    {{- toYaml .Values.ingress.mgmt.annotations | nindent 4 }}
-  {{- end }}
-spec:
-{{- if and .Values.ingress.mgmt.ingressClassName (semverCompare ">=1.18-0" .Capabilities.KubeVersion.GitVersion) }}
-  ingressClassName: {{ .Values.ingress.mgmt.ingressClassName }}
-{{- end }}
-  rules:
-  {{- range $host := .Values.ingress.mgmt.hosts }}
-  - host: {{ $host }}
-    http:
-      paths:
-      - path: /
-        {{- if (semverCompare ">=1.18-0" $.Capabilities.KubeVersion.GitVersion) }}
-        pathType: ImplementationSpecific
-        {{- end }}
-        backend:
-          {{- if semverCompare ">=1.19-0" $.Capabilities.KubeVersion.GitVersion }}
-          service:
-            name: {{ include "emqx.fullname" $ }}
-            port:
-              number: {{ $.Values.service.mgmt }}
-          {{- else }}
-          serviceName: {{ include "emqx.fullname" $ }}
-          servicePort: {{ $.Values.service.mgmt }}
-          {{- end }}
-  {{- end -}}
-  {{- if .Values.ingress.mgmt.tls }}
-  tls:
-    {{- toYaml .Values.ingress.mgmt.tls | nindent 4 }}
-  {{- end }}
---
-{{- end }}
--- a/deploy/charts/emqx/templates/ingress.mgmt.yaml
+++ b/deploy/charts/emqx/templates/ingress.mgmt.yaml
@ -0,0 +1,49 @@
+{{- if .Values.ingress.mgmt.enabled -}}
+{{- if semverCompare ">=1.19-0" .Capabilities.KubeVersion.GitVersion -}}
+apiVersion: networking.k8s.io/v1
+{{- else if semverCompare ">=1.14-0" .Capabilities.KubeVersion.GitVersion -}}
+apiVersion: networking.k8s.io/v1beta1
+{{- else -}}
+apiVersion: extensions/v1beta1
+{{- end }}
+kind: Ingress
+metadata:
+  name: {{ printf "%s-%s" (include "emqx.fullname" .) "mgmt" }}
+  labels:
+    app.kubernetes.io/name: {{ include "emqx.name" . }}
+    helm.sh/chart: {{ include "emqx.chart" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{- if .Values.ingress.mgmt.annotations }}
+  annotations:
+    {{- toYaml .Values.ingress.mgmt.annotations | nindent 4 }}
+  {{- end }}
+spec:
+{{- if and .Values.ingress.mgmt.ingressClassName (semverCompare ">=1.18-0" .Capabilities.KubeVersion.GitVersion) }}
+  ingressClassName: {{ .Values.ingress.mgmt.ingressClassName }}
+{{- end }}
+  rules:
+  {{- range $host := .Values.ingress.mgmt.hosts }}
+  - host: {{ $host }}
+    http:
+      paths:
+      - path: {{ $.Values.ingress.mgmt.path | default "/" }}
+        {{- if (semverCompare ">=1.18-0" $.Capabilities.KubeVersion.GitVersion) }}
+        pathType: ImplementationSpecific
+        {{- end }}
+        backend:
+          {{- if semverCompare ">=1.19-0" $.Capabilities.KubeVersion.GitVersion }}
+          service:
+            name: {{ include "emqx.fullname" $ }}
+            port:
+              number: {{ $.Values.service.mgmt }}
+          {{- else }}
+          serviceName: {{ include "emqx.fullname" $ }}
+          servicePort: {{ $.Values.service.mgmt }}
+          {{- end }}
+  {{- end -}}
+  {{- if .Values.ingress.mgmt.tls }}
+  tls:
+    {{- toYaml .Values.ingress.mgmt.tls | nindent 4 }}
+  {{- end }}
+{{- end }}
--- a/deploy/charts/emqx/templates/ingress.wss.yaml
+++ b/deploy/charts/emqx/templates/ingress.wss.yaml
@ -0,0 +1,49 @@
+{{- if .Values.ingress.wss.enabled -}}
+{{- if semverCompare ">=1.19-0" .Capabilities.KubeVersion.GitVersion -}}
+apiVersion: networking.k8s.io/v1
+{{- else if semverCompare ">=1.14-0" .Capabilities.KubeVersion.GitVersion -}}
+apiVersion: networking.k8s.io/v1beta1
+{{- else -}}
+apiVersion: extensions/v1beta1
+{{- end }}
+kind: Ingress
+metadata:
+  name: {{ printf "%s-%s" (include "emqx.fullname" .) "wss" }}
+  labels:
+    app.kubernetes.io/name: {{ include "emqx.name" . }}
+    helm.sh/chart: {{ include "emqx.chart" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{- if .Values.ingress.wss.annotations }}
+  annotations:
+    {{- toYaml .Values.ingress.wss.annotations | nindent 4 }}
+  {{- end }}
+spec:
+{{- if and .Values.ingress.wss.ingressClassName (semverCompare ">=1.18-0" .Capabilities.KubeVersion.GitVersion) }}
+  ingressClassName: {{ .Values.ingress.wss.ingressClassName }}
+{{- end }}
+  rules:
+  {{- range $host := .Values.ingress.wss.hosts }}
+  - host: {{ $host }}
+    http:
+      paths:
+      - path: {{ $.Values.ingress.wss.path | default "/mqtt" }}
+        {{- if (semverCompare ">=1.18-0" $.Capabilities.KubeVersion.GitVersion) }}
+        pathType: ImplementationSpecific
+        {{- end }}
+        backend:
+          {{- if semverCompare ">=1.19-0" $.Capabilities.KubeVersion.GitVersion }}
+          service:
+            name: {{ include "emqx.fullname" $ }}
+            port:
+              number: {{ $.Values.service.ws }}
+          {{- else }}
+          serviceName: {{ include "emqx.fullname" $ }}
+          servicePort: {{ $.Values.service.ws }}
+          {{- end }}
+  {{- end -}}
+  {{- if .Values.ingress.wss.tls }}
+  tls:
+    {{- toYaml .Values.ingress.wss.tls | nindent 4 }}
+  {{- end }}
+{{- end }}
--- a/deploy/charts/emqx/values.yaml
+++ b/deploy/charts/emqx/values.yaml
@ -187,6 +187,29 @@ ingress:
    - api.emqx.local
    tls: []

+  ## ingress for EMQX Mgmt API
+  wss:
+    enabled: false
+    # ingressClassName: nginx
+    annotations: {}
+      # Sample annotations for nginx-ingress community controller
+      # nginx.ingress.kubernetes.io/rewrite-target: /mqtt$1 # Use to rewrite backend path if needed
+      # nginx.ingress.kubernetes.io/backend-protocol: "http"
+      # nginx.ingress.kubernetes.io/use-forwarded-headers: "true"
+      # nginx.ingress.kubernetes.io/enable-real-ip: "true"
+      # nginx.ingress.kubernetes.io/proxy-request-buffering: "off"
+      # nginx.ingress.kubernetes.io/proxy-connect-timeout: "120"
+      # nginx.ingress.kubernetes.io/proxy-http-version: "1.1"
+      # nginx.ingress.kubernetes.io/proxy-read-timeout: "3600"
+      # nginx.ingress.kubernetes.io/proxy-send-timeout: "3600"
+      # nginx.ingress.kubernetes.io/use-proxy-protocol: "false"
+      # nginx.ingress.kubernetes.io/proxy-protocol-header-timeout: "5s"
+    path: /mqtt
+    # path: /wss(\/.*)?
+    hosts:
+    - wss.emqx.local
+    tls: []
+
 podSecurityContext:
  enabled: true
  fsGroup: 1000