diff --git a/deploy/charts/emqx/README.md b/deploy/charts/emqx/README.md index cca0e88bc..1d350a896 100644 --- a/deploy/charts/emqx/README.md +++ b/deploy/charts/emqx/README.md @@ -1,5 +1,5 @@ # Introduction -This chart bootstraps an emqx deployment on a Kubernetes cluster using the Helm package manager. +This chart bootstraps an emqx deployment on a Kubernetes (K8s) cluster using the Helm package manager. # Prerequisites + Kubernetes 1.6+ @@ -8,7 +8,7 @@ This chart bootstraps an emqx deployment on a Kubernetes cluster using the Helm # Installing the Chart To install the chart with the release name `my-emqx`: -+ From github ++ From github ``` $ git clone https://github.com/emqx/emqx.git $ cd emqx/deploy/charts/emqx @@ -29,51 +29,69 @@ $ helm del my-emqx ``` # Configuration -The following table lists the configurable parameters of the emqx chart and their default values. +The following sections describe the configurable parameters of the EMQx chart and their default values. +## Kubernetes-specific +The following table lists the configurable K8s parameters of the EMQx chart and their default values. +| Parameter | Description | Default Value +| --- | --- | --- +| `replicaCount` | It is recommended to have odd number of nodes in a cluster, otherwise the emqx cluster cannot be automatically healed in case of net-split. | `3` +| `image.repository` | EMQ X Image name | `emqx/emqx` +| `image.pullPolicy` | The image pull policy | `IfNotPresent` +| `image.pullSecrets ` | The image pull secrets (does not add image pull secrets to deployed pods) |``[]`` +| `envFromSecret` | The name pull a secret in the same kubernetes namespace which contains values that will be added to the environment | `nil` +| `recreatePods` | Forces the recreation of pods during upgrades, which can be useful to always apply the most recent configuration. | `false` +| `persistence.enabled` | Enable EMQX persistence using PVC | `false` +| `persistence.storageClass` | Storage class of backing PVC (uses alpha storage class annotation) | `nil` +| `persistence.existingClaim` | EMQ X data Persistent Volume existing claim name, evaluated as a template | `""` +| `persistence.accessMode` | PVC Access Mode for EMQX volume | `ReadWriteOnce` +| `persistence.size` | PVC Storage Request for EMQX volume | `20Mi` +| `initContainers` | Containers that run before the creation of EMQX containers. They can contain utilities or setup scripts. |`{}` +| `resources` | CPU/Memory resource requests/limits |`{}` +| `nodeSelector` | Node labels for pod assignment |`{}` +| `tolerations` | Toleration labels for pod assignment |``[]`` +| `affinity` | Map of node/pod affinities |`{}` +| `service.type` | Kubernetes Service type. | `ClusterIP` +| `service.mqtt` | Port for MQTT. | `1883` +| `service.mqttssl` | Port for MQTT(SSL). | `8883` +| `service.mgmt` | Port for mgmt API. | `8081` +| `service.ws` | Port for WebSocket/HTTP. | `8083` +| `service.wss` | Port for WSS/HTTPS. | `8084` +| `service.dashboard` | Port for dashboard. | `18083` +| `service.nodePorts.mqtt` | Kubernetes node port for MQTT. | `nil` +| `service.nodePorts.mqttssl` | Kubernetes node port for MQTT(SSL). | `nil` +| `service.nodePorts.mgmt` | Kubernetes node port for mgmt API. | `nil` +| `service.nodePorts.ws` | Kubernetes node port for WebSocket/HTTP. | `nil` +| `service.nodePorts.wss` | Kubernetes node port for WSS/HTTPS. | `nil` +| `service.nodePorts.dashboard` | Kubernetes node port for dashboard. | `nil` +| `service.loadBalancerIP` | loadBalancerIP for Service | `nil` +| `service.loadBalancerSourceRanges` | Address(es) that are allowed when service is LoadBalancer | `[]` +| `service.externalIPs` | ExternalIPs for the service | `[]` +| `service.annotations` | Service annotations (evaluated as a template) | `{}` +| `ingress.dashboard.enabled` | Enable ingress for EMQX Dashboard | false +| `ingress.dashboard.ingressClassName` | Set the ingress class for EMQX Dashboard +| `ingress.dashboard.path` | Ingress path for EMQX Dashboard | `/` +| `ingress.dashboard.hosts` | Ingress hosts for EMQX Mgmt API | dashboard.emqx.local +| `ingress.dashboard.tls` | Ingress tls for EMQX Mgmt API | `[]` +| `ingress.dashboard.annotations` | Ingress annotations for EMQX Mgmt API | `{}` +| `ingress.mgmt.enabled` | Enable ingress for EMQX Mgmt API | `false` +| `ingress.mqtt.ingressClassName` | Set the ingress class for EMQX Mgmt API | `nil` +| `ingress.mgmt.path` | Ingress path for EMQX Mgmt API | `/` +| `ingress.mgmt.hosts` | Ingress hosts for EMQX Mgmt API | `api.emqx.local` +| `ingress.mgmt.tls` | Ingress tls for EMQX Mgmt API | `[]` +| `ingress.mgmt.annotations` | Ingress annotations for EMQX Mgmt API | `{}` +| `ingress.wss.enabled` | Enable ingress for EMQX Mgmt API | `false` +| `ingress.wss.ingressClassName` | Set the ingress class for EMQX Mgmt API | `nil` +| `ingress.wss.path` | Ingress path for EMQX WSS | `/` +| `ingress.wss.hosts` | Ingress hosts for EMQX WSS | `wss.emqx.local` +| `ingress.wss.tls` | Ingress tls for EMQX WSS | `[]` +| `ingress.wss.annotations` | Ingress annotations for EMQX WSS | `{}` -| Parameter | Description | Default Value | -| --- | --- | --- | -| `replicaCount` | It is recommended to have odd number of nodes in a cluster, otherwise the emqx cluster cannot be automatically healed in case of net-split. |3| -| `image.repository` | EMQ X Image name |emqx/emqx| -| `image.pullPolicy` | The image pull policy |IfNotPresent| -| `image.pullSecrets ` | The image pull secrets |`[]` (does not add image pull secrets to deployed pods)| -| `recreatePods` | Forces the recreation of pods during upgrades, which can be useful to always apply the most recent configuration. | false | -| `persistence.enabled` | Enable EMQX persistence using PVC |false| -| `persistence.storageClass` | Storage class of backing PVC |`nil` (uses alpha storage class annotation)| -| `persistence.existingClaim` | EMQ X data Persistent Volume existing claim name, evaluated as a template |""| -| `persistence.accessMode` | PVC Access Mode for EMQX volume |ReadWriteOnce| -| `persistence.size` | PVC Storage Request for EMQX volume |20Mi| -| `initContainers` | Containers that run before the creation of EMQX containers. They can contain utilities or setup scripts. |`{}`| -| `resources` | CPU/Memory resource requests/limits |{}| -| `nodeSelector` | Node labels for pod assignment |`{}`| -| `tolerations` | Toleration labels for pod assignment |`[]`| -| `affinity` | Map of node/pod affinities |`{}`| -| `service.type` | Kubernetes Service type. |ClusterIP| -| `service.mqtt` | Port for MQTT. |1883| -| `service.mqttssl` | Port for MQTT(SSL). |8883| -| `service.mgmt` | Port for mgmt API. |8081| -| `service.ws` | Port for WebSocket/HTTP. |8083| -| `service.wss` | Port for WSS/HTTPS. |8084| -| `service.dashboard` | Port for dashboard. |18083| -| `service.nodePorts.mqtt` | Kubernetes node port for MQTT. |nil| -| `service.nodePorts.mqttssl` | Kubernetes node port for MQTT(SSL). |nil| -| `service.nodePorts.mgmt` | Kubernetes node port for mgmt API. |nil| -| `service.nodePorts.ws` | Kubernetes node port for WebSocket/HTTP. |nil| -| `service.nodePorts.wss` | Kubernetes node port for WSS/HTTPS. |nil| -| `service.nodePorts.dashboard` | Kubernetes node port for dashboard. |nil| -| `service.loadBalancerIP` | loadBalancerIP for Service | nil | -| `service.loadBalancerSourceRanges` | Address(es) that are allowed when service is LoadBalancer | [] | -| `service.externalIPs` | ExternalIPs for the service | [] | -| `service.annotations` | Service annotations | {}(evaluated as a template)| -| `ingress.dashboard.enabled` | Enable ingress for EMQX Dashboard | false | -| `ingress.dashboard.path` | Ingress path for EMQX Dashboard | / | -| `ingress.dashboard.hosts` | Ingress hosts for EMQX Mgmt API | dashboard.emqx.local | -| `ingress.dashboard.tls` | Ingress tls for EMQX Mgmt API | [] | -| `ingress.dashboard.annotations` | Ingress annotations for EMQX Mgmt API | {} | -| `ingress.mgmt.enabled` | Enable ingress for EMQX Mgmt API | false | -| `ingress.mgmt.path` | Ingress path for EMQX Mgmt API | / | -| `ingress.mgmt.hosts` | Ingress hosts for EMQX Mgmt API | api.emqx.local | -| `ingress.mgmt.tls` | Ingress tls for EMQX Mgmt API | [] | -| `ingress.mgmt.annotations` | Ingress annotations for EMQX Mgmt API | {} | -| `emqxConfig` | Emqx configuration item, see the [documentation](https://hub.docker.com/r/emqx/emqx) | | -| `emqxAclConfig` | Emqx acl configuration item, see the [documentation](https://docs.emqx.io/broker/latest/en/advanced/acl-file.html) | | +## EMQx-specific +The following table lists the configurable EMQx parameters of the EMQx chart and their default values. +| Parameter | Description | Default Value +| --- | --- | --- +| `emqxConfig` | [Global configuration](https://hub.docker.com/r/emqx/emqx) items | `nil` +| `emqxLicenseSecretName` | Name of the secret that holds the license information | `nil` +| `emqxAclConfig` | [ACL]((https://docs.emqx.io/broker/latest/en/advanced/acl-file.html)) configuration | `{allow, {user, "dashboard"}, subscribe, ["$SYS/#"]}. {allow, {ipaddr, "127.0.0.1"}, pubsub, ["$SYS/#", "#"]}. {deny, all, subscribe, ["$SYS/#", {eq, "#"}]}. {allow, all}.` +| `emqxLoadedModules` | Modules to load on start | `{emqx_mod_acl_internal, true}. {emqx_mod_presence, true}. {emqx_mod_delayed, false}. {emqx_mod_rewrite, false}. {emqx_mod_subscription, false}. {emqx_mod_topic_metrics, false}.` +| `emqxLoadedPlugins` | Plugins to load on start | `{emqx_management, true}. {emqx_recon, true}. {emqx_retainer, true}. {emqx_dashboard, true}. {emqx_telemetry, true}. {emqx_rule_engine, true}. {emqx_bridge_mqtt, false}.` \ No newline at end of file diff --git a/deploy/charts/emqx/templates/ingress.yaml b/deploy/charts/emqx/templates/ingress.dashboard.yaml similarity index 50% rename from deploy/charts/emqx/templates/ingress.yaml rename to deploy/charts/emqx/templates/ingress.dashboard.yaml index c6d7f7fa1..cb0a53cf0 100644 --- a/deploy/charts/emqx/templates/ingress.yaml +++ b/deploy/charts/emqx/templates/ingress.dashboard.yaml @@ -48,53 +48,3 @@ spec: {{- end }} --- {{- end }} -{{- if .Values.ingress.mgmt.enabled -}} -{{- if semverCompare ">=1.19-0" .Capabilities.KubeVersion.GitVersion -}} -apiVersion: networking.k8s.io/v1 -{{- else if semverCompare ">=1.14-0" .Capabilities.KubeVersion.GitVersion -}} -apiVersion: networking.k8s.io/v1beta1 -{{- else -}} -apiVersion: extensions/v1beta1 -{{- end }} -kind: Ingress -metadata: - name: {{ printf "%s-%s" (include "emqx.fullname" .) "mgmt" }} - labels: - app.kubernetes.io/name: {{ include "emqx.name" . }} - helm.sh/chart: {{ include "emqx.chart" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - {{- if .Values.ingress.mgmt.annotations }} - annotations: - {{- toYaml .Values.ingress.mgmt.annotations | nindent 4 }} - {{- end }} -spec: -{{- if and .Values.ingress.mgmt.ingressClassName (semverCompare ">=1.18-0" .Capabilities.KubeVersion.GitVersion) }} - ingressClassName: {{ .Values.ingress.mgmt.ingressClassName }} -{{- end }} - rules: - {{- range $host := .Values.ingress.mgmt.hosts }} - - host: {{ $host }} - http: - paths: - - path: / - {{- if (semverCompare ">=1.18-0" $.Capabilities.KubeVersion.GitVersion) }} - pathType: ImplementationSpecific - {{- end }} - backend: - {{- if semverCompare ">=1.19-0" $.Capabilities.KubeVersion.GitVersion }} - service: - name: {{ include "emqx.fullname" $ }} - port: - number: {{ $.Values.service.mgmt }} - {{- else }} - serviceName: {{ include "emqx.fullname" $ }} - servicePort: {{ $.Values.service.mgmt }} - {{- end }} - {{- end -}} - {{- if .Values.ingress.mgmt.tls }} - tls: - {{- toYaml .Values.ingress.mgmt.tls | nindent 4 }} - {{- end }} ---- -{{- end }} \ No newline at end of file diff --git a/deploy/charts/emqx/templates/ingress.mgmt.yaml b/deploy/charts/emqx/templates/ingress.mgmt.yaml new file mode 100644 index 000000000..bf4158955 --- /dev/null +++ b/deploy/charts/emqx/templates/ingress.mgmt.yaml @@ -0,0 +1,49 @@ +{{- if .Values.ingress.mgmt.enabled -}} +{{- if semverCompare ">=1.19-0" .Capabilities.KubeVersion.GitVersion -}} +apiVersion: networking.k8s.io/v1 +{{- else if semverCompare ">=1.14-0" .Capabilities.KubeVersion.GitVersion -}} +apiVersion: networking.k8s.io/v1beta1 +{{- else -}} +apiVersion: extensions/v1beta1 +{{- end }} +kind: Ingress +metadata: + name: {{ printf "%s-%s" (include "emqx.fullname" .) "mgmt" }} + labels: + app.kubernetes.io/name: {{ include "emqx.name" . }} + helm.sh/chart: {{ include "emqx.chart" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + {{- if .Values.ingress.mgmt.annotations }} + annotations: + {{- toYaml .Values.ingress.mgmt.annotations | nindent 4 }} + {{- end }} +spec: +{{- if and .Values.ingress.mgmt.ingressClassName (semverCompare ">=1.18-0" .Capabilities.KubeVersion.GitVersion) }} + ingressClassName: {{ .Values.ingress.mgmt.ingressClassName }} +{{- end }} + rules: + {{- range $host := .Values.ingress.mgmt.hosts }} + - host: {{ $host }} + http: + paths: + - path: {{ $.Values.ingress.mgmt.path | default "/" }} + {{- if (semverCompare ">=1.18-0" $.Capabilities.KubeVersion.GitVersion) }} + pathType: ImplementationSpecific + {{- end }} + backend: + {{- if semverCompare ">=1.19-0" $.Capabilities.KubeVersion.GitVersion }} + service: + name: {{ include "emqx.fullname" $ }} + port: + number: {{ $.Values.service.mgmt }} + {{- else }} + serviceName: {{ include "emqx.fullname" $ }} + servicePort: {{ $.Values.service.mgmt }} + {{- end }} + {{- end -}} + {{- if .Values.ingress.mgmt.tls }} + tls: + {{- toYaml .Values.ingress.mgmt.tls | nindent 4 }} + {{- end }} +{{- end }} diff --git a/deploy/charts/emqx/templates/ingress.wss.yaml b/deploy/charts/emqx/templates/ingress.wss.yaml new file mode 100644 index 000000000..88d91272b --- /dev/null +++ b/deploy/charts/emqx/templates/ingress.wss.yaml @@ -0,0 +1,49 @@ +{{- if .Values.ingress.wss.enabled -}} +{{- if semverCompare ">=1.19-0" .Capabilities.KubeVersion.GitVersion -}} +apiVersion: networking.k8s.io/v1 +{{- else if semverCompare ">=1.14-0" .Capabilities.KubeVersion.GitVersion -}} +apiVersion: networking.k8s.io/v1beta1 +{{- else -}} +apiVersion: extensions/v1beta1 +{{- end }} +kind: Ingress +metadata: + name: {{ printf "%s-%s" (include "emqx.fullname" .) "wss" }} + labels: + app.kubernetes.io/name: {{ include "emqx.name" . }} + helm.sh/chart: {{ include "emqx.chart" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + {{- if .Values.ingress.wss.annotations }} + annotations: + {{- toYaml .Values.ingress.wss.annotations | nindent 4 }} + {{- end }} +spec: +{{- if and .Values.ingress.wss.ingressClassName (semverCompare ">=1.18-0" .Capabilities.KubeVersion.GitVersion) }} + ingressClassName: {{ .Values.ingress.wss.ingressClassName }} +{{- end }} + rules: + {{- range $host := .Values.ingress.wss.hosts }} + - host: {{ $host }} + http: + paths: + - path: {{ $.Values.ingress.wss.path | default "/mqtt" }} + {{- if (semverCompare ">=1.18-0" $.Capabilities.KubeVersion.GitVersion) }} + pathType: ImplementationSpecific + {{- end }} + backend: + {{- if semverCompare ">=1.19-0" $.Capabilities.KubeVersion.GitVersion }} + service: + name: {{ include "emqx.fullname" $ }} + port: + number: {{ $.Values.service.ws }} + {{- else }} + serviceName: {{ include "emqx.fullname" $ }} + servicePort: {{ $.Values.service.ws }} + {{- end }} + {{- end -}} + {{- if .Values.ingress.wss.tls }} + tls: + {{- toYaml .Values.ingress.wss.tls | nindent 4 }} + {{- end }} +{{- end }} diff --git a/deploy/charts/emqx/values.yaml b/deploy/charts/emqx/values.yaml index 4b1526cc9..39c158610 100644 --- a/deploy/charts/emqx/values.yaml +++ b/deploy/charts/emqx/values.yaml @@ -187,6 +187,29 @@ ingress: - api.emqx.local tls: [] + ## ingress for EMQX Mgmt API + wss: + enabled: false + # ingressClassName: nginx + annotations: {} + # Sample annotations for nginx-ingress community controller + # nginx.ingress.kubernetes.io/rewrite-target: /mqtt$1 # Use to rewrite backend path if needed + # nginx.ingress.kubernetes.io/backend-protocol: "http" + # nginx.ingress.kubernetes.io/use-forwarded-headers: "true" + # nginx.ingress.kubernetes.io/enable-real-ip: "true" + # nginx.ingress.kubernetes.io/proxy-request-buffering: "off" + # nginx.ingress.kubernetes.io/proxy-connect-timeout: "120" + # nginx.ingress.kubernetes.io/proxy-http-version: "1.1" + # nginx.ingress.kubernetes.io/proxy-read-timeout: "3600" + # nginx.ingress.kubernetes.io/proxy-send-timeout: "3600" + # nginx.ingress.kubernetes.io/use-proxy-protocol: "false" + # nginx.ingress.kubernetes.io/proxy-protocol-header-timeout: "5s" + path: /mqtt + # path: /wss(\/.*)? + hosts: + - wss.emqx.local + tls: [] + podSecurityContext: enabled: true fsGroup: 1000