## Default values for emqx. ## This is a YAML-formatted file. ## Declare variables to be passed into your templates. ## It is recommended to have odd number of nodes in a cluster, otherwise the emqx cluster cannot be automatically healed in case of net-split. replicaCount: 3 image: repository: emqx/emqx-enterprise pullPolicy: IfNotPresent # Overrides the image tag whose default is the chart appVersion. tag: "" ## Optionally specify an array of imagePullSecrets. ## Secrets must be manually created in the namespace. ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ ## # pullSecrets: # - myRegistryKeySecretName serviceAccount: # Specifies whether a service account should be created # If set false, means you need create service account by yourself create: true # The name of the service account to use. # If not set and create is true, a name is generated using the fullname template name: "" # Annotations to add to the service account annotations: {} # The name of a secret in the same kubernetes namespace which contains values to # be added to the environment (must be manually created) # This can be useful for passwords and logins, etc. # envFromSecret: "emqx-secrets" ## Forces the recreation of pods during helm upgrades. This can be useful to update configuration values even if the container image did not change. recreatePods: false ## Sets the minReadySeconds parameter on the stateful set. This can be used to add delay between restart / updates between the single pods. minReadySeconds: ## Sets the priorityClassName parameter on the pods. This can be used to run the pods with increased priority. priorityClassName: clusterDomain: cluster.local podAnnotations: {} # Pod deployment policy # value: OrderedReady | Parallel # To redeploy a chart with existing PVC(s), the value must be set to Parallel to avoid deadlock podManagementPolicy: Parallel persistence: enabled: false size: 20Mi storageClassName: "" accessMode: ReadWriteOnce ## Existing PersistentVolumeClaims ## The value is evaluated as a template ## So, for example, the name can depend on .Release or .Chart # existingClaim: "" resources: {} # limits: # cpu: 500m # memory: 512Mi # requests: # cpu: 500m # memory: 512Mi extraVolumeMounts: [] ## Additional volumeMounts to the default backend container. # - name: my-owner-acl # mountPath: /opt/emqx/etc/acl.conf # subPath: acl.conf extraVolumes: [] ## Additional volumes to the default backend pod. # - name: my-owner-acl # secret: fake-acl-conf # Containers that run before the creation of EMQX containers. They can contain utilities or setup scripts. initContainers: {} # - name: sysctl # image: busybox # securityContext: # runAsUser: 0 # runAsGroup: 0 # capabilities: # add: # - SYS_ADMIN # drop: # - ALL # command: # - /bin/sh # - -c # - | # mount -o remount rw /proc/sys # sysctl -w net.core.somaxconn=65535 # sysctl -w net.ipv4.ip_local_port_range="1024 65535" # sysctl -w kernel.core_uses_pid=0 # sysctl -w net.ipv4.tcp_tw_reuse=1 # sysctl -w fs.nr_open=1000000000 # sysctl -w fs.file-max=1000000000 # sysctl -w net.ipv4.ip_local_port_range='1025 65534' # sysctl -w net.ipv4.udp_mem='74583000 499445000 749166000' # sysctl -w net.ipv4.tcp_max_sync_backlog=163840 # sysctl -w net.core.netdev_max_backlog=163840 # sysctl -w net.core.optmem_max=16777216 # sysctl -w net.ipv4.tcp_rmem='1024 4096 16777216' # sysctl -w net.ipv4.tcp_wmem='1024 4096 16777216' # sysctl -w net.ipv4.tcp_max_tw_buckets=1048576 # sysctl -w net.ipv4.tcp_fin_timeout=15 # sysctl -w net.core.rmem_default=262144000 # sysctl -w net.core.wmem_default=262144000 # sysctl -w net.core.rmem_max=262144000 # sysctl -w net.core.wmem_max=262144000 # sysctl -w net.ipv4.tcp_mem='378150000 504200000 756300000' # sysctl -w net.netfilter.nf_conntrack_max=1000000 # sysctl -w net.netfilter.nf_conntrack_tcp_timeout_time_wait=30 ## EMQX configuration item, see the documentation (https://hub.docker.com/r/emqx/emqx-enterprise) emqxConfig: EMQX_CLUSTER__DISCOVERY_STRATEGY: "dns" EMQX_DASHBOARD__DEFAULT_USERNAME: "admin" EMQX_DASHBOARD__DEFAULT_PASSWORD: "public" ## EMQX Enterprise Edition requires manual creation of a Secret containing the licensed content. Write the name of Secret to the value of "emqxLicenseSecretName" ## Example: ## kubectl create secret generic emqx-license-secret-name --from-file=/path/to/emqx.lic emqxLicenseSecretName: service: ## Service type ## type: ClusterIP ## The cluster IP if one wants to customize it to a fixed value ## clusterIP: None ## Port for MQTT ## mqtt: 1883 ## Port for MQTT(SSL) ## mqttssl: 8883 ## Port for WebSocket/HTTP ## ws: 8083 ## Port for WSS/HTTPS ## wss: 8084 ## Port for dashboard and API ## dashboard: 18083 ## Port for dashboard and API over HTTPS ## # dashboardtls: 18084 ## Specify the nodePort(s) value for the LoadBalancer and NodePort service types. ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport ## nodePorts: mqtt: mqttssl: mgmt: ws: wss: dashboard: dashboardtls: ## Specifies the load balancer implementation this Service belongs to. ## Once set, it can not be changed. ## # loadBalancerClass: ## Set the LoadBalancer service type to internal only. ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#internal-load-balancer ## # loadBalancerIP: ## Load Balancer sources ## ref: https://kubernetes.io/docs/tasks/access-application-cluster/configure-cloud-provider-firewall/#restrict-access-for-loadbalancer-service ## Example: ## loadBalancerSourceRanges: ## - 10.10.10.0/24 ## loadBalancerSourceRanges: [] ## Set the ExternalIPs ## externalIPs: [] ## Denotes if this Service desires to route external traffic to node-local or cluster-wide endpoints. ## There are two available options: Cluster (default) and Local. ## Cluster obscures the client source IP and may cause a second hop to another node, but should have good overall load-spreading. ## Local preserves the client source IP and avoids a second hop for LoadBalancer and NodePort type Services, but risks potentially imbalanced traffic spreading. ## externalTrafficPolicy: "Cluster" ## Provide any additional annotations which may be required. Evaluated as a template ## annotations: {} labels: {} nodeSelector: {} tolerations: [] affinity: {} topologySpreadConstraints: [] ingress: ## ingress for EMQX Dashboard dashboard: enabled: false # ingressClassName: nginx annotations: {} # kubernetes.io/ingress.class: nginx # kubernetes.io/tls-acme: "true" path: / pathType: ImplementationSpecific hosts: - dashboard.emqx.local tls: [] ## ingress for MQTT mqtt: enabled: false # ingressClassName: haproxy annotations: {} # kubernetes.io/ingress.class: haproxy # kubernetes.io/tls-acme: "true" # haproxy-ingress.github.io/tcp-service-port: "8883" # haproxy-ingress.github.io/proxy-protocol: "v2" path: / pathType: ImplementationSpecific hosts: - mqtt.emqx.local tls: [] podSecurityContext: enabled: true fsGroup: 1000 fsGroupChangePolicy: Always runAsUser: 1000 supplementalGroups: - 1000 containerSecurityContext: enabled: true runAsNonRoot: true runAsUser: 1000 metrics: enabled: false type: prometheus ssl: enabled: false useExisting: false existingName: emqx-tls dnsnames: [] commonName: issuer: name: letsencrypt-dns kind: ClusterIssuer ## Setting PodDisruptionBudget. ## ref: https://kubernetes.io/docs/tasks/run-application/configure-pdb ## pdb: enabled: false maxUnavailable: 1