212 lines
6.3 KiB
YAML
212 lines
6.3 KiB
YAML
## Default values for emqx.
|
||
## This is a YAML-formatted file.
|
||
## Declare variables to be passed into your templates.
|
||
|
||
## It is recommended to have odd number of nodes in a cluster, otherwise the emqx cluster cannot be automatically healed in case of net-split.
|
||
replicaCount: 3
|
||
image:
|
||
repository: emqx/emqx-enterprise
|
||
pullPolicy: IfNotPresent
|
||
## Optionally specify an array of imagePullSecrets.
|
||
## Secrets must be manually created in the namespace.
|
||
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
|
||
##
|
||
# pullSecrets:
|
||
# - myRegistryKeySecretName
|
||
|
||
|
||
# The name of a secret in the same kubernetes namespace which contains values to
|
||
# be added to the environment (must be manually created)
|
||
# This can be useful for passwords and logins, etc.
|
||
|
||
# envFromSecret: "emqx-secrets"
|
||
|
||
## Forces the recreation of pods during helm upgrades. This can be useful to update configuration values even if the container image did not change.
|
||
recreatePods: false
|
||
|
||
podAnnotations: {}
|
||
|
||
# Pod deployment policy
|
||
# value: OrderedReady | Parallel
|
||
# To redeploy a chart with existing PVC(s), the value must be set to Parallel to avoid deadlock
|
||
podManagementPolicy: Parallel
|
||
|
||
persistence:
|
||
enabled: false
|
||
size: 20Mi
|
||
storageClassName: ""
|
||
accessMode: ReadWriteOnce
|
||
## Existing PersistentVolumeClaims
|
||
## The value is evaluated as a template
|
||
## So, for example, the name can depend on .Release or .Chart
|
||
# existingClaim: ""
|
||
|
||
resources: {}
|
||
# limits:
|
||
# cpu: 500m
|
||
# memory: 512Mi
|
||
# requests:
|
||
# cpu: 500m
|
||
# memory: 512Mi
|
||
|
||
# Containers that run before the creation of EMQX containers. They can contain utilities or setup scripts.
|
||
initContainers: {}
|
||
# - name: sysctl
|
||
# image: busybox
|
||
# securityContext:
|
||
# runAsUser: 0
|
||
# runAsGroup: 0
|
||
# capabilities:
|
||
# add:
|
||
# - SYS_ADMIN
|
||
# drop:
|
||
# - ALL
|
||
# command:
|
||
# - /bin/sh
|
||
# - -c
|
||
# - |
|
||
# mount -o remount rw /proc/sys
|
||
# sysctl -w net.core.somaxconn=65535
|
||
# sysctl -w net.ipv4.ip_local_port_range="1024 65535"
|
||
# sysctl -w kernel.core_uses_pid=0
|
||
# sysctl -w net.ipv4.tcp_tw_reuse=1
|
||
# sysctl -w fs.nr_open=1000000000
|
||
# sysctl -w fs.file-max=1000000000
|
||
# sysctl -w net.ipv4.ip_local_port_range='1025 65534'
|
||
# sysctl -w net.ipv4.udp_mem='74583000 499445000 749166000'
|
||
# sysctl -w net.ipv4.tcp_max_sync_backlog=163840
|
||
# sysctl -w net.core.netdev_max_backlog=163840
|
||
# sysctl -w net.core.optmem_max=16777216
|
||
# sysctl -w net.ipv4.tcp_rmem='1024 4096 16777216'
|
||
# sysctl -w net.ipv4.tcp_wmem='1024 4096 16777216'
|
||
# sysctl -w net.ipv4.tcp_max_tw_buckets=1048576
|
||
# sysctl -w net.ipv4.tcp_fin_timeout=15
|
||
# sysctl -w net.core.rmem_default=262144000
|
||
# sysctl -w net.core.wmem_default=262144000
|
||
# sysctl -w net.core.rmem_max=262144000
|
||
# sysctl -w net.core.wmem_max=262144000
|
||
# sysctl -w net.ipv4.tcp_mem='378150000 504200000 756300000'
|
||
# sysctl -w net.netfilter.nf_conntrack_max=1000000
|
||
# sysctl -w net.netfilter.nf_conntrack_tcp_timeout_time_wait=30
|
||
|
||
## EMQX configuration item, see the documentation (https://hub.docker.com/r/emqx/emqx)
|
||
emqxConfig:
|
||
EMQX_CLUSTER__DISCOVERY_STRATEGY: "dns"
|
||
EMQX_CLUSTER__DNS__NAME: "{{ .Release.Name }}-headless.{{ .Release.Namespace }}.svc.cluster.local"
|
||
EMQX_CLUSTER__DNS__RECORD_TYPE: "srv"
|
||
# EMQX_CLUSTER__DISCOVERY_STRATEGY: "k8s"
|
||
# EMQX_CLUSTER__K8S__APISERVER: "https://kubernetes.default.svc:443"
|
||
# EMQX_CLUSTER__K8S__SERVICE_NAME: "{{ .Release.Name }}-headless"
|
||
# EMQX_CLUSTER__K8S__NAMESPACE: "{{ .Release.Namespace }}"
|
||
## The address type is used to extract host from k8s service.
|
||
## Value: ip | dns | hostname
|
||
## Note:Hostname is only supported after v4.0-rc.2
|
||
EMQX_CLUSTER__K8S__ADDRESS_TYPE: "hostname"
|
||
EMQX_CLUSTER__K8S__SUFFIX: "svc.cluster.local"
|
||
## if EMQX_CLUSTER__K8S__ADDRESS_TYPE eq dns
|
||
# EMQX_CLUSTER__K8S__SUFFIX: "pod.cluster.local"
|
||
EMQX_DASHBOARD__DEFAULT_USERNAME: "admin"
|
||
EMQX_DASHBOARD__DEFAULT_PASSWORD: "public"
|
||
|
||
## EMQX Enterprise Edition requires manual creation of a Secret containing the licensed content. Write the name of Secret to the value of "emqxLicenseSecretName"
|
||
## Example:
|
||
## kubectl create secret generic emqx-license-secret-name --from-file=/path/to/emqx.lic
|
||
emqxLicenseSecretName:
|
||
|
||
service:
|
||
## Service type
|
||
##
|
||
type: ClusterIP
|
||
## Port for MQTT
|
||
##
|
||
mqtt: 1883
|
||
## Port for MQTT(SSL)
|
||
##
|
||
mqttssl: 8883
|
||
## Port for WebSocket/HTTP
|
||
##
|
||
ws: 8083
|
||
## Port for WSS/HTTPS
|
||
##
|
||
wss: 8084
|
||
## Port for dashboard and API
|
||
##
|
||
dashboard: 18083
|
||
## Port for dashboard and API over HTTPS
|
||
##
|
||
# dashboardtls: 18084
|
||
## Specify the nodePort(s) value for the LoadBalancer and NodePort service types.
|
||
## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport
|
||
##
|
||
nodePorts:
|
||
mqtt:
|
||
mqttssl:
|
||
mgmt:
|
||
ws:
|
||
wss:
|
||
dashboard:
|
||
dashboardtls:
|
||
## Set the LoadBalancer service type to internal only.
|
||
## ref: https://kubernetes.io/docs/concepts/services-networking/service/#internal-load-balancer
|
||
##
|
||
# loadBalancerIP:
|
||
## Load Balancer sources
|
||
## ref: https://kubernetes.io/docs/tasks/access-application-cluster/configure-cloud-provider-firewall/#restrict-access-for-loadbalancer-service
|
||
## Example:
|
||
## loadBalancerSourceRanges:
|
||
## - 10.10.10.0/24
|
||
##
|
||
loadBalancerSourceRanges: []
|
||
## Set the ExternalIPs
|
||
##
|
||
externalIPs: []
|
||
## Provide any additional annotations which may be required. Evaluated as a template
|
||
##
|
||
annotations: {}
|
||
|
||
nodeSelector: {}
|
||
|
||
tolerations: []
|
||
|
||
affinity: {}
|
||
|
||
ingress:
|
||
## ingress for EMQX Dashboard
|
||
dashboard:
|
||
enabled: false
|
||
# ingressClassName: nginx
|
||
annotations: {}
|
||
# kubernetes.io/ingress.class: nginx
|
||
# kubernetes.io/tls-acme: "true"
|
||
path: /
|
||
pathType: ImplementationSpecific
|
||
hosts:
|
||
- dashboard.emqx.local
|
||
tls: []
|
||
|
||
podSecurityContext:
|
||
enabled: true
|
||
fsGroup: 1000
|
||
fsGroupChangePolicy: Always
|
||
runAsUser: 1000
|
||
supplementalGroups:
|
||
- 1000
|
||
|
||
containerSecurityContext:
|
||
enabled: true
|
||
runAsNonRoot: true
|
||
runAsUser: 1000
|
||
|
||
metrics:
|
||
enabled: false
|
||
type: prometheus
|
||
|
||
ssl:
|
||
enabled: false
|
||
useExisting: false
|
||
existingName: emqx-tls
|
||
dnsnames: {}
|
||
issuer:
|
||
name: letsencrypt-dns
|
||
kind: ClusterIssuer
|