--- apiVersion: v1 kind: ServiceAccount metadata: name: helm-emqxs namespace: szgz --- apiVersion: v1 kind: ConfigMap metadata: name: helm-emqxs-env namespace: szgz labels: cmii.type: middleware cmii.app: helm-emqxs cmii.emqx.architecture: cluster helm.sh/chart: emqx-1.1.0 app.kubernetes.io/managed-by: octopus-control app.kubernetes.io/version: 6.2.0 data: EMQX_CLUSTER__K8S__APISERVER: "https://kubernetes.default.svc.cluster.local:443" EMQX_NAME: "helm-emqxs" EMQX_CLUSTER__DISCOVERY: "k8s" EMQX_CLUSTER__K8S__APP_NAME: "helm-emqxs" EMQX_CLUSTER__K8S__SERVICE_NAME: "helm-emqxs-headless" EMQX_CLUSTER__K8S__ADDRESS_TYPE: "dns" EMQX_CLUSTER__K8S__namespace: "szgz" EMQX_CLUSTER__K8S__SUFFIX: "svc.cluster.local" EMQX_ALLOW_ANONYMOUS: "false" EMQX_ACL_NOMATCH: "deny" --- apiVersion: v1 kind: ConfigMap metadata: name: helm-emqxs-cm namespace: szgz labels: cmii.type: middleware cmii.app: helm-emqxs cmii.emqx.architecture: cluster helm.sh/chart: emqx-1.1.0 app.kubernetes.io/managed-by: octopus-control app.kubernetes.io/version: 6.2.0 data: emqx_auth_mnesia.conf: |- auth.mnesia.password_hash = sha256 # clientid 认证数据 # auth.client.1.clientid = admin # auth.client.1.password = odD8#Ve7.B # auth.client.2.clientid = cmlc # auth.client.2.password = odD8#Ve7.B ## username 认证数据 auth.user.1.username = admin auth.user.1.password = odD8#Ve7.B auth.user.2.username = cmlc auth.user.2.password = odD8#Ve7.B acl.conf: |- {allow, {user, "admin"}, pubsub, ["admin/#"]}. {allow, {user, "dashboard"}, subscribe, ["$SYS/#"]}. {allow, {ipaddr, "127.0.0.1"}, pubsub, ["$SYS/#", "#"]}. {deny, all, subscribe, ["$SYS/#", {eq, "#"}]}. {allow, all}. loaded_plugins: |- {emqx_auth_mnesia,true}. {emqx_auth_mnesia,true}. {emqx_management, true}. {emqx_recon, true}. {emqx_retainer, false}. {emqx_dashboard, true}. {emqx_telemetry, true}. {emqx_rule_engine, true}. {emqx_bridge_mqtt, false}. --- apiVersion: apps/v1 kind: StatefulSet metadata: name: helm-emqxs namespace: szgz labels: cmii.type: middleware cmii.app: helm-emqxs cmii.emqx.architecture: cluster helm.sh/chart: emqx-1.1.0 app.kubernetes.io/managed-by: octopus-control app.kubernetes.io/version: 6.2.0 spec: replicas: 1 serviceName: helm-emqxs-headless updateStrategy: type: RollingUpdate selector: matchLabels: cmii.type: middleware cmii.app: helm-emqxs cmii.emqx.architecture: cluster template: metadata: labels: cmii.type: middleware cmii.app: helm-emqxs cmii.emqx.architecture: cluster helm.sh/chart: emqx-1.1.0 app.kubernetes.io/managed-by: octopus-control app.kubernetes.io/version: 6.2.0 spec: affinity: {} imagePullSecrets: - name: harborsecret serviceAccountName: helm-emqxs containers: - name: helm-emqxs image: 172.31.2.7:8033/admin/cmii/emqx:4.4.19 imagePullPolicy: Always ports: - name: mqtt containerPort: 1883 - name: mqttssl containerPort: 8883 - name: mgmt containerPort: 8081 - name: ws containerPort: 8083 - name: wss containerPort: 8084 - name: dashboard containerPort: 18083 - name: ekka containerPort: 4370 envFrom: - configMapRef: name: helm-emqxs-env resources: {} volumeMounts: - name: emqx-data mountPath: "/opt/emqx/data/mnesia" readOnly: false - name: helm-emqxs-cm mountPath: "/opt/emqx/etc/plugins/emqx_auth_mnesia.conf" subPath: emqx_auth_mnesia.conf readOnly: false - name: helm-emqxs-cm mountPath: "/opt/emqx/etc/acl.conf" subPath: "acl.conf" readOnly: false - name: helm-emqxs-cm mountPath: "/opt/emqx/data/loaded_plugins" subPath: loaded_plugins readOnly: false volumes: - name: emqx-data emptyDir: {} # persistentVolumeClaim: # claimName: helm-emqxs - name: helm-emqxs-cm configMap: name: helm-emqxs-cm items: - key: emqx_auth_mnesia.conf path: emqx_auth_mnesia.conf - key: acl.conf path: acl.conf - key: loaded_plugins path: loaded_plugins --- kind: Role apiVersion: rbac.authorization.k8s.io/v1 metadata: name: helm-emqxs namespace: szgz rules: - apiGroups: - "" resources: - endpoints verbs: - get - watch - list --- kind: RoleBinding apiVersion: rbac.authorization.k8s.io/v1 metadata: name: helm-emqxs namespace: szgz subjects: - kind: ServiceAccount name: helm-emqxs namespace: szgz roleRef: kind: Role name: helm-emqxs apiGroup: rbac.authorization.k8s.io --- apiVersion: v1 kind: Service metadata: name: helm-emqxs namespace: szgz labels: cmii.type: middleware cmii.app: helm-emqxs cmii.emqx.architecture: cluster helm.sh/chart: emqx-1.1.0 app.kubernetes.io/managed-by: octopus-control app.kubernetes.io/version: 6.2.0 spec: type: NodePort selector: cmii.type: middleware cmii.app: helm-emqxs cmii.emqx.architecture: cluster ports: - port: 1883 name: mqtt targetPort: 1883 nodePort: 31883 - port: 18083 name: dashboard targetPort: 18083 nodePort: 38085 - port: 8083 name: mqtt-websocket targetPort: 8083 nodePort: 38083 --- apiVersion: v1 kind: Service metadata: name: helm-emqxs-headless namespace: szgz labels: cmii.type: middleware cmii.app: helm-emqxs cmii.emqx.architecture: cluster helm.sh/chart: emqx-1.1.0 app.kubernetes.io/managed-by: octopus-control app.kubernetes.io/version: 6.2.0 spec: type: ClusterIP clusterIP: None selector: cmii.type: middleware cmii.app: helm-emqxs cmii.emqx.architecture: cluster ports: - name: mqtt port: 1883 protocol: TCP targetPort: 1883 - name: mqttssl port: 8883 protocol: TCP targetPort: 8883 - name: mgmt port: 8081 protocol: TCP targetPort: 8081 - name: websocket port: 8083 protocol: TCP targetPort: 8083 - name: wss port: 8084 protocol: TCP targetPort: 8084 - name: dashboard port: 18083 protocol: TCP targetPort: 18083 - name: ekka port: 4370 protocol: TCP targetPort: 4370