apiVersion: v1 kind: PersistentVolumeClaim metadata: name: helm-emqx namespace: cq-fly-260311 labels: cmii.type: middleware-base cmii.app: helm-emqx helm.sh/chart: all-persistence-volume-claims-1.1.0 app.kubernetes.io/version: 3.1.0 spec: storageClassName: nfs-prod-distribute accessModes: - ReadWriteMany volumeMode: Filesystem resources: requests: storage: 20Gi --- apiVersion: v1 kind: Service metadata: name: helm-emqx namespace: cq-fly-260311 labels: cmii.type: middleware cmii.app: helm-emqx cmii.emqx.architecture: standalone helm.sh/chart: emqx-1.1.0 app.kubernetes.io/managed-by: Helm app.kubernetes.io/version: "3.1.0" spec: type: NodePort selector: cmii.type: middleware cmii.app: helm-emqx cmii.emqx.architecture: standalone ports: - port: 1883 name: mqtt targetPort: 1883 nodePort: 31883 - port: 18083 name: dashboard targetPort: 18083 nodePort: 38085 - port: 8083 name: mqtt-ws targetPort: 8083 nodePort: 38083 - port: 8883 name: mqtt-ssl targetPort: 8883 nodePort: 38883 - port: 8084 name: mqtt-ws-ssl targetPort: 8084 nodePort: 38084 --- kind: ConfigMap apiVersion: v1 metadata: name: helm-emqx-emqx-conf namespace: cq-fly-260311 data: emqx.conf: |- node { name = "emqx@127.0.0.1" role = core cookie = "emqxsecretcookie" data_dir = "data" } # cluster { # name = emqxcl # discovery_strategy = manual # } dashboard { listeners { http.bind = 18083 # https.bind = 18084 https { ssl_options { certfile = "${EMQX_ETC_DIR}/certs/cert.pem" keyfile = "${EMQX_ETC_DIR}/certs/key.pem" } } } default_password="cmlc" } mqtt { strict_mode = true max_inflight = 1000 } # 认证 authentication = [ { use_jwks = false algorithm = hmac-based secret = "emqxsecretemqxsecretemqxsecretemqxsecret" secret_base64_encoded = false mechanism = jwt verify_claims = {"clientid": "${clientid}"} disconnect_after_expire = false from = password }, { # 初始化内置数据库 backend = built_in_database mechanism = password_based # 密码加密sha256 password_hash_algorithm {name = sha256, salt_position = suffix} user_id_type = username bootstrap_file = "${EMQX_ETC_DIR}/auth-built-in-db-bootstrap.json" bootstrap_type = plain } ] # 授权 authorization { cache { enable = true excludes = [] max_size = 32 ttl = "1m" } deny_action = ignore no_match = deny sources = [ { enable = true path = "/opt/emqx/etc/acl.conf" type = file } { type = "built_in_database" enable = true } ] } log { console {level = warning} file {level = warning} } --- kind: ConfigMap apiVersion: v1 metadata: name: helm-emqx-auth-conf namespace: cq-fly-260311 data: auth-built-in-db-bootstrap.json: |- [ { "user_id": "cmlc", "password": "odD8#Ve7.B", "is_superuser": false }, { "user_id": "admin", "password": "odD8#Ve7.B", "is_superuser": true } ] --- kind: ConfigMap apiVersion: v1 metadata: name: helm-emqx-acl-conf namespace: cq-fly-260311 data: acl.conf: | {allow, {username, {re, "^dashboard$"}}, subscribe, ["$SYS/#"]}. {allow, {username, "cmlc"}, all, ["#"]}. {allow, {ipaddr, "127.0.0.1"}, all, ["$SYS/#", "#"]}. {deny, all, subscribe, ["$SYS/#", {eq, "#"}, {eq, "+/#"}]}. {deny, all}. --- # Source: outside-deploy/charts/all-middleware/charts/emqx/templates/standalone/statefulset.yaml apiVersion: apps/v1 kind: StatefulSet metadata: name: helm-emqx namespace: cq-fly-260311 labels: cmii.type: middleware cmii.app: helm-emqx cmii.emqx.architecture: standalone helm.sh/chart: emqx-1.1.0 app.kubernetes.io/managed-by: Helm app.kubernetes.io/version: "3.1.0" spec: serviceName: helm-emqx replicas: 1 selector: matchLabels: cmii.type: middleware cmii.app: helm-emqx cmii.emqx.architecture: standalone template: metadata: labels: cmii.type: middleware cmii.app: helm-emqx cmii.emqx.architecture: standalone helm.sh/chart: emqx-1.1.0 app.kubernetes.io/managed-by: Helm app.kubernetes.io/version: "3.1.0" annotations: pod.alpha.kubernetes.io/initialized: "true" spec: imagePullSecrets: - name: harborsecret affinity: nodeAffinity: requiredDuringSchedulingIgnoredDuringExecution: nodeSelectorTerms: - matchExpressions: - key: uavcloud.env operator: In values: - "cq-fly-260311" containers: - name: helm-emqx image: "chongqingshcis-a189ec98.ecis.chongqing-1.cmecloud.cn/cmii/emqx:5.8.8" securityContext: privileged: true resources: limits: cpu: "1" memory: 2Gi requests: cpu: 300m memory: 1Gi ports: - containerPort: 1883 name: mqtt protocol: TCP - containerPort: 18083 name: dashboard protocol: TCP - containerPort: 8083 name: mqtt-ws protocol: TCP - containerPort: 8883 name: mqtt-ssl protocol: TCP - containerPort: 8084 name: mqtt-ws-ssl protocol: TCP env: - name: EMQX_NODE__NAME value: emqx@helm-emqx-0.helm-emqx.cq-fly-260311.svc.cluster.local - name: EMQX_NODE__COOKIE value: emqxsecretcookie volumeMounts: - name: helm-emqx-acl-conf mountPath: /opt/emqx/etc/acl.conf subPath: acl.conf - name: helm-emqx-auth-conf mountPath: /opt/emqx/etc/auth-built-in-db-bootstrap.json subPath: auth-built-in-db-bootstrap.json - name: helm-emqx-emqx-conf mountPath: /opt/emqx/etc/emqx.conf subPath: emqx.conf - name: emqx-data mountPath: /opt/emqx/log subPath: default/helm-emqx/log - name: emqx-data mountPath: /opt/emqx/data/emqx_erl_pipes subPath: default/helm-emqx/data - name: emqx-data mountPath: /opt/emqx/data/mnesia subPath: default/helm-emqx/mnesia - name: emqx-data mountPath: /opt/emqx/data/configs subPath: default/helm-emqx/configs volumes: - name: emqx-data persistentVolumeClaim: claimName: helm-emqx - name: helm-emqx-acl-conf configMap: name: helm-emqx-acl-conf items: - key: acl.conf path: acl.conf - name: helm-emqx-auth-conf configMap: name: helm-emqx-auth-conf items: - key: auth-built-in-db-bootstrap.json path: auth-built-in-db-bootstrap.json - name: helm-emqx-emqx-conf configMap: name: helm-emqx-emqx-conf items: - key: emqx.conf path: emqx.conf