zeaslity/CmiiDeploy
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
main
CmiiDeploy/999-部署模板/2.4.helm-emqx.yaml
zeaslity 9fc3372fa3 大量更新
2026-05-19 14:28:44 +08:00

303 lines
7.7 KiB
YAML
Raw Permalink Blame History

apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: helm-emqx
namespace: cq-fly-260311
labels:
cmii.type: middleware-base
cmii.app: helm-emqx
helm.sh/chart: all-persistence-volume-claims-1.1.0
app.kubernetes.io/version: 3.1.0
spec:
storageClassName: nfs-prod-distribute
accessModes:
- ReadWriteMany
volumeMode: Filesystem
resources:
requests:
storage: 20Gi
---
apiVersion: v1
kind: Service
metadata:
name: helm-emqx
namespace: cq-fly-260311
labels:
cmii.type: middleware
cmii.app: helm-emqx
cmii.emqx.architecture: standalone
helm.sh/chart: emqx-1.1.0
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/version: "3.1.0"
spec:
type: NodePort
selector:
cmii.type: middleware
cmii.app: helm-emqx
cmii.emqx.architecture: standalone
ports:
- port: 1883
name: mqtt
targetPort: 1883
nodePort: 31883
- port: 18083
name: dashboard
targetPort: 18083
nodePort: 38085
- port: 8083
name: mqtt-ws
targetPort: 8083
nodePort: 38083
- port: 8883
name: mqtt-ssl
targetPort: 8883
nodePort: 38883
- port: 8084
name: mqtt-ws-ssl
targetPort: 8084
nodePort: 38084
---
kind: ConfigMap
apiVersion: v1
metadata:
name: helm-emqx-emqx-conf
namespace: cq-fly-260311
data:
emqx.conf: |-
node {
name = "emqx@127.0.0.1"
role = core
cookie = "emqxsecretcookie"
data_dir = "data"
}
# cluster {
# name = emqxcl
# discovery_strategy = manual
# }
dashboard {
listeners {
http.bind = 18083
# https.bind = 18084
https {
ssl_options {
certfile = "${EMQX_ETC_DIR}/certs/cert.pem"
keyfile = "${EMQX_ETC_DIR}/certs/key.pem"
}
}
}
default_password="cmlc"
}
mqtt {
strict_mode = true
max_inflight = 1000
}
# 认证
authentication = [
{
use_jwks = false
algorithm = hmac-based
secret = "emqxsecretemqxsecretemqxsecretemqxsecret"
secret_base64_encoded = false
mechanism = jwt
verify_claims = {"clientid": "${clientid}"}
disconnect_after_expire = false
from = password
},
{
# 初始化内置数据库
backend = built_in_database
mechanism = password_based
# 密码加密sha256
password_hash_algorithm {name = sha256, salt_position = suffix}
user_id_type = username
bootstrap_file = "${EMQX_ETC_DIR}/auth-built-in-db-bootstrap.json"
bootstrap_type = plain
}
]
# 授权
authorization {
cache {
enable = true
excludes = []
max_size = 32
ttl = "1m"
}
deny_action = ignore
no_match = deny
sources = [
{
enable = true
path = "/opt/emqx/etc/acl.conf"
type = file
}
{
type = "built_in_database"
enable = true
}
]
}
log {
console {level = warning}
file {level = warning}
}
---
kind: ConfigMap
apiVersion: v1
metadata:
name: helm-emqx-auth-conf
namespace: cq-fly-260311
data:
auth-built-in-db-bootstrap.json: |-
[
{
"user_id": "cmlc",
"password": "odD8#Ve7.B",
"is_superuser": false
},
{
"user_id": "admin",
"password": "odD8#Ve7.B",
"is_superuser": true
}
]
---
kind: ConfigMap
apiVersion: v1
metadata:
name: helm-emqx-acl-conf
namespace: cq-fly-260311
data:
acl.conf: |
{allow, {username, {re, "^dashboard$"}}, subscribe, ["$SYS/#"]}.
{allow, {username, "cmlc"}, all, ["#"]}.
{allow, {ipaddr, "127.0.0.1"}, all, ["$SYS/#", "#"]}.
{deny, all, subscribe, ["$SYS/#", {eq, "#"}, {eq, "+/#"}]}.
{deny, all}.
---
# Source: outside-deploy/charts/all-middleware/charts/emqx/templates/standalone/statefulset.yaml
apiVersion: apps/v1
kind: StatefulSet
metadata:
name: helm-emqx
namespace: cq-fly-260311
labels:
cmii.type: middleware
cmii.app: helm-emqx
cmii.emqx.architecture: standalone
helm.sh/chart: emqx-1.1.0
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/version: "3.1.0"
spec:
serviceName: helm-emqx
replicas: 1
selector:
matchLabels:
cmii.type: middleware
cmii.app: helm-emqx
cmii.emqx.architecture: standalone
template:
metadata:
labels:
cmii.type: middleware
cmii.app: helm-emqx
cmii.emqx.architecture: standalone
helm.sh/chart: emqx-1.1.0
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/version: "3.1.0"
annotations:
pod.alpha.kubernetes.io/initialized: "true"
spec:
imagePullSecrets:
- name: harborsecret
affinity:
nodeAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
nodeSelectorTerms:
- matchExpressions:
- key: uavcloud.env
operator: In
values:
- "cq-fly-260311"
containers:
- name: helm-emqx
image: "chongqingshcis-a189ec98.ecis.chongqing-1.cmecloud.cn/cmii/emqx:5.8.8"
securityContext:
privileged: true
resources:
limits:
cpu: "1"
memory: 2Gi
requests:
cpu: 300m
memory: 1Gi
ports:
- containerPort: 1883
name: mqtt
protocol: TCP
- containerPort: 18083
name: dashboard
protocol: TCP
- containerPort: 8083
name: mqtt-ws
protocol: TCP
- containerPort: 8883
name: mqtt-ssl
protocol: TCP
- containerPort: 8084
name: mqtt-ws-ssl
protocol: TCP
env:
- name: EMQX_NODE__NAME
value: emqx@helm-emqx-0.helm-emqx.cq-fly-260311.svc.cluster.local
- name: EMQX_NODE__COOKIE
value: emqxsecretcookie
volumeMounts:
- name: helm-emqx-acl-conf
mountPath: /opt/emqx/etc/acl.conf
subPath: acl.conf
- name: helm-emqx-auth-conf
mountPath: /opt/emqx/etc/auth-built-in-db-bootstrap.json
subPath: auth-built-in-db-bootstrap.json
- name: helm-emqx-emqx-conf
mountPath: /opt/emqx/etc/emqx.conf
subPath: emqx.conf
- name: emqx-data
mountPath: /opt/emqx/log
subPath: default/helm-emqx/log
- name: emqx-data
mountPath: /opt/emqx/data/emqx_erl_pipes
subPath: default/helm-emqx/data
- name: emqx-data
mountPath: /opt/emqx/data/mnesia
subPath: default/helm-emqx/mnesia
- name: emqx-data
mountPath: /opt/emqx/data/configs
subPath: default/helm-emqx/configs
volumes:
- name: emqx-data
persistentVolumeClaim:
claimName: helm-emqx
- name: helm-emqx-acl-conf
configMap:
name: helm-emqx-acl-conf
items:
- key: acl.conf
path: acl.conf
- name: helm-emqx-auth-conf
configMap:
name: helm-emqx-auth-conf
items:
- key: auth-built-in-db-bootstrap.json
path: auth-built-in-db-bootstrap.json
- name: helm-emqx-emqx-conf
configMap:
name: helm-emqx-emqx-conf
items:
- key: emqx.conf
path: emqx.conf
Reference in New Issue View Git Blame Copy Permalink