Merge pull request #12246 from id/0102-docker-do-not-expose-11883

chore: do not expose 11883 by default in docker as we do not listen on it

Dockerfile.ubuntu20.04.runner

@@ -30,11 +30,10 @@ VOLUME ["/opt/emqx/log", "/opt/emqx/data"]
 # - 8083 for WebSocket/HTTP
 # - 8084 for WSS/HTTPS
 # - 8883 port for MQTT(SSL)
-# - 11883 port for internal MQTT/TCP
 # - 18083 for dashboard and API
 # - 4370 default Erlang distrbution port
 # - 5369 for backplain gen_rpc
-EXPOSE 1883 8083 8084 8883 11883 18083 4370 5369
+EXPOSE 1883 8083 8084 8883 18083 4370 5369
 
 ENTRYPOINT ["/usr/bin/docker-entrypoint.sh"]
 

changes/ee/fix-12246.en.md

@@ -0,0 +1 @@
+Do not expose 11883 port by default in docker and remove it from helm chart since this port is no longer in use.

deploy/charts/emqx-enterprise/templates/StatefulSet.yaml

@@ -111,10 +111,6 @@ spec:
             containerPort: {{ .Values.emqxConfig.EMQX_LISTENERS__WSS__DEFAULT__BIND | default 8084 }}
           - name: dashboard
             containerPort: {{ .Values.emqxConfig.EMQX_DASHBOARD__LISTENER__HTTP__BIND | default 18083 }}
-          {{- if not (empty .Values.emqxConfig.EMQX_LISTENERS__TCP__INTERNAL__BIND) }}
-          - name: internalmqtt
-            containerPort: {{ .Values.emqxConfig.EMQX_LISTENERS__TCP__INTERNAL__BIND }}
-          {{- end }}
           {{- if not (empty .Values.emqxConfig.EMQX_DASHBOARD__LISTENER__HTTPS__BIND) }}
           - name: dashboardtls
             containerPort: {{ .Values.emqxConfig.EMQX_DASHBOARD__LISTENER__HTTPS__BIND }}

deploy/charts/emqx-enterprise/templates/service.yaml

@@ -41,17 +41,6 @@ spec:
     {{- else if eq .Values.service.type "ClusterIP" }}
     nodePort: null
     {{- end }}
-    {{- if not (empty .Values.emqxConfig.EMQX_LISTENERS__TCP__INTERNAL__BIND) }}
-  - name: internalmqtt
-    port: {{ .Values.service.internalmqtt | default 11883 }}
-    protocol: TCP
-    targetPort: internalmqtt
-    {{- if and (or (eq .Values.service.type "NodePort") (eq .Values.service.type "LoadBalancer")) (not (empty .Values.service.nodePorts.internalmqtt)) }}
-    nodePort: {{ .Values.service.nodePorts.internalmqtt }}
-    {{- else if eq .Values.service.type "ClusterIP" }}
-    nodePort: null
-    {{- end }}
-    {{ end }}
   - name: mqttssl
     port: {{ .Values.service.mqttssl | default 8883 }}
     protocol: TCP
@@ -124,12 +113,6 @@ spec:
     port: {{ .Values.service.mqtt | default 1883 }}
     protocol: TCP
     targetPort: mqtt
-    {{- if not (empty .Values.emqxConfig.EMQX_LISTENERS__TCP__INTERNAL__BIND) }}
-  - name: internalmqtt
-    port: {{ .Values.service.internalmqtt | default 11883 }}
-    protocol: TCP
-    targetPort: internalmqtt
-    {{ end }}
   - name: mqttssl
     port: {{ .Values.service.mqttssl | default 8883 }}
     protocol: TCP

deploy/charts/emqx/templates/StatefulSet.yaml

@@ -111,10 +111,6 @@ spec:
             containerPort: {{ .Values.emqxConfig.EMQX_LISTENERS__WSS__DEFAULT__BIND | default 8084 }}
           - name: dashboard
             containerPort: {{ .Values.emqxConfig.EMQX_DASHBOARD__LISTENERS__HTTP__BIND | default 18083 }}
-          {{- if not (empty .Values.emqxConfig.EMQX_LISTENERS__TCP__INTERNAL__BIND) }}
-          - name: internalmqtt
-            containerPort: {{ .Values.emqxConfig.EMQX_LISTENERS__TCP__INTERNAL__BIND }}
-          {{- end }}
           {{- if not (empty .Values.emqxConfig.EMQX_DASHBOARD__LISTENERS__HTTPS__BIND) }}
           - name: dashboardtls
             containerPort: {{ .Values.emqxConfig.EMQX_DASHBOARD__LISTENERS__HTTPS__BIND }}

deploy/charts/emqx/templates/service.yaml

@@ -41,17 +41,6 @@ spec:
     {{- else if eq .Values.service.type "ClusterIP" }}
     nodePort: null
     {{- end }}
-    {{- if not (empty .Values.emqxConfig.EMQX_LISTENERS__TCP__INTERNAL__BIND) }}
-  - name: internalmqtt
-    port: {{ .Values.service.internalmqtt | default 11883 }}
-    protocol: TCP
-    targetPort: internalmqtt
-    {{- if and (or (eq .Values.service.type "NodePort") (eq .Values.service.type "LoadBalancer")) (not (empty .Values.service.nodePorts.internalmqtt)) }}
-    nodePort: {{ .Values.service.nodePorts.internalmqtt }}
-    {{- else if eq .Values.service.type "ClusterIP" }}
-    nodePort: null
-    {{- end }}
-    {{ end }}
   - name: mqttssl
     port: {{ .Values.service.mqttssl | default 8883 }}
     protocol: TCP
@@ -124,12 +113,6 @@ spec:
     port: {{ .Values.service.mqtt | default 1883 }}
     protocol: TCP
     targetPort: mqtt
-    {{- if not (empty .Values.emqxConfig.EMQX_LISTENERS__TCP__INTERNAL__BIND) }}
-  - name: internalmqtt
-    port: {{ .Values.service.internalmqtt | default 11883 }}
-    protocol: TCP
-    targetPort: internalmqtt
-    {{ end }}
   - name: mqttssl
     port: {{ .Values.service.mqttssl | default 8883 }}
     protocol: TCP

deploy/docker/Dockerfile

@@ -64,11 +64,10 @@ VOLUME ["/opt/emqx/log", "/opt/emqx/data"]
 # - 8083 for WebSocket/HTTP
 # - 8084 for WSS/HTTPS
 # - 8883 port for MQTT(SSL)
-# - 11883 port for internal MQTT/TCP
 # - 18083 for dashboard and API
 # - 4370 default Erlang distribution port
 # - 5369 for backplane gen_rpc
-EXPOSE 1883 8083 8084 8883 11883 18083 4370 5369
+EXPOSE 1883 8083 8084 8883 18083 4370 5369
 
 ENTRYPOINT ["/usr/bin/docker-entrypoint.sh"]