Home Explore Help
Sign In
kennyh
/
emqx4.3
1
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Browse Source

Merge pull request #9528 from Rory-Z/release-50

chore: helm chart support externalTrafficPolicy
Rory 3 years ago
parent
c2eabfe5f7 b3aa3ac360
commit
faafeba2cd
8 changed files with 136 additions and 112 deletions
Unified View Show Diff Stats
  1. 2 0
      changes/v5.0.12-en.md
  2. 2 0
      changes/v5.0.12-zh.md
  3. 57 56
      deploy/charts/emqx-enterprise/README.md
  4. 3 0
      deploy/charts/emqx-enterprise/templates/service.yaml
  5. 6 0
      deploy/charts/emqx-enterprise/values.yaml
  6. 57 56
      deploy/charts/emqx/README.md
  7. 3 0
      deploy/charts/emqx/templates/service.yaml
  8. 6 0
      deploy/charts/emqx/values.yaml

+ 2 - 0
changes/v5.0.12-en.md
View File 

@@ -32,6 +32,8 @@ Please note, the request body of `/bridges` API to configure MQTT brdige is chan
 
 
 
 - Upgrade dashboard to [v1.1.3](https://github.com/emqx/emqx-dashboard-web-new/releases/tag/v1.1.3).
 
 - Upgrade dashboard to [v1.1.3](https://github.com/emqx/emqx-dashboard-web-new/releases/tag/v1.1.3).
 
 
 
+- Users can define the `externalTrafficPolicy` of service in EMQX Helm Chart [#9527](https://github.com/emqx/emqx/pull/9527).
 
+
 
 ## Bug fixes
 
 ## Bug fixes
 
 
 
 - Fix that the obsolete SSL files aren't deleted after the ExHook config update [#9432](https://github.com/emqx/emqx/pull/9432).
 
 - Fix that the obsolete SSL files aren't deleted after the ExHook config update [#9432](https://github.com/emqx/emqx/pull/9432).

+ 2 - 0
changes/v5.0.12-zh.md
View File 

@@ -31,6 +31,8 @@ v5.0.11 或更早版本创建的配置文件,在新版本中会被自动转换
 
 
 
 - Dashboard 更新到 [v1.1.3](https://github.com/emqx/emqx-dashboard-web-new/releases/tag/v1.1.3)。
 
 - Dashboard 更新到 [v1.1.3](https://github.com/emqx/emqx-dashboard-web-new/releases/tag/v1.1.3)。
 
 
 
+- 用户可以在 EMQX Helm Chart 中自定义 service 资源的 `externalTrafficPolicy` [#9527](https://github.com/emqx/emqx/pull/9527)。
 
+
 
 ## 修复
 
 ## 修复
 
 
 
 - 修复 ExHook 更新 SSL 相关配置后,过时的 SSL 文件没有被删除的问题 [#9432](https://github.com/emqx/emqx/pull/9432)。
 
 - 修复 ExHook 更新 SSL 相关配置后,过时的 SSL 文件没有被删除的问题 [#9432](https://github.com/emqx/emqx/pull/9432)。

+ 57 - 56
deploy/charts/emqx-enterprise/README.md
View File 

@@ -37,63 +37,64 @@ $ helm del  my-emqx
 
 
 
 The following table lists the configurable parameters of the emqx chart and their default values.
 
 The following table lists the configurable parameters of the emqx chart and their default values.
 
 
 
-| Parameter                            | Description                                                                                                                                                  | Default Value                                           |
 
+| Parameter | Description | Default Value |
 
 |--------------------------------------|--------------------------------------------------------------------------------------------------------------------------------------------------------------|---------------------------------------------------------|
 
 |--------------------------------------|--------------------------------------------------------------------------------------------------------------------------------------------------------------|---------------------------------------------------------|
 
-| `replicaCount`                       | It is recommended to have odd number of nodes in a cluster, otherwise the emqx cluster cannot be automatically healed in case of net-split.                  | 3                                                       |
 
-| `image.repository`                   | EMQX Image name                                                                                                                                              | emqx/emqx                                               |
 
-| `image.pullPolicy`                   | The image pull policy                                                                                                                                        | IfNotPresent                                            |
 
-| `image.pullSecrets `                 | The image pull secrets                                                                                                                                       | `[]` (does not add image pull secrets to deployed pods) |
 
-| `envFromSecret`                      | The name pull a secret in the same kubernetes namespace which contains values that will be added to the environment                                          | nil                                                     |
 
-| `recreatePods`                       | Forces the recreation of pods during upgrades, which can be useful to always apply the most recent configuration.                                            | false                                                   |
 
-| `podAnnotations `                    | Annotations for pod                                                                                                                                          | `{}`                                                    |
 
-| `podManagementPolicy`                | To redeploy a chart with existing PVC(s), the value must be set to Parallel to avoid deadlock                                                                | `Parallel`                                              |
 
-| `persistence.enabled`                | Enable EMQX persistence using PVC                                                                                                                            | false                                                   |
 
-| `persistence.storageClass`           | Storage class of backing PVC                                                                                                                                 | `nil` (uses alpha storage class annotation)             |
 
-| `persistence.existingClaim`          | EMQX data Persistent Volume existing claim name, evaluated as a template                                                                                     | ""                                                      |
 
-| `persistence.accessMode`             | PVC Access Mode for EMQX volume                                                                                                                              | ReadWriteOnce                                           |
 
-| `persistence.size`                   | PVC Storage Request for EMQX volume                                                                                                                          | 20Mi                                                    |
 
-| `initContainers`                     | Containers that run before the creation of EMQX containers. They can contain utilities or setup scripts.                                                     | `{}`                                                    |
 
-| `resources`                          | CPU/Memory resource requests/limits                                                                                                                          | {}                                                      |
 
-| `nodeSelector`                       | Node labels for pod assignment                                                                                                                               | `{}`                                                    |
 
-| `tolerations`                        | Toleration labels for pod assignment                                                                                                                         | `[]`                                                    |
 
-| `affinity`                           | Map of node/pod affinities                                                                                                                                   | `{}`                                                    |
 
-| `service.type`                       | Kubernetes Service type.                                                                                                                                     | ClusterIP                                               |
 
-| `service.mqtt`                       | Port for MQTT.                                                                                                                                               | 1883                                                    |
 
-| `service.mqttssl`                    | Port for MQTT(SSL).                                                                                                                                          | 8883                                                    |
 
-| `service.ws`                         | Port for WebSocket/HTTP.                                                                                                                                     | 8083                                                    |
 
-| `service.wss`                        | Port for WSS/HTTPS.                                                                                                                                          | 8084                                                    |
 
-| `service.dashboard`                  | Port for dashboard and API.                                                                                                                                  | 18083                                                   |
 
-| `service.nodePorts.mqtt`             | Kubernetes node port for MQTT.                                                                                                                               | nil                                                     |
 
-| `service.nodePorts.mqttssl`          | Kubernetes node port for MQTT(SSL).                                                                                                                          | nil                                                     |
 
-| `service.nodePorts.mgmt`             | Kubernetes node port for mgmt API.                                                                                                                           | nil                                                     |
 
-| `service.nodePorts.ws`               | Kubernetes node port for WebSocket/HTTP.                                                                                                                     | nil                                                     |
 
-| `service.nodePorts.wss`              | Kubernetes node port for WSS/HTTPS.                                                                                                                          | nil                                                     |
 
-| `service.nodePorts.dashboard`        | Kubernetes node port for dashboard.                                                                                                                          | nil                                                     |
 
-| `service.loadBalancerIP`             | loadBalancerIP for Service                                                                                                                                   | nil                                                     |
 
-| `service.loadBalancerSourceRanges`   | Address(es) that are allowed when service is LoadBalancer                                                                                                    | []                                                      |
 
-| `service.externalIPs`                | ExternalIPs for the service                                                                                                                                  | []                                                      |
 
-| `service.annotations`                | Service annotations                                                                                                                                          | {}(evaluated as a template)                             |
 
-| `ingress.dashboard.enabled`          | Enable ingress for EMQX Dashboard                                                                                                                            | false                                                   |
 
-| `ingress.dashboard.ingressClassName` | Set the ingress class for EMQX Dashboard                                                                                                                     |                                                         |
 
-| `ingress.dashboard.path`             | Ingress path for EMQX Dashboard                                                                                                                              | /                                                       |
 
-| `ingress.dashboard.pathType`         | Ingress pathType for EMQX Dashboard                                                                                                                          | `ImplementationSpecific`                                |
 
-| `ingress.dashboard.hosts`            | Ingress hosts for EMQX Mgmt API                                                                                                                              | dashboard.emqx.local                                    |
 
-| `ingress.dashboard.tls`              | Ingress tls for EMQX Mgmt API                                                                                                                                | []                                                      |
 
-| `ingress.dashboard.annotations`      | Ingress annotations for EMQX Mgmt API                                                                                                                        | {}                                                      |
 
-| `ingress.mgmt.enabled`               | Enable ingress for EMQX Mgmt API                                                                                                                             | false                                                   |
 
-| `ingress.dashboard.ingressClassName` | Set the ingress class for EMQX Mgmt API                                                                                                                      |                                                         |
 
-| `ingress.mgmt.path`                  | Ingress path for EMQX Mgmt API                                                                                                                               | /                                                       |
 
-| `ingress.mgmt.hosts`                 | Ingress hosts for EMQX Mgmt API                                                                                                                              | api.emqx.local                                          |
 
-| `ingress.mgmt.tls`                   | Ingress tls for EMQX Mgmt API                                                                                                                                | []                                                      |
 
-| `ingress.mgmt.annotations`           | Ingress annotations for EMQX Mgmt API                                                                                                                        | {}                                                      |
 
-| `metrics.enable`                     | If set to true, [prometheus-operator](https://github.com/prometheus-operator/prometheus-operator) needs to be installed, and emqx_prometheus needs to enable | false                                                   |
 
-| `metrics.type`                       | Now we only supported "prometheus"                                                                                                                           | "prometheus"                                            |
 
-| `ssl.enabled`                        | Enable SSL support                                                                                                                                           | false                                                   |
 
-| `ssl.useExisting`                    | Use existing certificate or let cert-manager generate one                                                                                                    | false                                                   |
 
-| `ssl.existingName`                   | Name of existing certificate                                                                                                                                 | emqx-tls                                                |
 
-| `ssl.dnsnames`                       | DNS name(s) for certificate to be generated                                                                                                                  | {}                                                      |
 
-| `ssl.issuer.name`                    | Issuer name for certificate generation                                                                                                                       | letsencrypt-dns                                         |
 
-| `ssl.issuer.kind`                    | Issuer kind for certificate generation                                                                                                                       | ClusterIssuer                                           |
 
+| `replicaCount` | It is recommended to have odd number of nodes in a cluster, otherwise the emqx cluster cannot be automatically healed in case of net-split. | 3 |
 
+| `image.repository` | EMQX Image name | `emqx/emqx-enterprise` |
 
+| `image.pullPolicy` | The image pull policy | IfNotPresent |
 
+| `image.pullSecrets ` | The image pull secrets | `[]` (does not add image pull secrets to deployed pods) |
 
+| `envFromSecret` | The name pull a secret in the same kubernetes namespace which contains values that will be added to the environment | nil |
 
+| `recreatePods` | Forces the recreation of pods during upgrades, which can be useful to always apply the most recent configuration. | false |
 
+| `podAnnotations ` | Annotations for pod | `{}` |
 
+| `podManagementPolicy` | To redeploy a chart with existing PVC(s), the value must be set to Parallel to avoid deadlock | `Parallel` |
 
+| `persistence.enabled` | Enable EMQX persistence using PVC | false |
 
+| `persistence.storageClass` | Storage class of backing PVC | `nil` (uses alpha storage class annotation) |
 
+| `persistence.existingClaim` | EMQX data Persistent Volume existing claim name, evaluated as a template | "" |
 
+| `persistence.accessMode` | PVC Access Mode for EMQX volume | ReadWriteOnce |
 
+| `persistence.size` | PVC Storage Request for EMQX volume | 20Mi |
 
+| `initContainers` | Containers that run before the creation of EMQX containers. They can contain utilities or setup scripts. | `{}` |
 
+| `resources` | CPU/Memory resource requests/limits | {} |
 
+| `nodeSelector` | Node labels for pod assignment | `{}` |
 
+| `tolerations` | Toleration labels for pod assignment | `[]` |
 
+| `affinity` | Map of node/pod affinities | `{}` |
 
+| `service.type` | Kubernetes Service type. | ClusterIP |
 
+| `service.mqtt` | Port for MQTT. | 1883 |
 
+| `service.mqttssl` | Port for MQTT(SSL). | 8883 |
 
+| `service.ws` | Port for WebSocket/HTTP. | 8083 |
 
+| `service.wss` | Port for WSS/HTTPS. | 8084 |
 
+| `service.dashboard` | Port for dashboard and API. | 18083 |
 
+| `service.nodePorts.mqtt` | Kubernetes node port for MQTT. | nil |
 
+| `service.nodePorts.mqttssl` | Kubernetes node port for MQTT(SSL). | nil |
 
+| `service.nodePorts.mgmt` | Kubernetes node port for mgmt API. | nil |
 
+| `service.nodePorts.ws` | Kubernetes node port for WebSocket/HTTP. | nil |
 
+| `service.nodePorts.wss` | Kubernetes node port for WSS/HTTPS. | nil |
 
+| `service.nodePorts.dashboard` | Kubernetes node port for dashboard. | nil |
 
+| `service.loadBalancerIP` | loadBalancerIP for Service | nil |
 
+| `service.loadBalancerSourceRanges` | Address(es) that are allowed when service is LoadBalancer | [] |
 
+| `service.externalIPs` | ExternalIPs for the service | [] |
 
+`service.externalTrafficPolicy` |	External Traffic Policy for the service |	`Cluster`
 
+| `service.annotations` | Service annotations | {}(evaluated as a template) |
 
+| `ingress.dashboard.enabled` | Enable ingress for EMQX Dashboard | false |
 
+| `ingress.dashboard.ingressClassName` | Set the ingress class for EMQX Dashboard | |
 
+| `ingress.dashboard.path` | Ingress path for EMQX Dashboard | / |
 
+| `ingress.dashboard.pathType` | Ingress pathType for EMQX Dashboard | `ImplementationSpecific` |
 
+| `ingress.dashboard.hosts` | Ingress hosts for EMQX Mgmt API | dashboard.emqx.local |
 
+| `ingress.dashboard.tls` | Ingress tls for EMQX Mgmt API | [] |
 
+| `ingress.dashboard.annotations` | Ingress annotations for EMQX Mgmt API | {} |
 
+| `ingress.mgmt.enabled` | Enable ingress for EMQX Mgmt API | false |
 
+| `ingress.dashboard.ingressClassName` | Set the ingress class for EMQX Mgmt API | |
 
+| `ingress.mgmt.path` | Ingress path for EMQX Mgmt API | / |
 
+| `ingress.mgmt.hosts` | Ingress hosts for EMQX Mgmt API | api.emqx.local |
 
+| `ingress.mgmt.tls` | Ingress tls for EMQX Mgmt API | [] |
 
+| `ingress.mgmt.annotations` | Ingress annotations for EMQX Mgmt API | {} |
 
+| `metrics.enable` | If set to true, [prometheus-operator](https://github.com/prometheus-operator/prometheus-operator) needs to be installed, and emqx_prometheus needs to enable | false |
 
+| `metrics.type` | Now we only supported "prometheus" | "prometheus" |
 
+| `ssl.enabled` | Enable SSL support | false |
 
+| `ssl.useExisting` | Use existing certificate or let cert-manager generate one | false |
 
+| `ssl.existingName` | Name of existing certificate | emqx-tls |
 
+| `ssl.dnsnames` | DNS name(s) for certificate to be generated | {} |
 
+| `ssl.issuer.name` | Issuer name for certificate generation | letsencrypt-dns |
 
+| `ssl.issuer.kind` | Issuer kind for certificate generation | ClusterIssuer |
 
 
 
 ## EMQX specific settings
 
 ## EMQX specific settings

+ 3 - 0
deploy/charts/emqx-enterprise/templates/service.yaml
View File 

@@ -14,6 +14,9 @@ metadata:
 
   {{- end }}
 
   {{- end }}
 
 spec:
 
 spec:
 
   type: {{ .Values.service.type }}
 
   type: {{ .Values.service.type }}
 
+  {{- if or (eq .Values.service.type "LoadBalancer") (eq .Values.service.type "NodePort") }}
 
+  externalTrafficPolicy: {{ .Values.service.externalTrafficPolicy | default "Cluster" }}
 
+  {{- end }}
 
   {{- if eq .Values.service.type "LoadBalancer" }}
 
   {{- if eq .Values.service.type "LoadBalancer" }}
 
   {{- if .Values.service.loadBalancerIP }}
 
   {{- if .Values.service.loadBalancerIP }}
 
   loadBalancerIP: {{ .Values.service.loadBalancerIP }}
 
   loadBalancerIP: {{ .Values.service.loadBalancerIP }}

+ 6 - 0
deploy/charts/emqx-enterprise/values.yaml
View File 

@@ -149,6 +149,12 @@ service:
 
   ## Set the ExternalIPs
 
   ## Set the ExternalIPs
 
   ##
 
   ##
 
   externalIPs: []
 
   externalIPs: []
 
+  ## Denotes if this Service desires to route external traffic to node-local or cluster-wide endpoints.
 
+  ## There are two available options: Cluster (default) and Local.
 
+  ## Cluster obscures the client source IP and may cause a second hop to another node, but should have good overall load-spreading.
 
+  ## Local preserves the client source IP and avoids a second hop for LoadBalancer and NodePort type Services, but risks potentially imbalanced traffic spreading.
 
+  ##
 
+  externalTrafficPolicy: "Cluster"
 
   ## Provide any additional annotations which may be required. Evaluated as a template
 
   ## Provide any additional annotations which may be required. Evaluated as a template
 
   ##
 
   ##
 
   annotations: {}
 
   annotations: {}

+ 57 - 56
deploy/charts/emqx/README.md
View File 

@@ -37,63 +37,64 @@ $ helm del  my-emqx
 
 
 
 The following table lists the configurable parameters of the emqx chart and their default values.
 
 The following table lists the configurable parameters of the emqx chart and their default values.
 
 
 
-| Parameter                            | Description                                                                                                                                                  | Default Value                                           |
 
+| Parameter | Description | Default Value |
 
 |--------------------------------------|--------------------------------------------------------------------------------------------------------------------------------------------------------------|---------------------------------------------------------|
 
 |--------------------------------------|--------------------------------------------------------------------------------------------------------------------------------------------------------------|---------------------------------------------------------|
 
-| `replicaCount`                       | It is recommended to have odd number of nodes in a cluster, otherwise the emqx cluster cannot be automatically healed in case of net-split.                  | 3                                                       |
 
-| `image.repository`                   | EMQX Image name                                                                                                                                              | emqx/emqx                                               |
 
-| `image.pullPolicy`                   | The image pull policy                                                                                                                                        | IfNotPresent                                            |
 
-| `image.pullSecrets `                 | The image pull secrets                                                                                                                                       | `[]` (does not add image pull secrets to deployed pods) |
 
-| `envFromSecret`                      | The name pull a secret in the same kubernetes namespace which contains values that will be added to the environment                                          | nil                                                     |
 
-| `recreatePods`                       | Forces the recreation of pods during upgrades, which can be useful to always apply the most recent configuration.                                            | false                                                   |
 
-| `podAnnotations `                    | Annotations for pod                                                                                                                                          | `{}`                                                    |
 
-| `podManagementPolicy`                | To redeploy a chart with existing PVC(s), the value must be set to Parallel to avoid deadlock                                                                | `Parallel`                                              |
 
-| `persistence.enabled`                | Enable EMQX persistence using PVC                                                                                                                            | false                                                   |
 
-| `persistence.storageClass`           | Storage class of backing PVC                                                                                                                                 | `nil` (uses alpha storage class annotation)             |
 
-| `persistence.existingClaim`          | EMQX data Persistent Volume existing claim name, evaluated as a template                                                                                     | ""                                                      |
 
-| `persistence.accessMode`             | PVC Access Mode for EMQX volume                                                                                                                              | ReadWriteOnce                                           |
 
-| `persistence.size`                   | PVC Storage Request for EMQX volume                                                                                                                          | 20Mi                                                    |
 
-| `initContainers`                     | Containers that run before the creation of EMQX containers. They can contain utilities or setup scripts.                                                     | `{}`                                                    |
 
-| `resources`                          | CPU/Memory resource requests/limits                                                                                                                          | {}                                                      |
 
-| `nodeSelector`                       | Node labels for pod assignment                                                                                                                               | `{}`                                                    |
 
-| `tolerations`                        | Toleration labels for pod assignment                                                                                                                         | `[]`                                                    |
 
-| `affinity`                           | Map of node/pod affinities                                                                                                                                   | `{}`                                                    |
 
-| `service.type`                       | Kubernetes Service type.                                                                                                                                     | ClusterIP                                               |
 
-| `service.mqtt`                       | Port for MQTT.                                                                                                                                               | 1883                                                    |
 
-| `service.mqttssl`                    | Port for MQTT(SSL).                                                                                                                                          | 8883                                                    |
 
-| `service.ws`                         | Port for WebSocket/HTTP.                                                                                                                                     | 8083                                                    |
 
-| `service.wss`                        | Port for WSS/HTTPS.                                                                                                                                          | 8084                                                    |
 
-| `service.dashboard`                  | Port for dashboard and API.                                                                                                                                  | 18083                                                   |
 
-| `service.nodePorts.mqtt`             | Kubernetes node port for MQTT.                                                                                                                               | nil                                                     |
 
-| `service.nodePorts.mqttssl`          | Kubernetes node port for MQTT(SSL).                                                                                                                          | nil                                                     |
 
-| `service.nodePorts.mgmt`             | Kubernetes node port for mgmt API.                                                                                                                           | nil                                                     |
 
-| `service.nodePorts.ws`               | Kubernetes node port for WebSocket/HTTP.                                                                                                                     | nil                                                     |
 
-| `service.nodePorts.wss`              | Kubernetes node port for WSS/HTTPS.                                                                                                                          | nil                                                     |
 
-| `service.nodePorts.dashboard`        | Kubernetes node port for dashboard.                                                                                                                          | nil                                                     |
 
-| `service.loadBalancerIP`             | loadBalancerIP for Service                                                                                                                                   | nil                                                     |
 
-| `service.loadBalancerSourceRanges`   | Address(es) that are allowed when service is LoadBalancer                                                                                                    | []                                                      |
 
-| `service.externalIPs`                | ExternalIPs for the service                                                                                                                                  | []                                                      |
 
-| `service.annotations`                | Service annotations                                                                                                                                          | {}(evaluated as a template)                             |
 
-| `ingress.dashboard.enabled`          | Enable ingress for EMQX Dashboard                                                                                                                            | false                                                   |
 
-| `ingress.dashboard.ingressClassName` | Set the ingress class for EMQX Dashboard                                                                                                                     |                                                         |
 
-| `ingress.dashboard.path`             | Ingress path for EMQX Dashboard                                                                                                                              | /                                                       |
 
-| `ingress.dashboard.pathType`         | Ingress pathType for EMQX Dashboard                                                                                                                          | `ImplementationSpecific`                                |
 
-| `ingress.dashboard.hosts`            | Ingress hosts for EMQX Mgmt API                                                                                                                              | dashboard.emqx.local                                    |
 
-| `ingress.dashboard.tls`              | Ingress tls for EMQX Mgmt API                                                                                                                                | []                                                      |
 
-| `ingress.dashboard.annotations`      | Ingress annotations for EMQX Mgmt API                                                                                                                        | {}                                                      |
 
-| `ingress.mgmt.enabled`               | Enable ingress for EMQX Mgmt API                                                                                                                             | false                                                   |
 
-| `ingress.dashboard.ingressClassName` | Set the ingress class for EMQX Mgmt API                                                                                                                      |                                                         |
 
-| `ingress.mgmt.path`                  | Ingress path for EMQX Mgmt API                                                                                                                               | /                                                       |
 
-| `ingress.mgmt.hosts`                 | Ingress hosts for EMQX Mgmt API                                                                                                                              | api.emqx.local                                          |
 
-| `ingress.mgmt.tls`                   | Ingress tls for EMQX Mgmt API                                                                                                                                | []                                                      |
 
-| `ingress.mgmt.annotations`           | Ingress annotations for EMQX Mgmt API                                                                                                                        | {}                                                      |
 
-| `metrics.enable`                     | If set to true, [prometheus-operator](https://github.com/prometheus-operator/prometheus-operator) needs to be installed, and emqx_prometheus needs to enable | false                                                   |
 
-| `metrics.type`                       | Now we only supported "prometheus"                                                                                                                           | "prometheus"                                            |
 
-| `ssl.enabled`                        | Enable SSL support                                                                                                                                           | false                                                   |
 
-| `ssl.useExisting`                    | Use existing certificate or let cert-manager generate one                                                                                                    | false                                                   |
 
-| `ssl.existingName`                   | Name of existing certificate                                                                                                                                 | emqx-tls                                                |
 
-| `ssl.dnsnames`                       | DNS name(s) for certificate to be generated                                                                                                                  | {}                                                      |
 
-| `ssl.issuer.name`                    | Issuer name for certificate generation                                                                                                                       | letsencrypt-dns                                         |
 
-| `ssl.issuer.kind`                    | Issuer kind for certificate generation                                                                                                                       | ClusterIssuer                                           |
 
+| `replicaCount` | It is recommended to have odd number of nodes in a cluster, otherwise the emqx cluster cannot be automatically healed in case of net-split. | 3 |
 
+| `image.repository` | EMQX Image name | emqx/emqx |
 
+| `image.pullPolicy` | The image pull policy | IfNotPresent |
 
+| `image.pullSecrets ` | The image pull secrets | `[]` (does not add image pull secrets to deployed pods) |
 
+| `envFromSecret` | The name pull a secret in the same kubernetes namespace which contains values that will be added to the environment | nil |
 
+| `recreatePods` | Forces the recreation of pods during upgrades, which can be useful to always apply the most recent configuration. | false |
 
+| `podAnnotations ` | Annotations for pod | `{}` |
 
+| `podManagementPolicy` | To redeploy a chart with existing PVC(s), the value must be set to Parallel to avoid deadlock | `Parallel` |
 
+| `persistence.enabled` | Enable EMQX persistence using PVC | false |
 
+| `persistence.storageClass` | Storage class of backing PVC | `nil` (uses alpha storage class annotation) |
 
+| `persistence.existingClaim` | EMQX data Persistent Volume existing claim name, evaluated as a template | "" |
 
+| `persistence.accessMode` | PVC Access Mode for EMQX volume | ReadWriteOnce |
 
+| `persistence.size` | PVC Storage Request for EMQX volume | 20Mi |
 
+| `initContainers` | Containers that run before the creation of EMQX containers. They can contain utilities or setup scripts. | `{}` |
 
+| `resources` | CPU/Memory resource requests/limits | {} |
 
+| `nodeSelector` | Node labels for pod assignment | `{}` |
 
+| `tolerations` | Toleration labels for pod assignment | `[]` |
 
+| `affinity` | Map of node/pod affinities | `{}` |
 
+| `service.type` | Kubernetes Service type. | ClusterIP |
 
+| `service.mqtt` | Port for MQTT. | 1883 |
 
+| `service.mqttssl` | Port for MQTT(SSL). | 8883 |
 
+| `service.ws` | Port for WebSocket/HTTP. | 8083 |
 
+| `service.wss` | Port for WSS/HTTPS. | 8084 |
 
+| `service.dashboard` | Port for dashboard and API. | 18083 |
 
+| `service.nodePorts.mqtt` | Kubernetes node port for MQTT. | nil |
 
+| `service.nodePorts.mqttssl` | Kubernetes node port for MQTT(SSL). | nil |
 
+| `service.nodePorts.mgmt` | Kubernetes node port for mgmt API. | nil |
 
+| `service.nodePorts.ws` | Kubernetes node port for WebSocket/HTTP. | nil |
 
+| `service.nodePorts.wss` | Kubernetes node port for WSS/HTTPS. | nil |
 
+| `service.nodePorts.dashboard` | Kubernetes node port for dashboard. | nil |
 
+| `service.loadBalancerIP` | loadBalancerIP for Service | nil |
 
+| `service.loadBalancerSourceRanges` | Address(es) that are allowed when service is LoadBalancer | [] |
 
+| `service.externalIPs` | ExternalIPs for the service | [] |
 
+`service.externalTrafficPolicy` |	External Traffic Policy for the service |	`Cluster`
 
+| `service.annotations` | Service annotations | {}(evaluated as a template) |
 
+| `ingress.dashboard.enabled` | Enable ingress for EMQX Dashboard | false |
 
+| `ingress.dashboard.ingressClassName` | Set the ingress class for EMQX Dashboard | |
 
+| `ingress.dashboard.path` | Ingress path for EMQX Dashboard | / |
 
+| `ingress.dashboard.pathType` | Ingress pathType for EMQX Dashboard | `ImplementationSpecific` |
 
+| `ingress.dashboard.hosts` | Ingress hosts for EMQX Mgmt API | dashboard.emqx.local |
 
+| `ingress.dashboard.tls` | Ingress tls for EMQX Mgmt API | [] |
 
+| `ingress.dashboard.annotations` | Ingress annotations for EMQX Mgmt API | {} |
 
+| `ingress.mgmt.enabled` | Enable ingress for EMQX Mgmt API | false |
 
+| `ingress.dashboard.ingressClassName` | Set the ingress class for EMQX Mgmt API | |
 
+| `ingress.mgmt.path` | Ingress path for EMQX Mgmt API | / |
 
+| `ingress.mgmt.hosts` | Ingress hosts for EMQX Mgmt API | api.emqx.local |
 
+| `ingress.mgmt.tls` | Ingress tls for EMQX Mgmt API | [] |
 
+| `ingress.mgmt.annotations` | Ingress annotations for EMQX Mgmt API | {} |
 
+| `metrics.enable` | If set to true, [prometheus-operator](https://github.com/prometheus-operator/prometheus-operator) needs to be installed, and emqx_prometheus needs to enable | false |
 
+| `metrics.type` | Now we only supported "prometheus" | "prometheus" |
 
+| `ssl.enabled` | Enable SSL support | false |
 
+| `ssl.useExisting` | Use existing certificate or let cert-manager generate one | false |
 
+| `ssl.existingName` | Name of existing certificate | emqx-tls |
 
+| `ssl.dnsnames` | DNS name(s) for certificate to be generated | {} |
 
+| `ssl.issuer.name` | Issuer name for certificate generation | letsencrypt-dns |
 
+| `ssl.issuer.kind` | Issuer kind for certificate generation | ClusterIssuer |
 
 
 
 ## EMQX specific settings
 
 ## EMQX specific settings

+ 3 - 0
deploy/charts/emqx/templates/service.yaml
View File 

@@ -14,6 +14,9 @@ metadata:
 
   {{- end }}
 
   {{- end }}
 
 spec:
 
 spec:
 
   type: {{ .Values.service.type }}
 
   type: {{ .Values.service.type }}
 
+  {{- if or (eq .Values.service.type "LoadBalancer") (eq .Values.service.type "NodePort") }}
 
+  externalTrafficPolicy: {{ .Values.service.externalTrafficPolicy | default "Cluster" }}
 
+  {{- end }}
 
   {{- if eq .Values.service.type "LoadBalancer" }}
 
   {{- if eq .Values.service.type "LoadBalancer" }}
 
   {{- if .Values.service.loadBalancerIP }}
 
   {{- if .Values.service.loadBalancerIP }}
 
   loadBalancerIP: {{ .Values.service.loadBalancerIP }}
 
   loadBalancerIP: {{ .Values.service.loadBalancerIP }}

+ 6 - 0
deploy/charts/emqx/values.yaml
View File 

@@ -149,6 +149,12 @@ service:
 
   ## Set the ExternalIPs
 
   ## Set the ExternalIPs
 
   ##
 
   ##
 
   externalIPs: []
 
   externalIPs: []
 
+  ## Denotes if this Service desires to route external traffic to node-local or cluster-wide endpoints.
 
+  ## There are two available options: Cluster (default) and Local.
 
+  ## Cluster obscures the client source IP and may cause a second hop to another node, but should have good overall load-spreading.
 
+  ## Local preserves the client source IP and avoids a second hop for LoadBalancer and NodePort type Services, but risks potentially imbalanced traffic spreading.
 
+  ##
 
+  externalTrafficPolicy: "Cluster"
 
   ## Provide any additional annotations which may be required. Evaluated as a template
 
   ## Provide any additional annotations which may be required. Evaluated as a template
 
   ##
 
   ##
 
   annotations: {}
 
   annotations: {}