emqx4.3/deploy/charts/emqx/values.yaml

## Default values for emqx.
## This is a YAML-formatted file.
## Declare variables to be passed into your templates.

## It is recommended to have odd number of nodes in a cluster, otherwise the emqx cluster cannot be automatically healed in case of net-split.
replicaCount: 3
image:
  repository: emqx/emqx
  pullPolicy: IfNotPresent
  # Overrides the image tag whose default is the chart appVersion.
  tag: ""
  ## Optionally specify an array of imagePullSecrets.
  ## Secrets must be manually created in the namespace.
  ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
  ##
  # pullSecrets:
  # - myRegistryKeySecretName

serviceAccount:
  # Specifies whether a service account should be created
  # If set false, means you need create service account by yourself
  create: true
  # The name of the service account to use.
  # If not set and create is true, a name is generated using the fullname template
  name: ""
  # Annotations to add to the service account
  annotations: {}

# The name of a secret in the same kubernetes namespace which contains values to
# be added to the environment (must be manually created)
# This can be useful for passwords and logins, etc.

# envFromSecret: "emqx-secrets"

## Forces the recreation of pods during helm upgrades. This can be useful to update configuration values even if the container image did not change.
recreatePods: false

## Sets the minReadySeconds parameter on the stateful set. This can be used to add delay between restart / updates between the single pods.
minReadySeconds:

## Sets the priorityClassName parameter on the pods. This can be used to run the pods with increased priority.
priorityClassName:

clusterDomain: cluster.local

podAnnotations: {}

# Pod deployment policy
# value: OrderedReady | Parallel
# To redeploy a chart with existing PVC(s), the value must be set to Parallel to avoid deadlock
podManagementPolicy: Parallel

persistence:
  enabled: false
  size: 20Mi
  storageClassName: ""
  accessMode: ReadWriteOnce
  ## Existing PersistentVolumeClaims
  ## The value is evaluated as a template
  ## So, for example, the name can depend on .Release or .Chart
  # existingClaim: ""

resources: {}
  # limits:
  #   cpu: 500m
  #   memory: 512Mi
  # requests:
  #   cpu: 500m
  #   memory: 512Mi

extraVolumeMounts: []
## Additional volumeMounts to the default backend container.
#  - name: my-owner-acl
#    mountPath: /opt/emqx/etc/acl.conf
#    subPath: acl.conf

extraVolumes: []
## Additional volumes to the default backend pod.
#  - name: my-owner-acl
#    secret:  fake-acl-conf

# Containers that run before the creation of EMQX containers. They can contain utilities or setup scripts.
initContainers: {}
  # - name: sysctl
  #   image: busybox
  #   securityContext:
  #     runAsUser: 0
  #     runAsGroup: 0
  #     capabilities:
  #       add:
  #       - SYS_ADMIN
  #       drop:
  #       - ALL
  #   command:
  #     - /bin/sh
  #     - -c
  #     - |
  #       mount -o remount rw /proc/sys
  #       sysctl -w net.core.somaxconn=65535
  #       sysctl -w net.ipv4.ip_local_port_range="1024 65535"
  #       sysctl -w kernel.core_uses_pid=0
  #       sysctl -w net.ipv4.tcp_tw_reuse=1
  #       sysctl -w fs.nr_open=1000000000
  #       sysctl -w fs.file-max=1000000000
  #       sysctl -w net.ipv4.ip_local_port_range='1025 65534'
  #       sysctl -w net.ipv4.udp_mem='74583000 499445000 749166000'
  #       sysctl -w net.ipv4.tcp_max_sync_backlog=163840
  #       sysctl -w net.core.netdev_max_backlog=163840
  #       sysctl -w net.core.optmem_max=16777216
  #       sysctl -w net.ipv4.tcp_rmem='1024 4096 16777216'
  #       sysctl -w net.ipv4.tcp_wmem='1024 4096 16777216'
  #       sysctl -w net.ipv4.tcp_max_tw_buckets=1048576
  #       sysctl -w net.ipv4.tcp_fin_timeout=15
  #       sysctl -w net.core.rmem_default=262144000
  #       sysctl -w net.core.wmem_default=262144000
  #       sysctl -w net.core.rmem_max=262144000
  #       sysctl -w net.core.wmem_max=262144000
  #       sysctl -w net.ipv4.tcp_mem='378150000  504200000  756300000'
  #       sysctl -w net.netfilter.nf_conntrack_max=1000000
  #       sysctl -w net.netfilter.nf_conntrack_tcp_timeout_time_wait=30

## EMQX configuration item, see the documentation (https://hub.docker.com/r/emqx/emqx)
emqxConfig:
  EMQX_CLUSTER__DISCOVERY_STRATEGY: "dns"
  EMQX_DASHBOARD__DEFAULT_USERNAME: "admin"
  EMQX_DASHBOARD__DEFAULT_PASSWORD: "public"

## EMQX Enterprise Edition requires manual creation of a Secret containing the licensed content. Write the name of Secret to the value of "emqxLicenseSecretName"
## Example:
##   kubectl create secret generic emqx-license-secret-name --from-file=/path/to/emqx.lic
emqxLicenseSecretName:

service:
  ## Service type
  ##
  type: ClusterIP
  ## The cluster IP if one wants to customize it to a fixed value
  ##
  clusterIP: None
  ## Port for MQTT
  ##
  mqtt: 1883
  ## Port for MQTT(SSL)
  ##
  mqttssl: 8883
  ## Port for WebSocket/HTTP
  ##
  ws: 8083
  ## Port for WSS/HTTPS
  ##
  wss: 8084
  ## Port for dashboard and API
  ##
  dashboard: 18083
  ## Port for dashboard and API over HTTPS
  ##
  # dashboardtls: 18084
  ## Specify the nodePort(s) value for the LoadBalancer and NodePort service types.
  ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport
  ##
  nodePorts:
    mqtt:
    mqttssl:
    mgmt:
    ws:
    wss:
    dashboard:
    dashboardtls:
  ## Specifies the load balancer implementation this Service belongs to.
  ## Once set, it can not be changed.
  ##
  # loadBalancerClass:
  ## Set the LoadBalancer service type to internal only.
  ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#internal-load-balancer
  ##
  # loadBalancerIP:
  ## Load Balancer sources
  ## ref: https://kubernetes.io/docs/tasks/access-application-cluster/configure-cloud-provider-firewall/#restrict-access-for-loadbalancer-service
  ## Example:
  ## loadBalancerSourceRanges:
  ## - 10.10.10.0/24
  ##
  loadBalancerSourceRanges: []
  ## Set the ExternalIPs
  ##
  externalIPs: []
  ## Denotes if this Service desires to route external traffic to node-local or cluster-wide endpoints.
  ## There are two available options: Cluster (default) and Local.
  ## Cluster obscures the client source IP and may cause a second hop to another node, but should have good overall load-spreading.
  ## Local preserves the client source IP and avoids a second hop for LoadBalancer and NodePort type Services, but risks potentially imbalanced traffic spreading.
  ##
  externalTrafficPolicy: "Cluster"
  ## Provide any additional annotations which may be required. Evaluated as a template
  ##
  annotations: {}
  labels: {}

nodeSelector: {}

tolerations: []

affinity: {}

topologySpreadConstraints: []

ingress:
  ## ingress for EMQX Dashboard
  dashboard:
    enabled: false
    # ingressClassName: nginx
    annotations: {}
      # kubernetes.io/ingress.class: nginx
      # kubernetes.io/tls-acme: "true"
    path: /
    pathType: ImplementationSpecific
    hosts:
    - dashboard.emqx.local
    tls: []
  ## ingress for MQTT
  mqtt:
    enabled: false
    # ingressClassName: haproxy
    annotations: {}
      # kubernetes.io/ingress.class: haproxy
      # kubernetes.io/tls-acme: "true"
      # haproxy-ingress.github.io/tcp-service-port: "8883"
      # haproxy-ingress.github.io/proxy-protocol: "v2"
    path: /
    pathType: ImplementationSpecific
    hosts:
    - mqtt.emqx.local
    tls: []

podSecurityContext:
  enabled: true
  fsGroup: 1000
  fsGroupChangePolicy: Always
  runAsUser: 1000
  supplementalGroups:
    - 1000

containerSecurityContext:
  enabled: true
  runAsNonRoot: true
  runAsUser: 1000

metrics:
  enabled: false
  type: prometheus

ssl:
  enabled: false
  useExisting: false
  existingName: emqx-tls
  dnsnames: []
  commonName:
  issuer:
    name: letsencrypt-dns
    kind: ClusterIssuer

## Setting PodDisruptionBudget.
## ref: https://kubernetes.io/docs/tasks/run-application/configure-pdb
##
pdb:
  enabled: false
  maxUnavailable: 1