kennyh
/
emqx4.3


			
				
					
						
						
							123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247
							## Default values for emqx.
## This is a YAML-formatted file.
## Declare variables to be passed into your templates.

## It is recommended to have odd number of nodes in a cluster, otherwise the emqx cluster cannot be automatically healed in case of net-split.
replicaCount: 3
image:
  repository: emqx/emqx
  pullPolicy: IfNotPresent
  ## Optionally specify an array of imagePullSecrets.
  ## Secrets must be manually created in the namespace.
  ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
  ##
  # pullSecrets:
  # - myRegistryKeySecretName

## Forces the recreation of pods during helm upgrades. This can be useful to update configuration values even if the container image did not change.
recreatePods: false

# Pod deployment policy
# value: OrderedReady | Parallel
# To redeploy a chart with existing PVC(s), the value must be set to Parallel to avoid deadlock
podManagementPolicy: Parallel

## Aditional container env vars
##
extraEnv: []

## Aditional container env from vars
##
extraEnvFrom: []

## Additional container executable args
##
extraArgs: []

## Additional container volumes (eg. for mounting certs from secrets)
##
extraVolumes: []

## Additional container volume mounts (eg. for mounting certs from secrets)
##
extraVolumeMounts: []

persistence:
  enabled: false
  size: 20Mi
  ## If defined, volume.beta.kubernetes.io/storage-class: <storageClass>
  ## Default: volume.alpha.kubernetes.io/storage-class: default
  # storageClass: "-"
  accessMode: ReadWriteOnce
  ## Existing PersistentVolumeClaims
  ## The value is evaluated as a template
  ## So, for example, the name can depend on .Release or .Chart
  # existingClaim: ""

resources: {}
  # limits:
  #   cpu: 500m
  #   memory: 512Mi
  # requests:
  #   cpu: 500m
  #   memory: 512Mi

# Containers that run before the creation of EMQX containers. They can contain utilities or setup scripts.
initContainers: {}
  # - name: mysql-probe
  #   image: alpine
  #   command: ["sh", "-c", "for i in $(seq 1 300); do nc -zvw1 mysql 3306 && exit 0 || sleep 3; done; exit 1"]

## EMQX configuration item, see the documentation (https://hub.docker.com/r/emqx/emqx)
emqxConfig:
  EMQX_CLUSTER__K8S__APISERVER: "https://kubernetes.default.svc:443"
  ## The address type is used to extract host from k8s service.
  ## Value: ip | dns | hostname
  ## Note：Hostname is only supported after v4.0-rc.2
  EMQX_CLUSTER__K8S__ADDRESS_TYPE: "hostname"
  EMQX_CLUSTER__K8S__SUFFIX: "svc.cluster.local"
  ## if EMQX_CLUSTER__K8S__ADDRESS_TYPE eq dns
  # EMQX_CLUSTER__K8S__SUFFIX: "pod.cluster.local"

## --------------------------------------------------------------------
##  [ACL](https://docs.emqx.io/broker/latest/en/advanced/acl-file.html)

##  -type(who() :: all | binary() |
##                 {ipaddr, esockd_access:cidr()} |
##                 {client, binary()} |
##                 {user, binary()}).

##  -type(access() :: subscribe | publish | pubsub).

##  -type(topic() :: binary()).

##  -type(rule() :: {allow, all} |
##                  {allow, who(), access(), list(topic())} |
##                  {deny, all} |
##                  {deny, who(), access(), list(topic())}).
## --------------------------------------------------------------------
emqxAclConfig: >
  {allow, {user, "dashboard"}, subscribe, ["$SYS/#"]}.
  {allow, {ipaddr, "127.0.0.1"}, pubsub, ["$SYS/#", "#"]}.
  {deny, all, subscribe, ["$SYS/#", {eq, "#"}]}.
  {allow, all}.

emqxLoadedPlugins: >
  {emqx_management, true}.
  {emqx_recon, true}.
  {emqx_retainer, true}.
  {emqx_dashboard, true}.
  {emqx_telemetry, true}.
  {emqx_rule_engine, true}.
  {emqx_bridge_mqtt, false}.

emqxLoadedModules: >
  {emqx_mod_acl_internal, true}.
  {emqx_mod_presence, true}.
  {emqx_mod_delayed, false}.
  {emqx_mod_rewrite, false}.
  {emqx_mod_subscription, false}.
  {emqx_mod_topic_metrics, false}.

## EMQX Enterprise Edition requires manual creation of a Secret containing the licensed content. Write the name of Secret to the value of "emqxLicenseSecretName"
## Example:
##   kubectl create secret generic emqx-license-secret-name --from-file=/path/to/emqx.lic
emqxLicenseSecretName:

service:
  ## Service type
  ##
  type: ClusterIP
  ## Port for MQTT
  ##
  mqtt: 1883
  ## Port for MQTT(SSL)
  ##
  mqttssl: 8883
  ## Port for mgmt API
  ##
  mgmt: 8081
  ## Port for WebSocket/HTTP
  ##
  ws: 8083
  ## Port for WSS/HTTPS
  ##
  wss: 8084
  ## Port for dashboard
  ##
  dashboard: 18083
  ## Port for dashboard HTTPS
  ##
  # dashboardtls: 18084
  ## Specify the nodePort(s) value for the LoadBalancer and NodePort service types.
  ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport
  ##
  nodePorts:
    mqtt:
    mqttssl:
    mgmt:
    ws:
    wss:
    dashboard:
    dashboardtls:
  ## Set the LoadBalancer service type to internal only.
  ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#internal-load-balancer
  ##
  # loadBalancerIP:
  ## Load Balancer sources
  ## ref: https://kubernetes.io/docs/tasks/access-application-cluster/configure-cloud-provider-firewall/#restrict-access-for-loadbalancer-service
  ## Example:
  ## loadBalancerSourceRanges:
  ## - 10.10.10.0/24
  ##
  loadBalancerSourceRanges: []
  ## Set the ExternalIPs
  ##
  externalIPs: []
  ## Provide any additional annotations which may be required. Evaluated as a template
  ##
  annotations: {}

nodeSelector: {}

tolerations: []

affinity: {}

ingress:
  ## Ingress shared annotations
  annotations: {}

  ## ingress for EMQX Dashboard
  dashboard:
    enabled: false
    annotations: {}
      # kubernetes.io/ingress.class: nginx
      # kubernetes.io/tls-acme: "true"
    path: /
    hosts:
    - dashboard.emqx.local
    tls: []

  ## ingress for EMQX Mgmt API
  mgmt:
    enabled: false
    annotations: {}
      # kubernetes.io/ingress.class: nginx
      # kubernetes.io/tls-acme: "true"
    path: /
    hosts:
    - api.emqx.local
    tls: []

  ## ingress for EMQX Mgmt API
  wss:
    enabled: false
    # ingressClassName: nginx
    annotations: {}
      # Sample annotations for nginx-ingress community controller
      # nginx.ingress.kubernetes.io/rewrite-target: /mqtt$1 # Use to rewrite backend path if needed
      # nginx.ingress.kubernetes.io/backend-protocol: "http"
      # nginx.ingress.kubernetes.io/use-forwarded-headers: "true"
      # nginx.ingress.kubernetes.io/enable-real-ip: "true"
      # nginx.ingress.kubernetes.io/proxy-request-buffering: "off"
      # nginx.ingress.kubernetes.io/proxy-connect-timeout: "120"
      # nginx.ingress.kubernetes.io/proxy-http-version: "1.1"
      # nginx.ingress.kubernetes.io/proxy-read-timeout: "3600"
      # nginx.ingress.kubernetes.io/proxy-send-timeout: "3600"
      # nginx.ingress.kubernetes.io/use-proxy-protocol: "false"
      # nginx.ingress.kubernetes.io/proxy-protocol-header-timeout: "5s"
    path: /mqtt
    # path: /wss(\/.*)?
    hosts:
    - wss.emqx.local
    tls: []

podSecurityContext:
  enabled: true
  fsGroup: 1000
  fsGroupChangePolicy: Always
  runAsUser: 1000
  supplementalGroups:
    - 1000

containerSecurityContext:
  enabled: true
  runAsNonRoot: true
  runAsUser: 1000