add emqx operator/cluster

2024-08-16 22:48:19 -05:00 · 2024-08-16 22:48:19 -05:00 · 9a64dafb8a
commit 9a64dafb8a
parent e85e493c75
10 changed files with 244 additions and 0 deletions
--- a/kubernetes/apps/database/emqx/app/externalsecret.yaml
+++ b/kubernetes/apps/database/emqx/app/externalsecret.yaml
@ -0,0 +1,41 @@
 ---
 # yaml-language-server: $schema=https://ks.hsn.dev/external-secrets.io/externalsecret_v1beta1.json
 apiVersion: external-secrets.io/v1beta1
 kind: ExternalSecret
 metadata:
  name: emqx
 spec:
  secretStoreRef:
    kind: ClusterSecretStore
    name: onepassword-connect
  target:
    name: emqx-secret
    template:
      engineVersion: v2
      data:
        EMQX_DASHBOARD__DEFAULT_USERNAME: "{{ .EMQX_DASHBOARD__DEFAULT_USERNAME }}"
        EMQX_DASHBOARD__DEFAULT_PASSWORD: "{{ .EMQX_DASHBOARD__DEFAULT_PASSWORD }}"
  dataFrom:
    - extract:
        key: emqx
 ---
 # yaml-language-server: $schema=https://ks.hsn.dev/external-secrets.io/externalsecret_v1beta1.json
 apiVersion: external-secrets.io/v1beta1
 kind: ExternalSecret
 metadata:
  name: emqx-init-user
 spec:
  refreshInterval: 5m
  secretStoreRef:
    kind: ClusterSecretStore
    name: onepassword-connect
  target:
    name: emqx-init-user-secret
    template:
      engineVersion: v2
      data:
        init-user.json: |
          [{"user_id": "{{ .X_EMQX_MQTT_USERNAME }}", "password": "{{ .X_EMQX_MQTT_PASSWORD }}", "is_superuser": true}]
  dataFrom:
    - extract:
        key: emqx
--- a/kubernetes/apps/database/emqx/app/helmrelease.yaml
+++ b/kubernetes/apps/database/emqx/app/helmrelease.yaml
@ -0,0 +1,31 @@
 ---
 # yaml-language-server: $schema=https://ks.hsn.dev/helm.toolkit.fluxcd.io/helmrelease_v2.json
 apiVersion: helm.toolkit.fluxcd.io/v2
 kind: HelmRelease
 metadata:
  name: emqx
 spec:
  interval: 30m
  chart:
    spec:
      chart: emqx-operator
      version: 2.2.23
      sourceRef:
        kind: HelmRepository
        name: emqx
        namespace: flux-system
  install:
    remediation:
      retries: 3
  upgrade:
    cleanupOnFail: true
    remediation:
      strategy: rollback
      retries: 3
  dependsOn:
    - name: cert-manager
      namespace: cert-manager
  values:
    fullnameOverride: emqx-operator
    image:
      repository: ghcr.io/emqx/emqx-operator
--- a/kubernetes/apps/database/emqx/app/kustomization.yaml
+++ b/kubernetes/apps/database/emqx/app/kustomization.yaml
@ -0,0 +1,7 @@
 ---
 # yaml-language-server: $schema=https://json.schemastore.org/kustomization
 apiVersion: kustomize.config.k8s.io/v1beta1
 kind: Kustomization
 resources:
  - ./externalsecret.yaml
  - ./helmrelease.yaml
--- a/kubernetes/apps/database/emqx/cluster/cluster.yaml
+++ b/kubernetes/apps/database/emqx/cluster/cluster.yaml
@ -0,0 +1,53 @@
 ---
 # yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/apps.emqx.io/emqx_v2beta1.json
 apiVersion: apps.emqx.io/v2beta1
 kind: EMQX
 metadata:
  name: emqx
 spec:
  image: public.ecr.aws/emqx/emqx:5.7.2
  config:
    data: |
      authentication {
        backend = "built_in_database"
        mechanism = "password_based"
        password_hash_algorithm {
            name = "bcrypt",
        }
        user_id_type = "username"
        bootstrap_file = "/opt/init-user.json"
        bootstrap_type = "plain"
      }
      authorization {
        sources = [
          {
            type = built_in_database
            enable = true
          }
        ]
        no_match: "deny"
      }
  coreTemplate:
    metadata:
      annotations:
        reloader.stakater.com/auto: "true"
    spec:
      replicas: 1
      envFrom:
        - secretRef:
            name: emqx-secret
      extraVolumeMounts:
        - name: init-user
          mountPath: /opt/init-user.json
          subPath: init-user.json
          readOnly: true
      extraVolumes:
        - name: init-user
          secret:
            secretName: emqx-init-user-secret
  listenersServiceTemplate:
    metadata:
      annotations:
        io.cilium/lb-ipam-ips: 10.1.1.38
    spec:
      type: LoadBalancer
--- a/kubernetes/apps/database/emqx/cluster/ingress.yaml
+++ b/kubernetes/apps/database/emqx/cluster/ingress.yaml
@ -0,0 +1,20 @@
 ---
 apiVersion: networking.k8s.io/v1
 kind: Ingress
 metadata:
  name: emqx-dashboard
  annotations:
    external-dns.alpha.kubernetes.io/target: internal.devbu.io
 spec:
  ingressClassName: internal
  rules:
    - host: emqx.devbu.io
      http:
        paths:
          - path: /
            pathType: Prefix
            backend:
              service:
                name: emqx-dashboard
                port:
                  number: 18083
--- a/kubernetes/apps/database/emqx/cluster/kustomization.yaml
+++ b/kubernetes/apps/database/emqx/cluster/kustomization.yaml
@ -0,0 +1,8 @@
 ---
 # yaml-language-server: $schema=https://json.schemastore.org/kustomization
 apiVersion: kustomize.config.k8s.io/v1beta1
 kind: Kustomization
 resources:
  - ./cluster.yaml
  - ./ingress.yaml
  - ./podmonitor.yaml
--- a/kubernetes/apps/database/emqx/cluster/podmonitor.yaml
+++ b/kubernetes/apps/database/emqx/cluster/podmonitor.yaml
@ -0,0 +1,27 @@
 ---
 # yaml-language-server: $schema=https://ks.hsn.dev/monitoring.coreos.com/podmonitor_v1.json
 apiVersion: monitoring.coreos.com/v1
 kind: PodMonitor
 metadata:
  name: emqx
 spec:
  selector:
    matchLabels:
      apps.emqx.io/instance: emqx
      apps.emqx.io/managed-by: emqx-operator
  podMetricsEndpoints:
    - port: dashboard
      path: /api/v5/prometheus/stats
      relabelings:
        - action: replace
          # user-defined cluster name, requires unique
          replacement: emqx5
          targetLabel: cluster
        - action: replace
          # fix value, don't modify
          replacement: emqx
          targetLabel: from
        - action: replace
          # fix value, don't modify
          sourceLabels: ['pod']
          targetLabel: "instance"
--- a/kubernetes/apps/database/emqx/ks.yaml
+++ b/kubernetes/apps/database/emqx/ks.yaml
@ -0,0 +1,46 @@
 ---
 # yaml-language-server: $schema=https://ks.hsn.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json
 apiVersion: kustomize.toolkit.fluxcd.io/v1
 kind: Kustomization
 metadata:
  name: &app emqx
  namespace: flux-system
 spec:
  targetNamespace: database
  commonMetadata:
    labels:
      app.kubernetes.io/name: *app
  dependsOn:
    - name: external-secrets-stores
  path: ./kubernetes/apps/database/emqx/app
  prune: true
  sourceRef:
    kind: GitRepository
    name: homelab
  wait: true
  interval: 30m
  retryInterval: 1m
  timeout: 5m
 ---
 # yaml-language-server: $schema=https://ks.hsn.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json
 apiVersion: kustomize.toolkit.fluxcd.io/v1
 kind: Kustomization
 metadata:
  name: &app emqx-cluster
  namespace: flux-system
 spec:
  targetNamespace: database
  commonMetadata:
    labels:
      app.kubernetes.io/name: *app
  dependsOn:
    - name: emqx
  path: ./kubernetes/apps/database/emqx/cluster
  prune: true
  sourceRef:
    kind: GitRepository
    name: homelab
  wait: true
  interval: 30m
  retryInterval: 1m
  timeout: 5m
--- a/kubernetes/flux/repositories/helm/emqx.yaml
+++ b/kubernetes/flux/repositories/helm/emqx.yaml
@ -0,0 +1,10 @@
 ---
 # yaml-language-server: $schema=https://ks.hsn.dev/source.toolkit.fluxcd.io/helmrepository_v1.json
 apiVersion: source.toolkit.fluxcd.io/v1
 kind: HelmRepository
 metadata:
  name: emqx
  namespace: flux-system
 spec:
  interval: 2h
  url: https://repos.emqx.io/charts
--- a/kubernetes/flux/repositories/helm/kustomization.yaml
+++ b/kubernetes/flux/repositories/helm/kustomization.yaml
@ -14,6 +14,7 @@ resources:
 - descheduler.yaml
 - dragonflydb.yaml
 - elastic.yaml
 - emqx.yaml
 - external-secrets.yaml
 - fairwinds.yaml
 - grafana.yaml