From a1edec07edc9c854e92e628b9bb8946fea7b19de Mon Sep 17 00:00:00 2001 From: Joseph Hanson Date: Sun, 22 Sep 2024 21:10:53 -0500 Subject: [PATCH] messing with kustomize and emqx --- .../database/emqx/app/externalsecret.yaml | 29 ++++++++++++++++++- .../apps/database/emqx/cluster/cluster.yaml | 21 ++------------ .../database/emqx/cluster/kustomization.yaml | 21 ++++++++++++++ .../database/emqx/cluster/resources/emqx.conf | 27 +++++++++++++++++ 4 files changed, 78 insertions(+), 20 deletions(-) create mode 100644 kubernetes/apps/database/emqx/cluster/resources/emqx.conf diff --git a/kubernetes/apps/database/emqx/app/externalsecret.yaml b/kubernetes/apps/database/emqx/app/externalsecret.yaml index d39645ac..375ee412 100644 --- a/kubernetes/apps/database/emqx/app/externalsecret.yaml +++ b/kubernetes/apps/database/emqx/app/externalsecret.yaml @@ -35,7 +35,34 @@ spec: engineVersion: v2 data: init-user.json: | - [{"user_id": "{{ .X_EMQX_MQTT_USERNAME }}", "password": "{{ .X_EMQX_MQTT_PASSWORD }}", "is_superuser": true}] + [ + { + "user_id": "{{ .X_EMQX_MQTT_USERNAME }}", + "password": "{{ .X_EMQX_MQTT_PASSWORD }}", + "is_superuser": true + }, + { + username = "tasmota" + password = "{{ .X_EMQX_TASMOTA_PASSWORD }}" + }, + { + username = "homeassistant" + password = "{{ .X_EMQX_HOMEASSISTANT_PASSWORD }}" + } + ] + dataFrom: - extract: key: emqx + - extract: + key: "emqx - [tasmota]" + rewrite: + - regexp: + source: "(.*)" + target: "X_EMQX_TASMOTA_$1" + - extract: + key: "emqx - [homeassistant]" + rewrite: + - regexp: + source: "(.*)" + target: "X_EMQX_HOMEASSISTANT_$1" diff --git a/kubernetes/apps/database/emqx/cluster/cluster.yaml b/kubernetes/apps/database/emqx/cluster/cluster.yaml index 62e48c56..def29227 100644 --- a/kubernetes/apps/database/emqx/cluster/cluster.yaml +++ b/kubernetes/apps/database/emqx/cluster/cluster.yaml @@ -7,26 +7,9 @@ metadata: spec: image: public.ecr.aws/emqx/emqx:5.8.0 config: + mode: Merge data: | - authentication { - backend = "built_in_database" - mechanism = "password_based" - password_hash_algorithm { - name = "bcrypt", - } - user_id_type = "username" - bootstrap_file = "/opt/init-user.json" - bootstrap_type = "plain" - } - authorization { - sources = [ - { - type = built_in_database - enable = true - } - ] - no_match: "deny" - } + $(emqx-conf) coreTemplate: metadata: annotations: diff --git a/kubernetes/apps/database/emqx/cluster/kustomization.yaml b/kubernetes/apps/database/emqx/cluster/kustomization.yaml index 83d325dd..552b21a2 100644 --- a/kubernetes/apps/database/emqx/cluster/kustomization.yaml +++ b/kubernetes/apps/database/emqx/cluster/kustomization.yaml @@ -6,3 +6,24 @@ resources: - ./cluster.yaml - ./ingress.yaml - ./podmonitor.yaml +patchesStrategicMerge: + - cluster.yaml +configMapGenerator: + - name: emqx-conf + files: + - resources/emqx.conf +replacements: + - source: + kind: ConfigMap + name: emqx-conf + fieldPath: data.emqx.conf + targets: + - select: + kind: EMQX + name: emqx + fieldPaths: + - spec.config.data + options: + delimiter: | +generatorOptions: + disableNameSuffixHash: true diff --git a/kubernetes/apps/database/emqx/cluster/resources/emqx.conf b/kubernetes/apps/database/emqx/cluster/resources/emqx.conf new file mode 100644 index 00000000..66bf5782 --- /dev/null +++ b/kubernetes/apps/database/emqx/cluster/resources/emqx.conf @@ -0,0 +1,27 @@ +authentication { + backend = "built_in_database" + mechanism = "password_based" + password_hash_algorithm { + name = "bcrypt", + } + user_id_type = "username" + bootstrap_file = "/opt/init-user.json" + bootstrap_type = "plain" +} + +authorization { + sources = [ + { + type = built_in_database + enable = true + } + ] + no_match: "deny" +} + +authorization.sources.built_in_database.rules = [ + {allow, {user, "jahanson"}, all, ["#"]}, + {allow, {user, "tasmota"}, publish, ["tasmota/discovery/#", "tele/tasmota_+/+", "cmnd/tasmota_+/+"]}, + {allow, {user, "homeassistant"}, subscribe, ["stat/tasmota_+/+", "tele/tasmota_+/+"]}, + {deny, all} +]