feat(emqx): add emqx

zebernst · Nov 12, 2024 · fff0219 · fff0219
1 parent 0ae0c1d
commit fff0219
Show file tree

Hide file tree

Showing 11 changed files with 238 additions and 0 deletions.
diff --git a/kubernetes/apps/database/emqx/app/externalsecret.yaml b/kubernetes/apps/database/emqx/app/externalsecret.yaml
@@ -0,0 +1,39 @@
+---
+apiVersion: external-secrets.io/v1beta1
+kind: ExternalSecret
+metadata:
+  name: emqx
+spec:
+  secretStoreRef:
+    kind: ClusterSecretStore
+    name: onepassword-connect
+  target:
+    name: emqx-secret
+    template:
+      engineVersion: v2
+      data:
+        EMQX_DASHBOARD__DEFAULT_USERNAME: "{{ .EMQX_DASHBOARD__DEFAULT_USERNAME }}"
+        EMQX_DASHBOARD__DEFAULT_PASSWORD: "{{ .EMQX_DASHBOARD__DEFAULT_PASSWORD }}"
+  dataFrom:
+    - extract:
+        key: emqx
+---
+apiVersion: external-secrets.io/v1beta1
+kind: ExternalSecret
+metadata:
+  name: emqx-init-user
+spec:
+  refreshInterval: 5m
+  secretStoreRef:
+    kind: ClusterSecretStore
+    name: onepassword-connect
+  target:
+    name: emqx-init-user-secret
+    template:
+      engineVersion: v2
+      data:
+        init-user.json: |
+          [{"user_id": "{{ .EMQX_MQTT_INIT_USERNAME }}", "password": "{{ .EMQX_MQTT_INIT_PASSWORD }}", "is_superuser": true}]
+  dataFrom:
+    - extract:
+        key: emqx
diff --git a/kubernetes/apps/database/emqx/app/helmrelease.yaml b/kubernetes/apps/database/emqx/app/helmrelease.yaml
@@ -0,0 +1,27 @@
+---
+apiVersion: helm.toolkit.fluxcd.io/v2
+kind: HelmRelease
+metadata:
+  name: emqx
+spec:
+  interval: 30m
+  chart:
+    spec:
+      chart: emqx-operator
+      version: 2.2.25
+      sourceRef:
+        kind: HelmRepository
+        name: emqx-charts
+        namespace: flux-system
+  install:
+    remediation:
+      retries: 3
+  upgrade:
+    cleanupOnFail: true
+    remediation:
+      strategy: rollback
+      retries: 3
+  values:
+    fullnameOverride: emqx-operator
+    image:
+      repository: ghcr.io/emqx/emqx-operator
diff --git a/kubernetes/apps/database/emqx/app/kustomization.yaml b/kubernetes/apps/database/emqx/app/kustomization.yaml
@@ -0,0 +1,6 @@
+---
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+resources:
+  - ./externalsecret.yaml
+  - ./helmrelease.yaml
diff --git a/kubernetes/apps/database/emqx/cluster/cluster.yaml b/kubernetes/apps/database/emqx/cluster/cluster.yaml
@@ -0,0 +1,53 @@
+---
+apiVersion: apps.emqx.io/v2beta1
+kind: EMQX
+metadata:
+  name: emqx
+spec:
+  image: public.ecr.aws/emqx/emqx:5.8.1
+  config:
+    data: |
+      authentication {
+        backend = "built_in_database"
+        mechanism = "password_based"
+        password_hash_algorithm {
+            name = "bcrypt"
+        }
+        user_id_type = "username"
+        bootstrap_file = "/opt/init-user.json"
+        bootstrap_type = "plain"
+      }
+      authorization {
+        sources = [
+          {
+            type = built_in_database
+            enable = true
+          }
+        ]
+        no_match: "deny"
+      }
+  coreTemplate:
+    metadata:
+      annotations:
+        reloader.stakater.com/auto: "true"
+    spec:
+      replicas: 3
+      envFrom:
+        - secretRef:
+            name: emqx-secret
+      extraVolumeMounts:
+        - name: init-user
+          mountPath: /opt/init-user.json
+          subPath: init-user.json
+          readOnly: true
+      extraVolumes:
+        - name: init-user
+          secret:
+            secretName: emqx-init-user-secret
+  listenersServiceTemplate:
+    metadata:
+      annotations:
+        external-dns.alpha.kubernetes.io/hostname: mqtt.zebernst.dev
+        io.cilium/lb-ipam-ips: 10.2.100.8
+    spec:
+      type: LoadBalancer
diff --git a/kubernetes/apps/database/emqx/cluster/ingress.yaml b/kubernetes/apps/database/emqx/cluster/ingress.yaml
@@ -0,0 +1,23 @@
+---
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: emqx
+  annotations:
+    hajimari.io/icon: simple-icons:mqtt
+spec:
+  ingressClassName: internal
+  rules:
+    - host: &host emqx.zebernst.dev
+      http:
+        paths:
+          - path: /
+            pathType: Prefix
+            backend:
+              service:
+                name: emqx-dashboard
+                port:
+                  number: 18083
+  tls:
+    - hosts:
+        - *host
diff --git a/kubernetes/apps/database/emqx/cluster/kustomization.yaml b/kubernetes/apps/database/emqx/cluster/kustomization.yaml
@@ -0,0 +1,7 @@
+---
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+resources:
+  - ./cluster.yaml
+  - ./ingress.yaml
+  - ./podmonitor.yaml
diff --git a/kubernetes/apps/database/emqx/cluster/podmonitor.yaml b/kubernetes/apps/database/emqx/cluster/podmonitor.yaml
@@ -0,0 +1,27 @@
+---
+apiVersion: monitoring.coreos.com/v1
+kind: PodMonitor
+metadata:
+  name: emqx
+spec:
+  selector:
+    matchLabels:
+      apps.emqx.io/instance: emqx
+      apps.emqx.io/managed-by: emqx-operator
+  podMetricsEndpoints:
+    - port: dashboard
+      path: /api/v5/prometheus/stats
+      relabelings:
+        - action: replace
+          # user-defined cluster name, requires unique
+          replacement: emqx5
+          targetLabel: cluster
+        - action: replace
+          # fix value, don't modify
+          replacement: emqx
+          targetLabel: from
+        - action: replace
+          # fix value, don't modify
+          sourceLabels:
+            - pod
+          targetLabel: instance
diff --git a/kubernetes/apps/database/emqx/ks.yaml b/kubernetes/apps/database/emqx/ks.yaml
@@ -0,0 +1,45 @@
+---
+apiVersion: kustomize.toolkit.fluxcd.io/v1
+kind: Kustomization
+metadata:
+  name: &app emqx
+  namespace: flux-system
+spec:
+  targetNamespace: database
+  commonMetadata:
+    labels:
+      app.kubernetes.io/name: *app
+  dependsOn:
+    - name: cert-manager
+    - name: external-secrets-stores
+  path: ./kubernetes/apps/database/emqx/app
+  prune: true
+  sourceRef:
+    kind: GitRepository
+    name: home-kubernetes
+  wait: true
+  interval: 30m
+  retryInterval: 1m
+  timeout: 5m
+---
+apiVersion: kustomize.toolkit.fluxcd.io/v1
+kind: Kustomization
+metadata:
+  name: &app emqx-cluster
+  namespace: flux-system
+spec:
+  targetNamespace: database
+  commonMetadata:
+    labels:
+      app.kubernetes.io/name: *app
+  dependsOn:
+    - name: emqx
+  path: ./kubernetes/apps/database/emqx/cluster
+  prune: true
+  sourceRef:
+    kind: GitRepository
+    name: home-kubernetes
+  wait: true
+  interval: 30m
+  retryInterval: 1m
+  timeout: 5m
diff --git a/kubernetes/apps/database/kustomization.yaml b/kubernetes/apps/database/kustomization.yaml
@@ -8,4 +8,5 @@ resources:
   # Flux-Kustomizations
   - ./cloudnative-pg/ks.yaml
   - ./dragonfly/ks.yaml
+  - ./emqx/ks.yaml
   - ./ferretdb/ks.yaml
diff --git a/kubernetes/flux/repositories/helm/emqx.yaml b/kubernetes/flux/repositories/helm/emqx.yaml
@@ -0,0 +1,9 @@
+---
+apiVersion: source.toolkit.fluxcd.io/v1
+kind: HelmRepository
+metadata:
+  name: emqx-charts
+  namespace: flux-system
+spec:
+  interval: 2h
+  url: https://repos.emqx.io/charts
diff --git a/kubernetes/flux/repositories/helm/kustomization.yaml b/kubernetes/flux/repositories/helm/kustomization.yaml
@@ -10,6 +10,7 @@ resources:
   - ./coredns.yaml
   - ./deliveryhero.yaml
   - ./descheduler.yaml
+  - ./emqx.yaml
   - ./external-dns.yaml
   - ./external-secrets.yaml
   - ./grafana.yaml