add helm charts
This commit is contained in:
Ybehrooz
283
backing-services/emqx/values.yaml
Normal file
283
backing-services/emqx/values.yaml
Normal file
@@ -0,0 +1,283 @@
|
||||
## Default values for emqx.
|
||||
## This is a YAML-formatted file.
|
||||
## Declare variables to be passed into your templates.
|
||||
|
||||
## It is recommended to have odd number of nodes in a cluster, otherwise the emqx cluster cannot be automatically healed in case of net-split.
|
||||
replicaCount: 3
|
||||
image:
|
||||
repository: emqx/emqx
|
||||
pullPolicy: IfNotPresent
|
||||
# Overrides the image tag whose default is the chart appVersion.
|
||||
tag: ""
|
||||
## Optionally specify an array of imagePullSecrets.
|
||||
## Secrets must be manually created in the namespace.
|
||||
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
|
||||
##
|
||||
# pullSecrets:
|
||||
# - myRegistryKeySecretName
|
||||
|
||||
serviceAccount:
|
||||
# Specifies whether a service account should be created
|
||||
# If set false, means you need create service account by yourself
|
||||
create: true
|
||||
# The name of the service account to use.
|
||||
# If not set and create is true, a name is generated using the fullname template
|
||||
name: ""
|
||||
# Annotations to add to the service account
|
||||
annotations: {}
|
||||
|
||||
# The name of a secret in the same kubernetes namespace which contains values to
|
||||
# be added to the environment (must be manually created)
|
||||
# This can be useful for passwords and logins, etc.
|
||||
|
||||
# envFromSecret: "emqx-secrets"
|
||||
|
||||
## Forces the recreation of pods during helm upgrades. This can be useful to update configuration values even if the container image did not change.
|
||||
recreatePods: false
|
||||
|
||||
## Sets the minReadySeconds parameter on the stateful set. This can be used to add delay between restart / updates between the single pods.
|
||||
minReadySeconds:
|
||||
|
||||
## Sets the priorityClassName parameter on the pods. This can be used to run the pods with increased priority.
|
||||
priorityClassName:
|
||||
|
||||
clusterDomain: cluster.local
|
||||
|
||||
## Custom annotations to be added to the pods
|
||||
podAnnotations: {}
|
||||
|
||||
## Custom labels to be added to the pods
|
||||
podLabels: {}
|
||||
|
||||
# Pod deployment policy
|
||||
# value: OrderedReady | Parallel
|
||||
# To redeploy a chart with existing PVC(s), the value must be set to Parallel to avoid deadlock
|
||||
podManagementPolicy: Parallel
|
||||
|
||||
persistence:
|
||||
enabled: false
|
||||
size: 20Mi
|
||||
storageClassName: ""
|
||||
accessMode: ReadWriteOnce
|
||||
## Existing PersistentVolumeClaims
|
||||
## The value is evaluated as a template
|
||||
## So, for example, the name can depend on .Release or .Chart
|
||||
# existingClaim: ""
|
||||
|
||||
resources: {}
|
||||
# limits:
|
||||
# cpu: 500m
|
||||
# memory: 512Mi
|
||||
# requests:
|
||||
# cpu: 500m
|
||||
# memory: 512Mi
|
||||
|
||||
extraVolumeMounts: []
|
||||
## Additional volumeMounts to the default backend container.
|
||||
# - name: my-owner-acl
|
||||
# mountPath: /opt/emqx/etc/acl.conf
|
||||
# subPath: acl.conf
|
||||
|
||||
extraVolumes: []
|
||||
## Additional volumes to the default backend pod.
|
||||
# - name: my-owner-acl
|
||||
# secret: fake-acl-conf
|
||||
|
||||
# Containers that run before the creation of EMQX containers. They can contain utilities or setup scripts.
|
||||
initContainers: {}
|
||||
# - name: sysctl
|
||||
# image: busybox
|
||||
# securityContext:
|
||||
# runAsUser: 0
|
||||
# runAsGroup: 0
|
||||
# capabilities:
|
||||
# add:
|
||||
# - SYS_ADMIN
|
||||
# drop:
|
||||
# - ALL
|
||||
# command:
|
||||
# - /bin/sh
|
||||
# - -c
|
||||
# - |
|
||||
# mount -o remount rw /proc/sys
|
||||
# sysctl -w net.core.somaxconn=65535
|
||||
# sysctl -w net.ipv4.ip_local_port_range="1024 65535"
|
||||
# sysctl -w kernel.core_uses_pid=0
|
||||
# sysctl -w net.ipv4.tcp_tw_reuse=1
|
||||
# sysctl -w fs.nr_open=1000000000
|
||||
# sysctl -w fs.file-max=1000000000
|
||||
# sysctl -w net.ipv4.ip_local_port_range='1025 65534'
|
||||
# sysctl -w net.ipv4.udp_mem='74583000 499445000 749166000'
|
||||
# sysctl -w net.ipv4.tcp_max_sync_backlog=163840
|
||||
# sysctl -w net.core.netdev_max_backlog=163840
|
||||
# sysctl -w net.core.optmem_max=16777216
|
||||
# sysctl -w net.ipv4.tcp_rmem='1024 4096 16777216'
|
||||
# sysctl -w net.ipv4.tcp_wmem='1024 4096 16777216'
|
||||
# sysctl -w net.ipv4.tcp_max_tw_buckets=1048576
|
||||
# sysctl -w net.ipv4.tcp_fin_timeout=15
|
||||
# sysctl -w net.core.rmem_default=262144000
|
||||
# sysctl -w net.core.wmem_default=262144000
|
||||
# sysctl -w net.core.rmem_max=262144000
|
||||
# sysctl -w net.core.wmem_max=262144000
|
||||
# sysctl -w net.ipv4.tcp_mem='378150000 504200000 756300000'
|
||||
# sysctl -w net.netfilter.nf_conntrack_max=1000000
|
||||
# sysctl -w net.netfilter.nf_conntrack_tcp_timeout_time_wait=30
|
||||
|
||||
## EMQX configuration item, see the documentation (https://hub.docker.com/r/emqx/emqx)
|
||||
emqxConfig:
|
||||
EMQX_CLUSTER__DISCOVERY_STRATEGY: "dns"
|
||||
EMQX_DASHBOARD__DEFAULT_USERNAME: "admin"
|
||||
EMQX_DASHBOARD__DEFAULT_PASSWORD: "public"
|
||||
|
||||
## EMQX Enterprise Edition requires manual creation of a Secret containing the licensed content. Write the name of Secret to the value of "emqxLicenseSecretName"
|
||||
## Example:
|
||||
## kubectl create secret generic emqx-license-secret-name --from-file=/path/to/emqx.lic
|
||||
emqxLicenseSecretName:
|
||||
|
||||
service:
|
||||
## Service type
|
||||
##
|
||||
type: ClusterIP
|
||||
## The cluster IP if one wants to customize it to a fixed value
|
||||
##
|
||||
clusterIP: None
|
||||
## Port for MQTT
|
||||
##
|
||||
mqtt: 1883
|
||||
## Port for MQTT(SSL)
|
||||
##
|
||||
mqttssl: 8883
|
||||
## Port for WebSocket/HTTP
|
||||
##
|
||||
ws: 8083
|
||||
## Port for WSS/HTTPS
|
||||
##
|
||||
wss: 8084
|
||||
## Port for dashboard and API
|
||||
##
|
||||
dashboard: 18083
|
||||
## Port for dashboard and API over HTTPS
|
||||
##
|
||||
# dashboardtls: 18084
|
||||
## Specify the nodePort(s) value for the LoadBalancer and NodePort service types.
|
||||
## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport
|
||||
##
|
||||
nodePorts:
|
||||
mqtt:
|
||||
mqttssl:
|
||||
mgmt:
|
||||
ws:
|
||||
wss:
|
||||
dashboard:
|
||||
dashboardtls:
|
||||
## Specifies the load balancer implementation this Service belongs to.
|
||||
## Once set, it can not be changed.
|
||||
##
|
||||
# loadBalancerClass:
|
||||
## Set the LoadBalancer service type to internal only.
|
||||
## ref: https://kubernetes.io/docs/concepts/services-networking/service/#internal-load-balancer
|
||||
##
|
||||
# loadBalancerIP:
|
||||
## Load Balancer sources
|
||||
## ref: https://kubernetes.io/docs/tasks/access-application-cluster/configure-cloud-provider-firewall/#restrict-access-for-loadbalancer-service
|
||||
## Example:
|
||||
## loadBalancerSourceRanges:
|
||||
## - 10.10.10.0/24
|
||||
##
|
||||
loadBalancerSourceRanges: []
|
||||
## Set the ExternalIPs
|
||||
##
|
||||
externalIPs: []
|
||||
## Denotes if this Service desires to route external traffic to node-local or cluster-wide endpoints.
|
||||
## There are two available options: Cluster (default) and Local.
|
||||
## Cluster obscures the client source IP and may cause a second hop to another node, but should have good overall load-spreading.
|
||||
## Local preserves the client source IP and avoids a second hop for LoadBalancer and NodePort type Services, but risks potentially imbalanced traffic spreading.
|
||||
##
|
||||
externalTrafficPolicy: "Cluster"
|
||||
## Provide any additional annotations which may be required. Evaluated as a template
|
||||
##
|
||||
annotations: {}
|
||||
labels: {}
|
||||
|
||||
nodeSelector: {}
|
||||
|
||||
tolerations: []
|
||||
|
||||
affinity: {}
|
||||
|
||||
topologySpreadConstraints: []
|
||||
|
||||
ingress:
|
||||
## ingress for EMQX Dashboard
|
||||
dashboard:
|
||||
enabled: false
|
||||
# ingressClassName: nginx
|
||||
annotations: {}
|
||||
# kubernetes.io/ingress.class: nginx
|
||||
# kubernetes.io/tls-acme: "true"
|
||||
path: /
|
||||
pathType: ImplementationSpecific
|
||||
hosts:
|
||||
- dashboard.emqx.local
|
||||
tls: []
|
||||
## ingress for MQTT
|
||||
mqtt:
|
||||
enabled: false
|
||||
# ingressClassName: haproxy
|
||||
annotations: {}
|
||||
# kubernetes.io/ingress.class: haproxy
|
||||
# kubernetes.io/tls-acme: "true"
|
||||
# haproxy-ingress.github.io/tcp-service-port: "8883"
|
||||
# haproxy-ingress.github.io/proxy-protocol: "v2"
|
||||
path: /
|
||||
pathType: ImplementationSpecific
|
||||
hosts:
|
||||
- mqtt.emqx.local
|
||||
tls: []
|
||||
ws:
|
||||
enabled: false
|
||||
# ingressClassName: haproxy
|
||||
annotations: {}
|
||||
# kubernetes.io/ingress.class: haproxy
|
||||
# kubernetes.io/tls-acme: "true"
|
||||
# haproxy-ingress.github.io/tcp-service-port: "8883"
|
||||
# haproxy-ingress.github.io/proxy-protocol: "v2"
|
||||
path: /mqtt
|
||||
pathType: ImplementationSpecific
|
||||
hosts:
|
||||
- mqtt.emqx.local
|
||||
tls: []
|
||||
|
||||
podSecurityContext:
|
||||
enabled: true
|
||||
fsGroup: 1000
|
||||
fsGroupChangePolicy: Always
|
||||
runAsUser: 1000
|
||||
supplementalGroups:
|
||||
- 1000
|
||||
|
||||
containerSecurityContext:
|
||||
enabled: true
|
||||
runAsNonRoot: true
|
||||
runAsUser: 1000
|
||||
|
||||
metrics:
|
||||
enabled: false
|
||||
type: prometheus
|
||||
|
||||
ssl:
|
||||
enabled: false
|
||||
useExisting: false
|
||||
existingName: emqx-tls
|
||||
dnsnames: []
|
||||
commonName:
|
||||
issuer:
|
||||
name: letsencrypt-dns
|
||||
kind: ClusterIssuer
|
||||
|
||||
## Setting PodDisruptionBudget.
|
||||
## ref: https://kubernetes.io/docs/tasks/run-application/configure-pdb
|
||||
##
|
||||
pdb:
|
||||
enabled: false
|
||||
maxUnavailable: 1
|
||||
Reference in New Issue
Block a user