SeanOMik/k3s-cluster
1
0
Fork 0
Code Issues3 Pull requests20 Activity

feat: add emqx to thin cluster

Browse source
This commit is contained in:
SeanOMik 2025-02-17 19:19:59 -05:00
parent 0daa1c7735
commit ea868fd8c6
10 changed files with 319 additions and 1 deletions

49
kubernetes/thin/apps/emqx/cluster/cluster.yaml Normal file
View file

@ -0,0 +1,49 @@
# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/apps.emqx.io/emqx_v2beta1.json
apiVersion: apps.emqx.io/v2beta1
kind: EMQX
metadata:
name: emqx
spec:
image: public.ecr.aws/emqx/emqx:5.8.4
config:
data: |
authentication {
backend = "built_in_database"
mechanism = "password_based"
password_hash_algorithm {
name = "bcrypt"
}
user_id_type = "username"
bootstrap_file = "/opt/init-user.json"
bootstrap_type = "plain"
}
authorization {
sources = [
{
type = built_in_database
enable = true
}
]
no_match: "deny"
}
coreTemplate:
spec:
replicas: 2
envFrom:
- secretRef:
name: emqx-secret
extraVolumeMounts:
- name: init-user
mountPath: /opt/init-user.json
subPath: init-user.json
readOnly: true
extraVolumes:
- name: init-user
secret:
secretName: emqx-init-user-secret
listenersServiceTemplate:
metadata:
annotations:
io.cilium/lb-ipam-ips: 192.168.1.52
spec:
type: LoadBalancer

5
kubernetes/thin/apps/emqx/cluster/kustomization.yaml Normal file
View file

@ -0,0 +1,5 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- ./secret.sops.yaml
- ./cluster.yaml

142
kubernetes/thin/apps/emqx/cluster/secret.sops.yaml Normal file
View file

@ -0,0 +1,142 @@
apiVersion: v1
kind: Secret
metadata:
name: emqx-secret
stringData:
EMQX_DASHBOARD__DEFAULT_USERNAME: ENC[AES256_GCM,data:IsbvziQ=,iv:b/8O8BoFNgOPJHq1hqWLM9TUlTEZ+FEfNGmvclk9+HI=,tag:mCm55wYwJ03hN0/2VaI/CA==,type:str]
EMQX_DASHBOARD__DEFAULT_PASSWORD: ENC[AES256_GCM,data:jUDB9jxnaML0nYqjK4bSXU/lyZBPudEp,iv:rBqAI+edgezHmQoqZy1Hw20yijKlB47RU55PHxtkink=,tag:ysdknK+DLci+BZSYcRkbxA==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age: []
lastmodified: "2025-02-18T00:19:20Z"
mac: ENC[AES256_GCM,data:Zw8qoO8/XXCcMFul8HBuCBmIREW9HW1z2mLyot2O2OcloiPJBbIcyhqD7IuCYP+WVwrBCOqlSPvZuurUX4i/K6r4tlvcZDmXVSdZtGnFGLnaAefP/SFYnbAUL2AYjRKFc0DHa74TZbZmcRzTWpeX55XtMjTDLz9fmVEmrgpUkkc=,iv:aOOLK4UwRIPhUbTHpiLDORk9EWjueqyd8VBgMagfTfc=,tag:8Qfryh4qIqcUvjJklWkjkg==,type:str]
pgp:
- created_at: "2025-02-18T00:19:20Z"
enc: |-
-----BEGIN PGP MESSAGE-----
hQIMAyqlIeyoxYovARAA4f/EiQcqDQed44x0NVp8tWm6sT40Mz5hBzcPhVhu4uGZ
DUn0ladxuLaky1gTCXu2uR54F25y+YTTOb3cDsZxKMppOufM3lJ53d27BFivBbUO
p8KqzqzcCxD8dPyqS7Frorleq9V/pusEVx1xCjYvFG1N4n5WFAthX9XK+dWbRvtB
bOLQIzJ4ID5lIuOjKtmswAeR5W6cNQ37lImA0feLWm5anTF2JmIBHTQ3SYhhjFN4
9u+E6BivqCWO2EBYeUNzJ9bI/o1DhXvr7VRewILs9kLMn1MHfEDeaavZ6YEiM50U
WsWEzTBFpZhHRnzJ7vT0mH7lFHwP8uFcyi0wZBjVXurTMOiJurjT2bNwaz+lgw7T
aameMjoiK3v3DtmS1yu0AxIBCDG131/ZckxITFuuud3ZDODyttfCTWskvy6lCcOR
kCXc7I1YVN6zWX8oKU0+FPGpkbSORiDhFk5F3AGI96KMeKmaWcSBy8Qb1hwM5VfP
1HqDElOG2VeZ6aGV9gtQAlUTMhhNP3cENgUzIibq2p0ClHXXYByplJfoFU7qo30X
DnAC3ucd3pa9lyGENL4ajLC3VxbzikOHR2kh/7SWsV/W/nxXKt1fp+Ql73roKpD4
8tQpK1dR3aDjfbes575bzvdeteB3FRnapN/ariCXleLLY7b7lNKS0IrX4e0PQsyF
AgwDXjg0p2IN1X8BEADetZRi4tdeMPCypLHTjLCerlpUGaxxfLVIFnIshEvCof7j
nK2qURTJn7R4O1/2k4SUGlRmL6yryuadH0VRH6iqHttWA/QUH1xlS/KZ6rSLf++6
iRDrMDldU5ybNxEPUUlTyFTfhCJZWGD708jezZ6rZxyS48T4hX6JZfxD6BpsQVVZ
cAqWm9A98xldo8WWz/FCz/DfpSDBg7XB8pfA6oGoA6uhz0DGq1ID/SSvO2Y29oK9
em6pLIeAG0G+PAjToCD3B01nLevfPG2vMwWvoAqUy47oRhl6MCEyU8knxxnlo+uO
VVeRl9uTIrCwDBAlGzdOgZO3iCjFv0/uCxjPvAn5MCz9MF2aOMVzPaT+u4oKgU6F
zGlV9aDE19j53cKLOcSIxJOZdfv1qAAAqswyITtREq2yRzjfQqINW026ShCCZcxL
1OPyz6n3LaOZWjSAyy298hFlKXsqOm25UtlDb7ED9t1cu3fY2SHjI2L5osvLWich
lq2clU3yIuQC8diXjID1474+cVrXTEWW72XNUXshBG3CN61sn9NxQPHdK5cfEyVE
lyLltAAkYGb+300vF0bYWk5pGDlXSebyhxIFgb+hxFlxJdpeZXYIuXBlXVPv/GBs
OcQ+SrrKEtbnX+e3n90dAuyzZGu+5+Oyqd9PuJnjP2GZuA51BoT3BCOcTUZDMdRo
AQkCELme2XKkKIxJYjCtZGOBYFoSxo0OI7QW4u4R+4n8/RGyEviy39JCvIVt8tTq
XL6wAyYVvPYWcVQ0d2ybrnNKIiHMqrU7b6r5Neq8LVFGFuMlowRpu1/MxnsX5Yqy
uiX344jRJFg=
=nX/v
-----END PGP MESSAGE-----
fp: BD1AAF9D8170F4BEE437365FF6F0933799CFEBCD
- created_at: "2025-02-18T00:19:20Z"
enc: |-
-----BEGIN PGP MESSAGE-----
hQIMAy5t8IMoPu4VAQ//dp8gWin8n5nE2Qs5b2SLkxdZ3vkCZYyv6HMdc64vjIvY
wW8uJbj4zNJzWcorZAMmf7mWrj4yyOklZpLxswp6oWF7o6CR1evgnDIJRoJLIaL6
JHxomw4CJqm0ZwfksYWSudKglvbEnYIPvA1vyKYRkfM4C3H5g71Kt3B0qo5o2Zjr
zJlNK7gWoA43SWYOCCYijJrMUs54Iu7JlUCn/fQtih/ZAlrrloBt2gNnQqqQz3gV
BeXRvn+vd129Sstas9x0b6vbGcLB0yo5FOb+NhsM/jOCriMYH2PIdLB2W+sBvaPp
7gpbsMr+eie+DM7jbpgM6teAwMgIYtYoGmZ5EC3b+1FiXQA2pW/5YNgTzImDlkyh
l7MOougBKt/7J+StcXI+bqEjX5lqWr/mcaPW+mkOjCjU4qcQjV9XgHCCdsSjSWlC
Eg2R1zyG/TPJkxyWkAAe9PKji+9jFR9iaiCzC1EqkSgN9RmB/MhTpAJtbPu1nBNS
wROlpE35jRdVGSsTn7KBulCgeOTDe+IBMH/B7g550ngxLNlgJi3tF0exEz+wEBME
/UD5z/iCTlnyWxBARQKMSx72F9mpg6JBBMGh2RTgSPF5MEwBA7hytT030AF8usxX
aohlHU9g+bi3aBk4SLfsRMXBakVZZkltaqaA7zHfcI9/91omYc8CAKdUqRzaOlLU
aAEJAhBsi6Uuh97jhkBT8qfCmfXUxM+S8G3LRuY7LA8M/vIWvSWzvo39vsnJlbiV
ODKfYyr4C+pfYTRHZkzXqTdi4uWJq4gbyM5CtGFbPD5TOMSvaBorTZsgLb68/klO
ihGWcmPPieEU
=xoAO
-----END PGP MESSAGE-----
fp: 687802D4DFD8AA82EA55666CF7DADAC782D7663D
encrypted_regex: ^(data|stringData)$
version: 3.9.1
---
apiVersion: v1
kind: Secret
metadata:
name: emqx-init-user-secret
stringData:
init-user.json: ENC[AES256_GCM,data:gkd2lvCUn0lhVdyKu6MUZ5LjUqwO4u7HrbuwGh6h5hW5oC8aIPTxQZrNlvk/c4Af2VQ4P3jDhQZxPKngRyJ902n+clnr8gKGN7IrjuAsHltkUBCl/w==,iv:eOVuVR4SbDyyFjhURnNBv4V4TDL3urtbdzH61wTxxcY=,tag:0FwftIXIDIjUq8CsgI2JhA==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age: []
lastmodified: "2025-02-18T00:19:20Z"
mac: ENC[AES256_GCM,data:Zw8qoO8/XXCcMFul8HBuCBmIREW9HW1z2mLyot2O2OcloiPJBbIcyhqD7IuCYP+WVwrBCOqlSPvZuurUX4i/K6r4tlvcZDmXVSdZtGnFGLnaAefP/SFYnbAUL2AYjRKFc0DHa74TZbZmcRzTWpeX55XtMjTDLz9fmVEmrgpUkkc=,iv:aOOLK4UwRIPhUbTHpiLDORk9EWjueqyd8VBgMagfTfc=,tag:8Qfryh4qIqcUvjJklWkjkg==,type:str]
pgp:
- created_at: "2025-02-18T00:19:20Z"
enc: |-
-----BEGIN PGP MESSAGE-----
hQIMAyqlIeyoxYovARAA4f/EiQcqDQed44x0NVp8tWm6sT40Mz5hBzcPhVhu4uGZ
DUn0ladxuLaky1gTCXu2uR54F25y+YTTOb3cDsZxKMppOufM3lJ53d27BFivBbUO
p8KqzqzcCxD8dPyqS7Frorleq9V/pusEVx1xCjYvFG1N4n5WFAthX9XK+dWbRvtB
bOLQIzJ4ID5lIuOjKtmswAeR5W6cNQ37lImA0feLWm5anTF2JmIBHTQ3SYhhjFN4
9u+E6BivqCWO2EBYeUNzJ9bI/o1DhXvr7VRewILs9kLMn1MHfEDeaavZ6YEiM50U
WsWEzTBFpZhHRnzJ7vT0mH7lFHwP8uFcyi0wZBjVXurTMOiJurjT2bNwaz+lgw7T
aameMjoiK3v3DtmS1yu0AxIBCDG131/ZckxITFuuud3ZDODyttfCTWskvy6lCcOR
kCXc7I1YVN6zWX8oKU0+FPGpkbSORiDhFk5F3AGI96KMeKmaWcSBy8Qb1hwM5VfP
1HqDElOG2VeZ6aGV9gtQAlUTMhhNP3cENgUzIibq2p0ClHXXYByplJfoFU7qo30X
DnAC3ucd3pa9lyGENL4ajLC3VxbzikOHR2kh/7SWsV/W/nxXKt1fp+Ql73roKpD4
8tQpK1dR3aDjfbes575bzvdeteB3FRnapN/ariCXleLLY7b7lNKS0IrX4e0PQsyF
AgwDXjg0p2IN1X8BEADetZRi4tdeMPCypLHTjLCerlpUGaxxfLVIFnIshEvCof7j
nK2qURTJn7R4O1/2k4SUGlRmL6yryuadH0VRH6iqHttWA/QUH1xlS/KZ6rSLf++6
iRDrMDldU5ybNxEPUUlTyFTfhCJZWGD708jezZ6rZxyS48T4hX6JZfxD6BpsQVVZ
cAqWm9A98xldo8WWz/FCz/DfpSDBg7XB8pfA6oGoA6uhz0DGq1ID/SSvO2Y29oK9
em6pLIeAG0G+PAjToCD3B01nLevfPG2vMwWvoAqUy47oRhl6MCEyU8knxxnlo+uO
VVeRl9uTIrCwDBAlGzdOgZO3iCjFv0/uCxjPvAn5MCz9MF2aOMVzPaT+u4oKgU6F
zGlV9aDE19j53cKLOcSIxJOZdfv1qAAAqswyITtREq2yRzjfQqINW026ShCCZcxL
1OPyz6n3LaOZWjSAyy298hFlKXsqOm25UtlDb7ED9t1cu3fY2SHjI2L5osvLWich
lq2clU3yIuQC8diXjID1474+cVrXTEWW72XNUXshBG3CN61sn9NxQPHdK5cfEyVE
lyLltAAkYGb+300vF0bYWk5pGDlXSebyhxIFgb+hxFlxJdpeZXYIuXBlXVPv/GBs
OcQ+SrrKEtbnX+e3n90dAuyzZGu+5+Oyqd9PuJnjP2GZuA51BoT3BCOcTUZDMdRo
AQkCELme2XKkKIxJYjCtZGOBYFoSxo0OI7QW4u4R+4n8/RGyEviy39JCvIVt8tTq
XL6wAyYVvPYWcVQ0d2ybrnNKIiHMqrU7b6r5Neq8LVFGFuMlowRpu1/MxnsX5Yqy
uiX344jRJFg=
=nX/v
-----END PGP MESSAGE-----
fp: BD1AAF9D8170F4BEE437365FF6F0933799CFEBCD
- created_at: "2025-02-18T00:19:20Z"
enc: |-
-----BEGIN PGP MESSAGE-----
hQIMAy5t8IMoPu4VAQ//dp8gWin8n5nE2Qs5b2SLkxdZ3vkCZYyv6HMdc64vjIvY
wW8uJbj4zNJzWcorZAMmf7mWrj4yyOklZpLxswp6oWF7o6CR1evgnDIJRoJLIaL6
JHxomw4CJqm0ZwfksYWSudKglvbEnYIPvA1vyKYRkfM4C3H5g71Kt3B0qo5o2Zjr
zJlNK7gWoA43SWYOCCYijJrMUs54Iu7JlUCn/fQtih/ZAlrrloBt2gNnQqqQz3gV
BeXRvn+vd129Sstas9x0b6vbGcLB0yo5FOb+NhsM/jOCriMYH2PIdLB2W+sBvaPp
7gpbsMr+eie+DM7jbpgM6teAwMgIYtYoGmZ5EC3b+1FiXQA2pW/5YNgTzImDlkyh
l7MOougBKt/7J+StcXI+bqEjX5lqWr/mcaPW+mkOjCjU4qcQjV9XgHCCdsSjSWlC
Eg2R1zyG/TPJkxyWkAAe9PKji+9jFR9iaiCzC1EqkSgN9RmB/MhTpAJtbPu1nBNS
wROlpE35jRdVGSsTn7KBulCgeOTDe+IBMH/B7g550ngxLNlgJi3tF0exEz+wEBME
/UD5z/iCTlnyWxBARQKMSx72F9mpg6JBBMGh2RTgSPF5MEwBA7hytT030AF8usxX
aohlHU9g+bi3aBk4SLfsRMXBakVZZkltaqaA7zHfcI9/91omYc8CAKdUqRzaOlLU
aAEJAhBsi6Uuh97jhkBT8qfCmfXUxM+S8G3LRuY7LA8M/vIWvSWzvo39vsnJlbiV
ODKfYyr4C+pfYTRHZkzXqTdi4uWJq4gbyM5CtGFbPD5TOMSvaBorTZsgLb68/klO
ihGWcmPPieEU
=xoAO
-----END PGP MESSAGE-----
fp: 687802D4DFD8AA82EA55666CF7DADAC782D7663D
encrypted_regex: ^(data|stringData)$
version: 3.9.1

64
kubernetes/thin/apps/emqx/ks.yaml Normal file
View file

@ -0,0 +1,64 @@
# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json
apiVersion: kustomize.toolkit.fluxcd.io/v1
kind: Kustomization
metadata:
name: &app emqx
namespace: flux-system
spec:
commonMetadata:
labels:
app.kubernetes.io/name: *app
targetNamespace: emqx
timeout: 5m
interval: 30m
path: ./kubernetes/thin/apps/emqx/operator
prune: true
wait: true
sourceRef:
kind: GitRepository
name: home-cluster
decryption:
provider: sops
secretRef:
name: sops-gpg
postBuild:
substitute: {}
substituteFrom:
- kind: ConfigMap
name: cluster-settings
- kind: Secret
name: cluster-secrets
---
# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json
apiVersion: kustomize.toolkit.fluxcd.io/v1
kind: Kustomization
metadata:
name: &app emqx-cluster
namespace: flux-system
spec:
commonMetadata:
labels:
app.kubernetes.io/name: *app
targetNamespace: emqx
timeout: 5m
interval: 30m
path: ./kubernetes/thin/apps/emqx/cluster
prune: true
wait: true
sourceRef:
kind: GitRepository
name: home-cluster
decryption:
provider: sops
secretRef:
name: sops-gpg
dependsOn:
- name: emqx
namespace: flux-system
postBuild:
substitute: {}
substituteFrom:
- kind: ConfigMap
name: cluster-settings
- kind: Secret
name: cluster-secrets

6
kubernetes/thin/apps/emqx/kustomization.yaml Normal file
View file

@ -0,0 +1,6 @@
# yaml-language-server: $schema=https://json.schemastore.org/kustomization
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- ./namespace.yaml
- ./ks.yaml

6
kubernetes/thin/apps/emqx/namespace.yaml Normal file
View file

@ -0,0 +1,6 @@
apiVersion: v1
kind: Namespace
metadata:
name: emqx
annotations:
kustomize.toolkit.fluxcd.io/prune: emqx

32
kubernetes/thin/apps/emqx/operator/helm-release.yaml Normal file
View file

@ -0,0 +1,32 @@
# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/helm.toolkit.fluxcd.io/helmrelease_v2.json
apiVersion: helm.toolkit.fluxcd.io/v2
kind: HelmRelease
metadata:
name: emqx-operator
namespace: emqx
spec:
interval: 5m
chart:
spec:
chart: emqx-operator
version: 2.2.28
sourceRef:
kind: HelmRepository
name: emqx
namespace: flux-system
install:
remediation:
retries: 3
upgrade:
cleanupOnFail: true
remediation:
strategy: rollback
retries: 3
dependsOn:
- name: cert-manager
namespace: cert-manager
values:
fullnameOverride: emqx
replicaCount: 1
image:
repository: ghcr.io/emqx/emqx-operator

4
kubernetes/thin/apps/emqx/operator/kustomization.yaml Normal file
View file

@ -0,0 +1,4 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- ./helm-release.yaml

9
kubernetes/thin/apps/helm-repositories.yaml
View file

@ -61,3 +61,12 @@ metadata:
spec:
interval: 2h
url: https://helm.cilium.io/
---
apiVersion: source.toolkit.fluxcd.io/v1
kind: HelmRepository
metadata:
name: emqx
namespace: flux-system
spec:
interval: 2h
url: https://repos.emqx.io/charts

3
kubernetes/thin/apps/kustomization.yaml
View file

@ -19,4 +19,5 @@ resources:
- ./database
- ../../common/apps/exim/ks.yaml
- ./monitoring
- ./default
- ./default
- ./emqx