shpaq/auricom-home-cluster
1
0
Fork 0
mirror of https://github.com/auricom/home-cluster.git synced 2025-09-17 18:24:14 +02:00
Code Issues Packages Projects Releases Wiki Activity

feat: add emqx

Browse Source
This commit is contained in:
auricom
2021-07-15 23:52:22 +02:00
parent 2c0e890612
commit e149abfada
7 changed files with 117 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

97
cluster/apps/home/emqx/helm-release.yaml Normal file
View File

@@ -0,0 +1,97 @@
---
apiVersion: helm.toolkit.fluxcd.io/v2beta1
kind: HelmRelease
metadata:
name: emqx
namespace: home
spec:
interval: 5m
chart:
spec:
# renovate: registryUrl=https://repos.emqx.io/charts
chart: emqx
version: 4.3.5
sourceRef:
kind: HelmRepository
name: emqx-charts
namespace: flux-system
interval: 5m
values:
replicaCount: 3
recreatePods: true
service:
annotations:
prometheus.io/probe: "true"
prometheus.io/protocol: tcp
type: LoadBalancer
loadBalancerIP: ${CLUSTER_LB_EMQX}
externalTrafficPolicy: Local
ingress:
dashboard:
enabled: true
annotations:
kubernetes.io/ingress.class: "nginx"
path: /
hosts:
- emqx.${SECRET_CLUSTER_DOMAIN}
tls:
- hosts:
- emqx.${SECRET_CLUSTER_DOMAIN}
emqxConfig:
EMQX_ALLOW_ANONYMOUS: "false"
EMQX_ADMIN_PASSWORD: "${SECRET_EMQX_ADMIN_PASSWORD}"
EMQX_AUTH__MNESIA__PASSWORD_HASH: plain
EMQX_AUTH__USER__1__USERNAME: "${SECRET_MQTT_USERNAME}"
EMQX_AUTH__USER__1__PASSWORD: "${SECRET_MQTT_PASSWORD}"
emqxAclConfig: >
{allow, {user, "dashboard"}, subscribe, ["$SYS/#"]}.
{allow, {ipaddr, "127.0.0.1"}, pubsub, ["$SYS/#", "#"]}.
{allow, all, subscribe, ["$SYS/#", {eq, "#"}]}.
{allow, all}.
emqxLoadedPlugins: >
{emqx_management, true}.
{emqx_recon, true}.
{emqx_retainer, true}.
{emqx_dashboard, true}.
{emqx_telemetry, false}.
{emqx_rule_engine, true}.
{emqx_bridge_mqtt, false}.
{emqx_auth_mnesia, true}.
{emqx_prometheus, true}.
emqxLoadedModules: >
{emqx_mod_presence, true}.
{emqx_mod_delayed, false}.
{emqx_mod_rewrite, false}.
{emqx_mod_subscription, false}.
{emqx_mod_topic_metrics, true}.
affinity:
podAntiAffinity:
preferredDuringSchedulingIgnoredDuringExecution:
- weight: 100
podAffinityTerm:
labelSelector:
matchExpressions:
- key: app.kubernetes.io/name
operator: In
values:
- emqx
topologyKey: kubernetes.io/hostname
resources:
requests:
cpu: 100m
memory: 150Mi
limits:
memory: 512Mi
postRenderers:
- kustomize:
patchesJson6902:
- target:
kind: Service
name: emqx
patch:
- op: remove
path: /spec/loadBalancerIP
- op: add
path: /spec/externalIPs
value:
- "${CLUSTER_LB_EMQX}"

4
cluster/apps/home/emqx/kustomization.yaml Normal file
View File

@@ -0,0 +1,4 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- helm-release.yaml

1
cluster/apps/home/kustomization.yaml
View File

@@ -1,6 +1,7 @@
apiVersion: kustomize.config.k8s.io/v1beta1 apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization kind: Kustomization
resources: resources:
- emqx
- esphome - esphome
- frigate - frigate
- home-assistant - home-assistant

10
cluster/base-custom/charts/emxq-charts.yaml Normal file
View File

@@ -0,0 +1,10 @@
---
apiVersion: source.toolkit.fluxcd.io/v1beta1
kind: HelmRepository
metadata:
name: emqx-charts
namespace: flux-system
spec:
interval: 10m
url: https://repos.emqx.io/charts
timeout: 3m

1
cluster/base-custom/charts/kustomization.yaml
View File

@@ -6,6 +6,7 @@ resources:
- cert-manager-webhook-ovh.yaml - cert-manager-webhook-ovh.yaml
- coredns-charts.yaml - coredns-charts.yaml
- drone-charts.yaml - drone-charts.yaml
- emxq-charts.yaml
- gitea-charts.yaml - gitea-charts.yaml
- grafana-loki-charts.yaml - grafana-loki-charts.yaml
- influxdata-charts.yaml - influxdata-charts.yaml

5
cluster/base-custom/secrets/cluster-secrets.yaml
View File

@@ -36,6 +36,7 @@ stringData:
SECRET_DRONE_PLUGIN_TOKEN: ENC[AES256_GCM,data:5zirGXl7kqJeaqnK9GcWysmvasRmZYaXJSNeQA==,iv:m6jYVsLePa3tqTz1HgPQ3JbzoNiByxWSUnJLyeg6c0s=,tag:mwzpMtUcpFXn8OB1k3z8Kg==,type:str] SECRET_DRONE_PLUGIN_TOKEN: ENC[AES256_GCM,data:5zirGXl7kqJeaqnK9GcWysmvasRmZYaXJSNeQA==,iv:m6jYVsLePa3tqTz1HgPQ3JbzoNiByxWSUnJLyeg6c0s=,tag:mwzpMtUcpFXn8OB1k3z8Kg==,type:str]
SECRET_DRONE_RPC_SECRET: ENC[AES256_GCM,data:H0kp40OESjjO4rCns9OGnduNDwdfYFsFzZPMyFvhD0I=,iv:5wCmFMhmvXSa7x4B3M4ZbRFfTLpHOCmIgQnLMnUv7fA=,tag:R6ZvlSQWSbqu2/fIzNK+Xg==,type:str] SECRET_DRONE_RPC_SECRET: ENC[AES256_GCM,data:H0kp40OESjjO4rCns9OGnduNDwdfYFsFzZPMyFvhD0I=,iv:5wCmFMhmvXSa7x4B3M4ZbRFfTLpHOCmIgQnLMnUv7fA=,tag:R6ZvlSQWSbqu2/fIzNK+Xg==,type:str]
SECRET_DOCKER_REGISTRY_HTPASSWD: ENC[AES256_GCM,data:2MyR0U0yFEkKDpcZMyqHPACP0eS7GlahQdvnRgHqYegVA8+ig6MZmDkNOGzOsrBNZAXdMr3q7UaAS9Cd/ycrpVLRHS8=,iv:9jakifhzX3YFKpISzRgL92lPPqSlfBcaibelHhds2L8=,tag:8m2j1qX94B1QnOaCyvbEIA==,type:str] SECRET_DOCKER_REGISTRY_HTPASSWD: ENC[AES256_GCM,data:2MyR0U0yFEkKDpcZMyqHPACP0eS7GlahQdvnRgHqYegVA8+ig6MZmDkNOGzOsrBNZAXdMr3q7UaAS9Cd/ycrpVLRHS8=,iv:9jakifhzX3YFKpISzRgL92lPPqSlfBcaibelHhds2L8=,tag:8m2j1qX94B1QnOaCyvbEIA==,type:str]
SECRET_EMQX_ADMIN_PASSWORD: ENC[AES256_GCM,data:i8G1/VWwAn7Tlr7Od5+XWshZtqOUM+wS,iv:WJjRXhxhTWB1g6eQHwo5uwz6ZTC/ARWWL5BAaceZow4=,tag:0wSUDjVgvhmkfV/AH2kdmQ==,type:str]
SECRET_GITEA_ADMIN_EMAIL: ENC[AES256_GCM,data:KBAcyGqLv2E+gxQXouY28KIW8zFM,iv:MWNo0rbnNlJIbzFwzb7ErnLy1SmXvXcdRTVHykNfvtM=,tag:Sy4KRJhKnbXiKlbPuWm2VA==,type:str] SECRET_GITEA_ADMIN_EMAIL: ENC[AES256_GCM,data:KBAcyGqLv2E+gxQXouY28KIW8zFM,iv:MWNo0rbnNlJIbzFwzb7ErnLy1SmXvXcdRTVHykNfvtM=,tag:Sy4KRJhKnbXiKlbPuWm2VA==,type:str]
SECRET_GITEA_ADMIN_PASSWORD: ENC[AES256_GCM,data:rfFObpWDIcJ4ljgqdMU=,iv:v+AZElA3alqCt1nAbRvyYnHWNL5ifo/kMa0n27kfpNM=,tag:cZOWMNAE+Z6fQm+LZWSKdw==,type:str] SECRET_GITEA_ADMIN_PASSWORD: ENC[AES256_GCM,data:rfFObpWDIcJ4ljgqdMU=,iv:v+AZElA3alqCt1nAbRvyYnHWNL5ifo/kMa0n27kfpNM=,tag:cZOWMNAE+Z6fQm+LZWSKdw==,type:str]
SECRET_GITEA_DB_PASSWORD: ENC[AES256_GCM,data:4/nWusn3aDGe+crwvXI=,iv:a2562BD27lO3RhMHMGRACg8zZFnLHBWt1SoUQkOUGbw=,tag:hUhwuPWlyMzKQfQqfaO82Q==,type:str] SECRET_GITEA_DB_PASSWORD: ENC[AES256_GCM,data:4/nWusn3aDGe+crwvXI=,iv:a2562BD27lO3RhMHMGRACg8zZFnLHBWt1SoUQkOUGbw=,tag:hUhwuPWlyMzKQfQqfaO82Q==,type:str]
@@ -86,8 +87,8 @@ sops:
azure_kv: [] azure_kv: []
hc_vault: [] hc_vault: []
age: [] age: []
lastmodified: "2021-05-18T15:10:47Z" lastmodified: "2021-07-15T21:50:02Z"
mac: ENC[AES256_GCM,data:tgpaewqm1V57anSffLFXcSxSpijea+sUxXMnEI/hGo9wGUvEl7oun6UwCjRXXThW/HeNt09a5QQQcz39FEPc0eqb8LtPscBE7c00zg+sdBXpA1SnLz6vA9DQRkw5CtjuryoeB7VwdvhRaVI4lRZtsEEO6tb5czaRfDLt6U6Uxy8=,iv:KXnz9aLx2FiyGVF79OEYoSRJdVi7Xhk0haUzgkKZs3I=,tag:L4Z5CMm+IsK3bp5pbNVdFw==,type:str] mac: ENC[AES256_GCM,data:Hs5KbzdHYJcGlXbJqJ2XPfXMv+8Mi7VwlAlz49v265iedygywehp+6SEV0W2ZcD3ShjQjw0Ibp3YvJXx8uzSopedjzramfIBfqRw0fogjVy4mUBOqa6qUd8WWSjPOUZS1nTcOQ/swEBt28a7h1JK6A+f2Om3ZlKRKg7msli2Afk=,iv:Wn68zrKFcOpYwUUuDPrHnNSTaib/wPsiK7Xxn0XiISs=,tag:7MmQa9RQcnSmfX/UHJppZQ==,type:str]
pgp: pgp:
- created_at: "2021-04-19T23:03:06Z" - created_at: "2021-04-19T23:03:06Z"
enc: | enc: |

1
cluster/base-custom/settings/cluster-settings.yaml
View File

@@ -14,5 +14,6 @@ data:
CLUSTER_LB_RESILIOSYNC: 192.168.169.106 CLUSTER_LB_RESILIOSYNC: 192.168.169.106
CLUSTER_LB_VERNEMQ: 192.168.169.107 CLUSTER_LB_VERNEMQ: 192.168.169.107
CLUSTER_LB_LOKI_SYSLOG: 192.168.169.108 CLUSTER_LB_LOKI_SYSLOG: 192.168.169.108
CLUSTER_LB_EMQX: 192.168.169.109
CLUSTER_LB_TDARR: 192.168.169.110 CLUSTER_LB_TDARR: 192.168.169.110
LOCAL_LAN: 192.168.8.0/22 LOCAL_LAN: 192.168.8.0/22