auricom-home-cluster/cluster/apps/home-automation/emqx/helm-release.yaml

---
apiVersion: helm.toolkit.fluxcd.io/v2beta1
kind: HelmRelease
metadata:
  name: emqx
  namespace: home-automation
spec:
  interval: 5m
  chart:
    spec:
      # renovate: registryUrl=https://repos.emqx.io/charts
      chart: emqx
      version: 4.4.5
      sourceRef:
        kind: HelmRepository
        name: emqx-charts
        namespace: flux-system
      interval: 5m
  values:
    replicaCount: 3
    recreatePods: true

    emqxConfig:
      EMQX_ALLOW_ANONYMOUS: "false"
      EMQX_ADMIN_PASSWORD: "${SECRET_EMQX_ADMIN_PASSWORD}"
      EMQX_AUTH__MNESIA__PASSWORD_HASH: plain
      EMQX_AUTH__USER__1__USERNAME: "${SECRET_MQTT_USERNAME}"
      EMQX_AUTH__USER__1__PASSWORD: "${SECRET_MQTT_PASSWORD}"

    emqxAclConfig: >
      {allow, {user, "dashboard"}, subscribe, ["$SYS/#"]}.
      {allow, {ipaddr, "127.0.0.1"}, pubsub, ["$SYS/#", "#"]}.
      {allow, all, subscribe, ["$SYS/#", {eq, "#"}]}.
      {allow, all}.
    emqxLoadedPlugins: >
      {emqx_management, true}.
      {emqx_recon, true}.
      {emqx_retainer, true}.
      {emqx_dashboard, true}.
      {emqx_telemetry, false}.
      {emqx_rule_engine, true}.
      {emqx_bridge_mqtt, false}.
      {emqx_auth_mnesia, true}.
      {emqx_prometheus, true}.
    emqxLoadedModules: >
      {emqx_mod_presence, true}.
      {emqx_mod_delayed, false}.
      {emqx_mod_rewrite, false}.
      {emqx_mod_subscription, false}.
      {emqx_mod_topic_metrics, true}.

    service:
      annotations:
        prometheus.io/probe: "true"
        prometheus.io/protocol: tcp
      type: LoadBalancer
      externalIPs:
        - ${CLUSTER_LB_EMQX}
      externalTrafficPolicy: Local

    ingress:
      dashboard:
        enabled: true
        ingressClassName: nginx
        path: /
        hosts:
          - &host "emqx.${SECRET_CLUSTER_DOMAIN}"
        tls:
          - hosts:
              - *host

    metrics:
      enabled: true

    affinity:
      podAntiAffinity:
        preferredDuringSchedulingIgnoredDuringExecution:
          - weight: 100
            podAffinityTerm:
              labelSelector:
                matchExpressions:
                  - key: app.kubernetes.io/name
                    operator: In
                    values:
                      - emqx
              topologyKey: kubernetes.io/hostname

    resources:
      requests:
        cpu: 100m
        memory: 150Mi
      limits:
        memory: 512Mi