feat(emqx): update database and init user scripts

blackjid · Dec 19, 2024 · 1c0fcf8 · 1c0fcf8
1 parent 78d58fa
commit 1c0fcf8
Show file tree

Hide file tree

Showing 9 changed files with 34 additions and 280 deletions.
diff --git a/kubernetes/apps/database/emqx/app/externalsecret.yaml b/kubernetes/apps/database/emqx/app/externalsecret.yaml
@@ -15,10 +15,27 @@ spec:
       data:
         EMQX_DASHBOARD__DEFAULT_USERNAME: "{{ .EMQX_DASHBOARD__DEFAULT_USERNAME }}"
         EMQX_DASHBOARD__DEFAULT_PASSWORD: "{{ .EMQX_DASHBOARD__DEFAULT_PASSWORD }}"
-        X_EMQX_MQTT_USERNAME: "{{ .X_EMQX_MQTT_USERNAME }}"
-        X_EMQX_MQTT_PASSWORD: "{{ .X_EMQX_MQTT_PASSWORD }}"
-        X_EMQX_APIKEY_KEY: "{{ .X_EMQX_APIKEY_KEY }}"
-        X_EMQX_APIKEY_SECRET: "{{ .X_EMQX_APIKEY_SECRET }}"
+  dataFrom:
+    - extract:
+        key: emqx
+---
+# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/external-secrets.io/externalsecret_v1beta1.json
+apiVersion: external-secrets.io/v1beta1
+kind: ExternalSecret
+metadata:
+  name: emqx-init-user
+spec:
+  refreshInterval: 5m
+  secretStoreRef:
+    kind: ClusterSecretStore
+    name: onepassword-connect
+  target:
+    name: emqx-init-user-secret
+    template:
+      engineVersion: v2
+      data:
+        init-user.json: |
+          [{"user_id": "{{ .X_EMQX_MQTT_USERNAME }}", "password": "{{ .X_EMQX_MQTT_PASSWORD }}", "is_superuser": true}]
   dataFrom:
     - extract:
         key: emqx
diff --git a/kubernetes/apps/database/emqx/app/helmrelease.yaml b/kubernetes/apps/database/emqx/app/helmrelease.yaml
@@ -27,5 +27,6 @@ spec:
       namespace: cert-manager
   values:
     fullnameOverride: emqx-operator
+    replicaCount: 2
     image:
       repository: ghcr.io/emqx/emqx-operator
diff --git a/kubernetes/apps/database/emqx/cluster/cluster.yaml b/kubernetes/apps/database/emqx/cluster/cluster.yaml
@@ -12,9 +12,11 @@ spec:
         backend = "built_in_database"
         mechanism = "password_based"
         password_hash_algorithm {
-            name = "bcrypt",
+            name = "bcrypt"
         }
         user_id_type = "username"
+        bootstrap_file = "/opt/init-user.json"
+        bootstrap_type = "plain"
       }
       authorization {
         sources = [
@@ -25,39 +27,24 @@ spec:
         ]
         no_match: "deny"
       }
-  bootstrapAPIKeys:
-    - secretRef:
-        key:
-          secretName: emqx-secret
-          secretKey: X_EMQX_APIKEY_KEY
-        secret:
-          secretName: emqx-secret
-          secretKey: X_EMQX_APIKEY_SECRET
   coreTemplate:
     metadata:
       annotations:
         reloader.stakater.com/auto: "true"
     spec:
       replicas: 3
-      envFrom: &envFrom
+      envFrom:
         - secretRef:
             name: emqx-secret
-      extraContainers:
-        - name: init-mqtt
-          image: docker.io/library/python:3.13-alpine
-          env:
-            - name: X_EMQX_ADDRESS
-              value: emqx-dashboard.database.svc.cluster.local:18083
-          envFrom: *envFrom
-          command: ["python", "/init-mqtt.py"]
-          volumeMounts:
-            - name: init-mqtt
-              mountPath: /init-mqtt.py
-              subPath: init-mqtt.py
+      extraVolumeMounts:
+        - name: init-user
+          mountPath: /opt/init-user.json
+          subPath: init-user.json
+          readOnly: true
       extraVolumes:
-        - name: init-mqtt
-          configMap:
-            name: emqx-init-mqtt-configmap
+        - name: init-user
+          secret:
+            secretName: emqx-init-user-secret
   listenersServiceTemplate:
     metadata:
       annotations:

diff --git a/kubernetes/apps/database/emqx/cluster/kustomization.yaml b/kubernetes/apps/database/emqx/cluster/kustomization.yaml
@@ -6,9 +6,3 @@ resources:
   - ./cluster.yaml
   - ./ingress.yaml
   - ./podmonitor.yaml
-configMapGenerator:
-  - name: emqx-init-mqtt-configmap
-    files:
-      - init-mqtt.py=./resources/init-mqtt.py
-generatorOptions:
-  disableNameSuffixHash: true
diff --git a/kubernetes/apps/database/emqx/cluster/resources/init-mqtt.py b/kubernetes/apps/database/emqx/cluster/resources/init-mqtt.py
diff --git a/kubernetes/apps/database/emqx/exporter/externalsecret.yaml b/kubernetes/apps/database/emqx/exporter/externalsecret.yaml
diff --git a/kubernetes/apps/database/emqx/exporter/helmrelease.yaml b/kubernetes/apps/database/emqx/exporter/helmrelease.yaml
diff --git a/kubernetes/apps/database/emqx/exporter/kustomization.yaml b/kubernetes/apps/database/emqx/exporter/kustomization.yaml
diff --git a/kubernetes/apps/database/emqx/ks.yaml b/kubernetes/apps/database/emqx/ks.yaml
@@ -42,27 +42,3 @@ spec:
   wait: true
   interval: 30m
   timeout: 5m
-# ---
-# # yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json
-# apiVersion: kustomize.toolkit.fluxcd.io/v1
-# kind: Kustomization
-# metadata:
-#   name: &app emqx-exporter
-#   namespace: flux-system
-# spec:
-#   targetNamespace: database
-#   commonMetadata:
-#     labels:
-#       app.kubernetes.io/name: *app
-#   dependsOn:
-#     - name: emqx-cluster
-#     - name: external-secrets-stores
-#   path: ./kubernetes/main/apps/database/emqx/exporter
-#   prune: true
-#   sourceRef:
-#     kind: GitRepository
-#     name: home-kubernetes
-#   wait: false
-#   interval: 30m
-#
-#   timeout: 5m