feat(emqx): update database and init user scripts #3863
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
--- kubernetes/apps/database/emqx/app Kustomization: flux-system/emqx ExternalSecret: database/emqx
+++ kubernetes/apps/database/emqx/app Kustomization: flux-system/emqx ExternalSecret: database/emqx
@@ -18,12 +18,8 @@
target:
name: emqx-secret
template:
data:
EMQX_DASHBOARD__DEFAULT_PASSWORD: '{{ .EMQX_DASHBOARD__DEFAULT_PASSWORD }}'
EMQX_DASHBOARD__DEFAULT_USERNAME: '{{ .EMQX_DASHBOARD__DEFAULT_USERNAME }}'
- X_EMQX_APIKEY_KEY: '{{ .X_EMQX_APIKEY_KEY }}'
- X_EMQX_APIKEY_SECRET: '{{ .X_EMQX_APIKEY_SECRET }}'
- X_EMQX_MQTT_PASSWORD: '{{ .X_EMQX_MQTT_PASSWORD }}'
- X_EMQX_MQTT_USERNAME: '{{ .X_EMQX_MQTT_USERNAME }}'
engineVersion: v2
--- kubernetes/apps/database/emqx/app Kustomization: flux-system/emqx HelmRelease: database/emqx
+++ kubernetes/apps/database/emqx/app Kustomization: flux-system/emqx HelmRelease: database/emqx
@@ -30,7 +30,8 @@
retries: 3
strategy: rollback
values:
fullnameOverride: emqx-operator
image:
repository: ghcr.io/emqx/emqx-operator
+ replicaCount: 2
--- kubernetes/apps/database/emqx/app Kustomization: flux-system/emqx ExternalSecret: database/emqx-init-user
+++ kubernetes/apps/database/emqx/app Kustomization: flux-system/emqx ExternalSecret: database/emqx-init-user
@@ -0,0 +1,26 @@
+---
+apiVersion: external-secrets.io/v1beta1
+kind: ExternalSecret
+metadata:
+ labels:
+ app.kubernetes.io/name: emqx
+ kustomize.toolkit.fluxcd.io/name: emqx
+ kustomize.toolkit.fluxcd.io/namespace: flux-system
+ name: emqx-init-user
+ namespace: database
+spec:
+ dataFrom:
+ - extract:
+ key: emqx
+ refreshInterval: 5m
+ secretStoreRef:
+ kind: ClusterSecretStore
+ name: onepassword-connect
+ target:
+ name: emqx-init-user-secret
+ template:
+ data:
+ init-user.json: |
+ [{"user_id": "{{ .X_EMQX_MQTT_USERNAME }}", "password": "{{ .X_EMQX_MQTT_PASSWORD }}", "is_superuser": true}]
+ engineVersion: v2
+
--- kubernetes/apps/database/emqx/cluster Kustomization: flux-system/emqx-cluster EMQX: database/emqx
+++ kubernetes/apps/database/emqx/cluster Kustomization: flux-system/emqx-cluster EMQX: database/emqx
@@ -6,29 +6,23 @@
app.kubernetes.io/name: emqx-cluster
kustomize.toolkit.fluxcd.io/name: emqx-cluster
kustomize.toolkit.fluxcd.io/namespace: flux-system
name: emqx
namespace: database
spec:
- bootstrapAPIKeys:
- - secretRef:
- key:
- secretKey: X_EMQX_APIKEY_KEY
- secretName: emqx-secret
- secret:
- secretKey: X_EMQX_APIKEY_SECRET
- secretName: emqx-secret
config:
data: |
authentication {
backend = "built_in_database"
mechanism = "password_based"
password_hash_algorithm {
- name = "bcrypt",
+ name = "bcrypt"
}
user_id_type = "username"
+ bootstrap_file = "/opt/init-user.json"
+ bootstrap_type = "plain"
}
authorization {
sources = [
{
type = built_in_database
enable = true
@@ -41,32 +35,21 @@
annotations:
reloader.stakater.com/auto: 'true'
spec:
envFrom:
- secretRef:
name: emqx-secret
- extraContainers:
- - command:
- - python
- - /init-mqtt.py
- env:
- - name: X_EMQX_ADDRESS
- value: emqx-dashboard.database.svc.cluster.local:18083
- envFrom:
- - secretRef:
- name: emqx-secret
- image: docker.io/library/python:3.13-alpine
- name: init-mqtt
- volumeMounts:
- - mountPath: /init-mqtt.py
- name: init-mqtt
- subPath: init-mqtt.py
+ extraVolumeMounts:
+ - mountPath: /opt/init-user.json
+ name: init-user
+ readOnly: true
+ subPath: init-user.json
extraVolumes:
- - configMap:
- name: emqx-init-mqtt-configmap
- name: init-mqtt
+ - name: init-user
+ secret:
+ secretName: emqx-init-user-secret
replicas: 3
image: public.ecr.aws/emqx/emqx:5.8.3
listenersServiceTemplate:
metadata:
annotations:
lbipam.cilium.io/ips: 192.168.86.30
--- kubernetes/apps/database/emqx/cluster Kustomization: flux-system/emqx-cluster ConfigMap: database/emqx-init-mqtt-configmap
+++ kubernetes/apps/database/emqx/cluster Kustomization: flux-system/emqx-cluster ConfigMap: database/emqx-init-mqtt-configmap
@@ -1,91 +0,0 @@
----
-apiVersion: v1
-data:
- init-mqtt.py: |
- import os
- import json
- import time
- from typing import Optional
- from urllib.request import Request, urlopen
- from urllib.error import URLError
-
- class EMQXManager:
- def __init__(self, emqx_address: str, admin_username: str, admin_password: str,
- mqtt_username: str, mqtt_password: str) -> None:
- self.emqx_address = emqx_address
- self.admin_username = admin_username
- self.admin_password = admin_password
- self.mqtt_username = mqtt_username
- self.mqtt_password = mqtt_password
-
- def wait_for_emqx(self) -> None:
- while True:
- try:
- response = urlopen(f"http://{self.emqx_address}/api/v5/status")
- if response.getcode() == 200:
- print("EMQX started, ready to initialize..")
- break
- except URLError:
- print("Waiting for EMQX to start..")
- time.sleep(5)
-
- def get_api_token(self) -> Optional[str]:
- data = json.dumps({"username": self.admin_username, "password": self.admin_password}).encode('utf-8')
- req = Request(f"http://{self.emqx_address}/api/v5/login", data=data, headers={'Content-Type': 'application/json'})
- try:
- with urlopen(req) as response:
- response_data = json.loads(response.read().decode('utf-8'))
- return response_data.get('token', None)
- except URLError as e:
- print(f"Error: {e}")
- return None
-
- def create_mqtt_user(self, api_token: str) -> bool:
- data = json.dumps({"user_id": self.mqtt_username, "password": self.mqtt_password, "is_superuser": True}).encode('utf-8')
- headers = {'Authorization': f'Bearer {api_token}', 'Content-Type': 'application/json'}
- req = Request(f"http://{self.emqx_address}/api/v5/authentication/password_based:built_in_database/users", data=data, headers=headers)
- try:
- with urlopen(req) as response:
- return response.getcode() == 200
- except URLError as e:
- print(f"Error: {e}")
- return False
-
- def main() -> None:
- emqx_address = os.environ.get('X_EMQX_ADDRESS')
- admin_username = os.environ.get('EMQX_DASHBOARD__DEFAULT_USERNAME')
- admin_password = os.environ.get('EMQX_DASHBOARD__DEFAULT_PASSWORD')
- mqtt_username = os.environ.get('X_EMQX_MQTT_USERNAME')
- mqtt_password = os.environ.get('X_EMQX_MQTT_PASSWORD')
-
- if not all([emqx_address, admin_username, admin_password, mqtt_username, mqtt_password]):
- print("Missing environment variables.")
- return
-
- emqx_manager = EMQXManager(emqx_address, admin_username, admin_password, mqtt_username, mqtt_password)
- emqx_manager.wait_for_emqx()
-
- api_token = emqx_manager.get_api_token()
- if api_token:
- success = emqx_manager.create_mqtt_user(api_token)
- if success:
- print(f"User {mqtt_username} created successfully.")
- else:
- print(f"Error creating user {mqtt_username} or user already exists.")
- else:
- print("Login failed.")
-
- while True:
- time.sleep(1)
-
- if __name__ == "__main__":
- main()
-kind: ConfigMap
-metadata:
- labels:
- app.kubernetes.io/name: emqx-cluster
- kustomize.toolkit.fluxcd.io/name: emqx-cluster
- kustomize.toolkit.fluxcd.io/namespace: flux-system
- name: emqx-init-mqtt-configmap
- namespace: database
- |
--- HelmRelease: database/emqx Deployment: database/emqx-operator-controller-manager
+++ HelmRelease: database/emqx Deployment: database/emqx-operator-controller-manager
@@ -7,13 +7,13 @@
app.kubernetes.io/name: emqx-operator
app.kubernetes.io/instance: emqx
app.kubernetes.io/managed-by: Helm
name: emqx-operator-controller-manager
namespace: database
spec:
- replicas: 1
+ replicas: 2
revisionHistoryLimit: 10
selector:
matchLabels:
control-plane: controller-manager
app.kubernetes.io/name: emqx-operator
app.kubernetes.io/instance: emqx |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
No description provided.