From d91ac538ec4e141068e8896b7bf4359cc1b8f369 Mon Sep 17 00:00:00 2001 From: ppawlowski Date: Wed, 3 Sep 2025 20:48:49 +0200 Subject: [PATCH 1/3] Replace emqx config with value --- helm/flowfuse/templates/emqx.yaml | 138 +----------------------------- 1 file changed, 1 insertion(+), 137 deletions(-) diff --git a/helm/flowfuse/templates/emqx.yaml b/helm/flowfuse/templates/emqx.yaml index 825e987d..2590a121 100644 --- a/helm/flowfuse/templates/emqx.yaml +++ b/helm/flowfuse/templates/emqx.yaml @@ -11,143 +11,7 @@ spec: imagePullPolicy: IfNotPresent config: data: | - authentication = [ - { - backend = http - body = { - clientId = "${clientid}" - username = "${username}" - password = "${password}" - } - enable = true - connect_timeout = "15s" - enable_pipelining = 1 - headers { - content-type = "application/json" - } - mechanism = password_based - method = post - pool_size = 8 - request_timeout = "15s" - ssl { - enable = false - } - url = "http://forge.{{ .Release.Namespace }}/api/comms/v2/auth" - } - ] - mqtt { - max_packet_size: 128MB - max_awaiting_rel = infinity - } - authorization { - cache { - enable = true - excludes = [] - max_size = 32 - ttl = "1m" - } - deny_action = ignore - no_match = allow - sources = [ - { - enable = true - enable_pipelining = 1 - connect_timeout = "15s" - request_timeout = "30s" - pool_size = 8 - body { - action = "${action}" - topic = "${topic}" - username = "${username}" - } - headers { - content-type = "application/json" - } - method = post - type = http - ssl { - enable = false - } - url = "http://forge.{{ .Release.Namespace }}/api/comms/v2/acls" - } - ] - } - listeners { - tcp { - default { - bind = "0.0.0.0:1883" - access_rules = [ - "allow all" - ] - enable = true - enable_authn = true - mountpoint = "${client_attrs.team}" - max_connections = infinity - acceptors = 16 - proxy_protocol = false - proxy_protocol_timeout = 3s - tcp_options { - backlog = 1024 - send_timeout = 15s - recbuf = 2KB - sndbuf = 4KB - buffer = 4KB - high_watermark = 1MB - nodelay = true - reuseaddr = true - keepalive = "none" - } - } - } - ssl { - default { - enable = false - } - } - wss { - default { - enable = false - } - } - ws { - default { - bind = "0.0.0.0:8080" - access_rules = [ - "allow all" - ] - enable = true - enable_authn = true - mountpoint = "${client_attrs.team}" - max_connections = infinity - proxy_protocol = false - proxy_protocol_timeout = 3s - tcp_options { - backlog = 1024 - send_timeout = 15s - recbuf = 2KB - sndbuf = 4KB - buffer = 4KB - high_watermark = 1MB - nodelay = true - reuseaddr = true - keepalive = "none" - } - websocket { - mqtt_path = "/" - allow_origin_absence = true - check_origin_enable = false - fail_if_no_subprotocol = true - supported_subprotocols = "mqtt, mqtt-v3, mqtt-v3.1.1 mqtt-v5" - mqtt_piggyback = multiple - compress = false - idle_timeout = 7200s - max_frame_size = infinity - proxy_address_header = "x-forwarded-for" - proxy_port_header = "x-forwarded-port" - } - } - } - } +{{- tpl .Values.broker.config . | nindent 10 }} bootstrapAPIKeys: - secretRef: key: From ec1cb1ab00ab346893416a9b1a1bb86aeefe5ffd Mon Sep 17 00:00:00 2001 From: ppawlowski Date: Wed, 3 Sep 2025 20:49:04 +0200 Subject: [PATCH 2/3] Update default values and values schema --- helm/flowfuse/values.schema.json | 4 + helm/flowfuse/values.yaml | 138 +++++++++++++++++++++++++++++++ 2 files changed, 142 insertions(+) diff --git a/helm/flowfuse/values.schema.json b/helm/flowfuse/values.schema.json index 01c7f1d4..acf14570 100644 --- a/helm/flowfuse/values.schema.json +++ b/helm/flowfuse/values.schema.json @@ -1152,6 +1152,10 @@ } }, "required": ["type"] + }, + "config": { + "type": "string", + "description": "EMQX configuration rendered into spec.config.data via tpl." } } }, diff --git a/helm/flowfuse/values.yaml b/helm/flowfuse/values.yaml index 8e9a1cf3..769125cb 100644 --- a/helm/flowfuse/values.yaml +++ b/helm/flowfuse/values.yaml @@ -180,6 +180,144 @@ broker: listenersServiceTemplate: {} dashboardServiceTemplate: {} existingSecret: '' + config: | + authentication = [ + { + backend = http + body = { + clientId = "${clientid}" + username = "${username}" + password = "${password}" + } + enable = true + connect_timeout = "15s" + enable_pipelining = 1 + headers { + content-type = "application/json" + } + mechanism = password_based + method = post + pool_size = 8 + request_timeout = "15s" + ssl { + enable = false + } + url = "http://forge.{{ .Release.Namespace }}/api/comms/v2/auth" + } + ] + mqtt { + max_packet_size: 128MB + max_awaiting_rel = infinity + } + authorization { + cache { + enable = true + excludes = [] + max_size = 32 + ttl = "1m" + } + deny_action = ignore + no_match = allow + sources = [ + { + enable = true + enable_pipelining = 1 + connect_timeout = "15s" + request_timeout = "30s" + pool_size = 8 + body { + action = "${action}" + topic = "${topic}" + username = "${username}" + } + headers { + content-type = "application/json" + } + method = post + type = http + ssl { + enable = false + } + url = "http://forge.{{ .Release.Namespace }}/api/comms/v2/acls" + } + ] + } + listeners { + tcp { + default { + bind = "0.0.0.0:1883" + access_rules = [ + "allow all" + ] + enable = true + enable_authn = true + mountpoint = "${client_attrs.team}" + max_connections = infinity + acceptors = 16 + proxy_protocol = false + proxy_protocol_timeout = 3s + tcp_options { + backlog = 1024 + send_timeout = 15s + recbuf = 2KB + sndbuf = 4KB + buffer = 4KB + high_watermark = 1MB + nodelay = true + reuseaddr = true + keepalive = "none" + } + } + } + ssl { + default { + enable = false + } + } + wss { + default { + enable = false + } + } + ws { + default { + bind = "0.0.0.0:8080" + access_rules = [ + "allow all" + ] + enable = true + enable_authn = true + mountpoint = "${client_attrs.team}" + max_connections = infinity + proxy_protocol = false + proxy_protocol_timeout = 3s + tcp_options { + backlog = 1024 + send_timeout = 15s + recbuf = 2KB + sndbuf = 4KB + buffer = 4KB + high_watermark = 1MB + nodelay = true + reuseaddr = true + keepalive = "none" + } + websocket { + mqtt_path = "/" + allow_origin_absence = true + check_origin_enable = false + fail_if_no_subprotocol = true + supported_subprotocols = "mqtt, mqtt-v3, mqtt-v3.1.1 mqtt-v5" + mqtt_piggyback = multiple + compress = false + idle_timeout = 7200s + max_frame_size = infinity + proxy_address_header = "x-forwarded-for" + proxy_port_header = "x-forwarded-port" + } + } + } + } monitoring: emqxExporter: enabled: false From 290ac49b6b08c18e747be14adba62547cc7d00f6 Mon Sep 17 00:00:00 2001 From: ppawlowski Date: Wed, 3 Sep 2025 20:49:21 +0200 Subject: [PATCH 3/3] Update docs --- helm/flowfuse/README.md | 1 + 1 file changed, 1 insertion(+) diff --git a/helm/flowfuse/README.md b/helm/flowfuse/README.md index 8f4cd7f1..41e77d50 100644 --- a/helm/flowfuse/README.md +++ b/helm/flowfuse/README.md @@ -131,6 +131,7 @@ To use STMP to send email - `broker.service.type` allows to set the service type for the Team Broker service (default `ClusterIP`) - `broker.service.mqtt.nodePort` allows to set custom nodePort value for `mqtt` port when `broker.service.type` value is set to `NodePort` (default not set) - `broker.service.ws.nodePort` allows to set custom nodePort value for `ws` port when `broker.service.type` value is set to `NodePort` (default not set) + - `broker.config` allows to overwrite the default Team Broker configuration ### Telemetry