Thanks to visit codestin.com
Credit goes to github.com

Skip to content

feat: Add possibility to overwrite team broker configuration #665

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 4 commits into from
Sep 4, 2025
Merged

feat: Add possibility to overwrite team broker configuration #665

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
4 commits
Select commit Hold shift + click to select a range
d91ac53
Replace emqx config with value
ppawlowski Sep 3, 2025
ec1cb1a
Update default values and values schema
ppawlowski Sep 3, 2025
290ac49
Update docs
ppawlowski Sep 3, 2025
95d1b47
Merge branch 'main' into feat-team-broker-config
ppawlowski Sep 4, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
1 change: 1 addition & 0 deletions helm/flowfuse/README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -131,6 +131,7 @@ To use STMP to send email
- `broker.service.type` allows to set the service type for the Team Broker service (default `ClusterIP`)
- `broker.service.mqtt.nodePort` allows to set custom nodePort value for `mqtt` port when `broker.service.type` value is set to `NodePort` (default not set)
- `broker.service.ws.nodePort` allows to set custom nodePort value for `ws` port when `broker.service.type` value is set to `NodePort` (default not set)
- `broker.config` allows to overwrite the default Team Broker configuration

### Telemetry

Expand Down
138 changes: 1 addition & 137 deletions helm/flowfuse/templates/emqx.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -11,143 +11,7 @@ spec:
imagePullPolicy: IfNotPresent
config:
data: |
authentication = [
{
backend = http
body = {
clientId = "${clientid}"
username = "${username}"
password = "${password}"
}
enable = true
connect_timeout = "15s"
enable_pipelining = 1
headers {
content-type = "application/json"
}
mechanism = password_based
method = post
pool_size = 8
request_timeout = "15s"
ssl {
enable = false
}
url = "http://forge.{{ .Release.Namespace }}/api/comms/v2/auth"
}
]
mqtt {
max_packet_size: 128MB
max_awaiting_rel = infinity
}
authorization {
cache {
enable = true
excludes = []
max_size = 32
ttl = "1m"
}
deny_action = ignore
no_match = allow
sources = [
{
enable = true
enable_pipelining = 1
connect_timeout = "15s"
request_timeout = "30s"
pool_size = 8
body {
action = "${action}"
topic = "${topic}"
username = "${username}"
}
headers {
content-type = "application/json"
}
method = post
type = http
ssl {
enable = false
}
url = "http://forge.{{ .Release.Namespace }}/api/comms/v2/acls"
}
]
}
listeners {
tcp {
default {
bind = "0.0.0.0:1883"
access_rules = [
"allow all"
]
enable = true
enable_authn = true
mountpoint = "${client_attrs.team}"
max_connections = infinity
acceptors = 16
proxy_protocol = false
proxy_protocol_timeout = 3s
tcp_options {
backlog = 1024
send_timeout = 15s
recbuf = 2KB
sndbuf = 4KB
buffer = 4KB
high_watermark = 1MB
nodelay = true
reuseaddr = true
keepalive = "none"
}
}
}
ssl {
default {
enable = false
}
}
wss {
default {
enable = false
}
}
ws {
default {
bind = "0.0.0.0:8080"
access_rules = [
"allow all"
]
enable = true
enable_authn = true
mountpoint = "${client_attrs.team}"
max_connections = infinity
proxy_protocol = false
proxy_protocol_timeout = 3s
tcp_options {
backlog = 1024
send_timeout = 15s
recbuf = 2KB
sndbuf = 4KB
buffer = 4KB
high_watermark = 1MB
nodelay = true
reuseaddr = true
keepalive = "none"
}
websocket {
mqtt_path = "/"
allow_origin_absence = true
check_origin_enable = false
fail_if_no_subprotocol = true
supported_subprotocols = "mqtt, mqtt-v3, mqtt-v3.1.1 mqtt-v5"
mqtt_piggyback = multiple
compress = false
idle_timeout = 7200s
max_frame_size = infinity
proxy_address_header = "x-forwarded-for"
proxy_port_header = "x-forwarded-port"
}
}
}
}
{{- tpl .Values.broker.config . | nindent 10 }}
bootstrapAPIKeys:
- secretRef:
key:
Expand Down
4 changes: 4 additions & 0 deletions helm/flowfuse/values.schema.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -1152,6 +1152,10 @@
}
},
"required": ["type"]
},
"config": {
"type": "string",
"description": "EMQX configuration rendered into spec.config.data via tpl."
}
}
},
Expand Down
138 changes: 138 additions & 0 deletions helm/flowfuse/values.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -180,6 +180,144 @@ broker:
listenersServiceTemplate: {}
dashboardServiceTemplate: {}
existingSecret: ''
config: |
authentication = [
{
backend = http
body = {
clientId = "${clientid}"
username = "${username}"
password = "${password}"
}
enable = true
connect_timeout = "15s"
enable_pipelining = 1
headers {
content-type = "application/json"
}
mechanism = password_based
method = post
pool_size = 8
request_timeout = "15s"
ssl {
enable = false
}
url = "http://forge.{{ .Release.Namespace }}/api/comms/v2/auth"
}
]
mqtt {
max_packet_size: 128MB
max_awaiting_rel = infinity
}
authorization {
cache {
enable = true
excludes = []
max_size = 32
ttl = "1m"
}
deny_action = ignore
no_match = allow
sources = [
{
enable = true
enable_pipelining = 1
connect_timeout = "15s"
request_timeout = "30s"
pool_size = 8
body {
action = "${action}"
topic = "${topic}"
username = "${username}"
}
headers {
content-type = "application/json"
}
method = post
type = http
ssl {
enable = false
}
url = "http://forge.{{ .Release.Namespace }}/api/comms/v2/acls"
Copy link
Contributor

@hardillb hardillb Sep 3, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I assume this works because we use {{- tpl ...

Copy link
Contributor Author

@ppawlowski ppawlowski Sep 4, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

That is correct (source)

}
]
}
listeners {
tcp {
default {
bind = "0.0.0.0:1883"
access_rules = [
"allow all"
]
enable = true
enable_authn = true
mountpoint = "${client_attrs.team}"
max_connections = infinity
acceptors = 16
proxy_protocol = false
proxy_protocol_timeout = 3s
tcp_options {
backlog = 1024
send_timeout = 15s
recbuf = 2KB
sndbuf = 4KB
buffer = 4KB
high_watermark = 1MB
nodelay = true
reuseaddr = true
keepalive = "none"
}
}
}
ssl {
default {
enable = false
}
}
wss {
default {
enable = false
}
}
ws {
default {
bind = "0.0.0.0:8080"
access_rules = [
"allow all"
]
enable = true
enable_authn = true
mountpoint = "${client_attrs.team}"
max_connections = infinity
proxy_protocol = false
proxy_protocol_timeout = 3s
tcp_options {
backlog = 1024
send_timeout = 15s
recbuf = 2KB
sndbuf = 4KB
buffer = 4KB
high_watermark = 1MB
nodelay = true
reuseaddr = true
keepalive = "none"
}
websocket {
mqtt_path = "/"
allow_origin_absence = true
check_origin_enable = false
fail_if_no_subprotocol = true
supported_subprotocols = "mqtt, mqtt-v3, mqtt-v3.1.1 mqtt-v5"
mqtt_piggyback = multiple
compress = false
idle_timeout = 7200s
max_frame_size = infinity
proxy_address_header = "x-forwarded-for"
proxy_port_header = "x-forwarded-port"
}
}
}
}
monitoring:
emqxExporter:
enabled: false
Expand Down
Loading