cedricve · October 21, 2024 14:18
diff --git a/vernemq b/vernemq
 # Default values for vernemq.
 # This is a YAML-formatted file.
 # Declare variables to be passed into your templates.

 replicaCount: 1

 image:
  repository: vernemq/vernemq
  tag: 1.11.0-alpine
  pullPolicy: IfNotPresent

 nameOverride: ""
 fullnameOverride: ""

 serviceMonitor:
  create: false

 service:
  # NodePort - Listen to a port on nodes and forward to the service.
  # ClusterIP - Listen on the service internal to the cluster only.
  # LoadBalancer - Create a LoadBalancer in the cloud provider and forward to the service.
  type: LoadBalancer
 #  clusterIP: 10.1.2.4
 #  externalIPs: []
 #  loadBalancerIP: 10.1.2.4
 #  loadBalancerSourceRanges: []
 #  sessionAffinity: None
 #  sessionAffinityConfig: {}
  mqtt:
    enabled: true
    port: 1883
    # This is the port used by nodes to expose the service
    nodePort: 1883
  mqtts:
    enabled: true
    port: 8883
    # This is the port used by nodes to expose the service
    nodePort: 8883
  ws:
    enabled: true
    port: 8080
    # This is the port used by nodes to expose the service
    nodePort: 8080
  wss:
    enabled: true
    port: 8443
    # This is the port used by nodes to expose the service
    nodePort: 8443
  annotations: {}
  labels: {}

 ## Ingress can optionally be applied when enabling the MQTT websocket service
 ## This allows for an ingress controller to route web ports and arbitrary hostnames
 ## and paths to the websocket service as well as allow the controller to handle TLS
 ## termination for the websocket traffic. Ingress is only possible for traffic exchanged
 ## over HTTP, so ONLY the websocket service take advantage of ingress.
 ingress:
  enabled: false

  labels: {}

  annotations: {}

  ## Hosts must be provided if ingress is enabled.
  ##
  hosts: []
    # - vernemq.domain.com

  ## Paths to use for ingress rules.
  ##
  paths:
    - /

  ## TLS configuration for ingress
  ## Secret must be manually created in the namespace
  ##
  tls: []
  # - secretName: vernemq-tls
  #   hosts:
  #   - vernemq.domain.com

 ## VerneMQ resources requests and limits
 ## Ref: http://kubernetes.io/docs/user-guide/compute-resources
 resources: 
  ## We usually recommend not to specify default resources and to leave this as a conscious
  ## choice for the user. This also increases chances charts run on environments with little
  ## resources, such as Minikube. If you do want to specify resources, uncomment the following
  ## lines, adjust them as necessary, and remove the curly braces after 'resources:'.
  limits:
    cpu: 500m
    memory: 1024Mi
  requests:
    cpu: 500m
    memory: 1024Mi

 ## Node labels for pod assignment
 ## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector
 nodeSelector: {}

 ## Node tolerations for pod assignment
 ## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#taints-and-tolerations-beta-feature
 tolerations: []

 ## Pod affinity
 ## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity
 podAntiAffinity: soft

 securityContext:
  runAsUser: 10000
  runAsGroup: 10000
  fsGroup: 10000

 ## If RBAC is enabled on the cluster,VerneMQ needs a service account
 ## with permissisions sufficient to list pods
 rbac:
  create: true
  serviceAccount:
    create: true
    ## Service account name to be used.
    ## If not set and serviceAccount.create is true a name is generated using the fullname template.
 #    name:

 persistentVolume:
  ## If true, VerneMQ will create/use a Persistent Volume Claim
  ## If false, use local directory
  enabled: false

  ## VerneMQ data Persistent Volume access modes
  ## Must match those of existing PV or dynamic provisioner
  ## Ref: http://kubernetes.io/docs/user-guide/persistent-volumes/
  accessModes:
    - ReadWriteOnce

  ## VerneMQ data Persistent Volume size
  size: 5Gi

  ## VerneMQ data Persistent Volume Storage Class
  ## If defined, storageClassName: <storageClass>
  ## If set to "-", storageClassName: "", which disables dynamic provisioning
  ## If undefined (the default) or set to null, no storageClassName spec is
  ##   set, choosing the default provisioner.  (gp2 on AWS, standard on
  ##   GKE, AWS & OpenStack)
 #  storageClass: ""

  ## Annotations for Persistent Volume Claim
  annotations: {}

 extraVolumeMounts: []
 ## Additional volumeMounts to the pod.
 #  - name: additional-volume-mount
 #    mountPath: /var/additional-volume-path

 extraVolumes: []
 ## Additional volumes to the pod.
 #  - name: additional-volume
 #    emptyDir: {}

 # A list of secrets and their paths to mount inside the pod
 # This is useful for mounting certificates for security (tls)
 secretMounts:
  - name: vernemq-certificates
    secretName: vernemq-certificates-secret
    path: /etc/ssl/vernemq

 statefulset:
  ## Start and stop pods in Parallel or OrderedReady (one-by-one.)  Note - Can not change after first release.
  ## Ref: https://kubernetes.io/docs/tutorials/stateful-application/basic-stateful-set/#pod-management-policy
  podManagementPolicy: OrderedReady
  ## Statefulsets rolling update update strategy
  ## Ref: https://kubernetes.io/docs/tutorials/stateful-application/basic-stateful-set/#rolling-update
  updateStrategy: RollingUpdate
  ## Configure how much time VerneMQ takes to move offline queues to other nodes
  ## Ref: https://vernemq.com/docs/clustering/#detailed-cluster-leave-case-a-make-a-live-node-leave
  terminationGracePeriodSeconds: 60
  ## Liveness and Readiness probe values
  ## Ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes
  livenessProbe:
    initialDelaySeconds: 90
    periodSeconds: 10
    timeoutSeconds: 5
    successThreshold: 1
    failureThreshold: 3
  readinessProbe:
    initialDelaySeconds: 90
    periodSeconds: 10
    timeoutSeconds: 5
    successThreshold: 1
    failureThreshold: 3
  podAnnotations: {}
 #    prometheus.io/scrape: "true"
 #    prometheus.io/port: "8888"
  annotations: {}
  labels: {}
  lifecycle: {}

 pdb:
  enabled: false
  minAvailable: 1
  # maxUnavailable: 1

 ## VerneMQ settings

 additionalEnv:
  - name: DOCKER_VERNEMQ_ALLOW_REGISTER_DURING_NETSPLIT
    value: "on"
  - name: DOCKER_VERNEMQ_ALLOW_PUBLISH_DURING_NETSPLIT
    value: "on"
  - name: DOCKER_VERNEMQ_ALLOW_SUBSCRIBE_DURING_NETSPLIT
    value: "on"
  - name: DOCKER_VERNEMQ_ALLOW_UNSUBSCRIBE_DURING_NETSPLIT
    value: "on"
  - name: DOCKER_VERNEMQ_ACCEPT_EULA
    value: "yes"
  - name: DOCKER_VERNEMQ_ALLOW_ANONYMOUS
    value: "on"
  #- name: DOCKER_VERNEMQ_USER_YOURUSERNAME
  #  value: "yourpassword"
  - name: DOCKER_VERNEMQ_LISTENER__SSL__CAFILE
    value: "/etc/ssl/vernemq/tls.crt"
  - name: DOCKER_VERNEMQ_LISTENER__SSL__CERTFILE
    value: "/etc/ssl/vernemq/tls.crt"
  - name: DOCKER_VERNEMQ_LISTENER__SSL__KEYFILE
    value: "/etc/ssl/vernemq/tls.key"
  - name: DOCKER_VERNEMQ_LISTENER__WSS__CAFILE
    value: "/etc/ssl/vernemq/tls.crt"
  - name: DOCKER_VERNEMQ_LISTENER__WSS__CERTFILE
    value: "/etc/ssl/vernemq/tls.crt"
  - name: DOCKER_VERNEMQ_LISTENER__WSS__KEYFILE
    value: "/etc/ssl/vernemq/tls.key"

 envFrom: []
 # add additional environment variables e.g. from a configmap or secret
 # can be usefull if you wanna use authentication via files
 #  - secretRef:
 #      name: vernemq-users
	# Default values for vernemq.
	# This is a YAML-formatted file.
	# Declare variables to be passed into your templates.

	replicaCount: 1

	image:
	repository: vernemq/vernemq
	tag: 1.11.0-alpine
	pullPolicy: IfNotPresent

	nameOverride: ""
	fullnameOverride: ""

	serviceMonitor:
	create: false

	service:
	# NodePort - Listen to a port on nodes and forward to the service.
	# ClusterIP - Listen on the service internal to the cluster only.
	# LoadBalancer - Create a LoadBalancer in the cloud provider and forward to the service.
	type: LoadBalancer
	# clusterIP: 10.1.2.4
	# externalIPs: []
	# loadBalancerIP: 10.1.2.4
	# loadBalancerSourceRanges: []
	# sessionAffinity: None
	# sessionAffinityConfig: {}
	mqtt:
	enabled: true
	port: 1883
	# This is the port used by nodes to expose the service
	nodePort: 1883
	mqtts:
	enabled: true
	port: 8883
	# This is the port used by nodes to expose the service
	nodePort: 8883
	ws:
	enabled: true
	port: 8080
	# This is the port used by nodes to expose the service
	nodePort: 8080
	wss:
	enabled: true
	port: 8443
	# This is the port used by nodes to expose the service
	nodePort: 8443
	annotations: {}
	labels: {}

	## Ingress can optionally be applied when enabling the MQTT websocket service
	## This allows for an ingress controller to route web ports and arbitrary hostnames
	## and paths to the websocket service as well as allow the controller to handle TLS
	## termination for the websocket traffic. Ingress is only possible for traffic exchanged
	## over HTTP, so ONLY the websocket service take advantage of ingress.
	ingress:
	enabled: false

	labels: {}

	annotations: {}

	## Hosts must be provided if ingress is enabled.
	##
	hosts: []
	# - vernemq.domain.com

	## Paths to use for ingress rules.
	##
	paths:
	- /

	## TLS configuration for ingress
	## Secret must be manually created in the namespace
	##
	tls: []
	# - secretName: vernemq-tls
	# hosts:
	# - vernemq.domain.com

	## VerneMQ resources requests and limits
	## Ref: http://kubernetes.io/docs/user-guide/compute-resources
	resources:
	## We usually recommend not to specify default resources and to leave this as a conscious
	## choice for the user. This also increases chances charts run on environments with little
	## resources, such as Minikube. If you do want to specify resources, uncomment the following
	## lines, adjust them as necessary, and remove the curly braces after 'resources:'.
	limits:
	cpu: 500m
	memory: 1024Mi
	requests:
	cpu: 500m
	memory: 1024Mi

	## Node labels for pod assignment
	## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector
	nodeSelector: {}

	## Node tolerations for pod assignment
	## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#taints-and-tolerations-beta-feature
	tolerations: []

	## Pod affinity
	## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity
	podAntiAffinity: soft

	securityContext:
	runAsUser: 10000
	runAsGroup: 10000
	fsGroup: 10000

	## If RBAC is enabled on the cluster,VerneMQ needs a service account
	## with permissisions sufficient to list pods
	rbac:
	create: true
	serviceAccount:
	create: true
	## Service account name to be used.
	## If not set and serviceAccount.create is true a name is generated using the fullname template.
	# name:

	persistentVolume:
	## If true, VerneMQ will create/use a Persistent Volume Claim
	## If false, use local directory
	enabled: false

	## VerneMQ data Persistent Volume access modes
	## Must match those of existing PV or dynamic provisioner
	## Ref: http://kubernetes.io/docs/user-guide/persistent-volumes/
	accessModes:
	- ReadWriteOnce

	## VerneMQ data Persistent Volume size
	size: 5Gi

	## VerneMQ data Persistent Volume Storage Class
	## If defined, storageClassName: <storageClass>
	## If set to "-", storageClassName: "", which disables dynamic provisioning
	## If undefined (the default) or set to null, no storageClassName spec is
	## set, choosing the default provisioner. (gp2 on AWS, standard on
	## GKE, AWS & OpenStack)
	# storageClass: ""

	## Annotations for Persistent Volume Claim
	annotations: {}

	extraVolumeMounts: []
	## Additional volumeMounts to the pod.
	# - name: additional-volume-mount
	# mountPath: /var/additional-volume-path

	extraVolumes: []
	## Additional volumes to the pod.
	# - name: additional-volume
	# emptyDir: {}

	# A list of secrets and their paths to mount inside the pod
	# This is useful for mounting certificates for security (tls)
	secretMounts:
	- name: vernemq-certificates
	secretName: vernemq-certificates-secret
	path: /etc/ssl/vernemq

	statefulset:
	## Start and stop pods in Parallel or OrderedReady (one-by-one.) Note - Can not change after first release.
	## Ref: https://kubernetes.io/docs/tutorials/stateful-application/basic-stateful-set/#pod-management-policy
	podManagementPolicy: OrderedReady
	## Statefulsets rolling update update strategy
	## Ref: https://kubernetes.io/docs/tutorials/stateful-application/basic-stateful-set/#rolling-update
	updateStrategy: RollingUpdate
	## Configure how much time VerneMQ takes to move offline queues to other nodes
	## Ref: https://vernemq.com/docs/clustering/#detailed-cluster-leave-case-a-make-a-live-node-leave
	terminationGracePeriodSeconds: 60
	## Liveness and Readiness probe values
	## Ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes
	livenessProbe:
	initialDelaySeconds: 90
	periodSeconds: 10
	timeoutSeconds: 5
	successThreshold: 1
	failureThreshold: 3
	readinessProbe:
	initialDelaySeconds: 90
	periodSeconds: 10
	timeoutSeconds: 5
	successThreshold: 1
	failureThreshold: 3
	podAnnotations: {}
	# prometheus.io/scrape: "true"
	# prometheus.io/port: "8888"
	annotations: {}
	labels: {}
	lifecycle: {}

	pdb:
	enabled: false
	minAvailable: 1
	# maxUnavailable: 1

	## VerneMQ settings

	additionalEnv:
	- name: DOCKER_VERNEMQ_ALLOW_REGISTER_DURING_NETSPLIT
	value: "on"
	- name: DOCKER_VERNEMQ_ALLOW_PUBLISH_DURING_NETSPLIT
	value: "on"
	- name: DOCKER_VERNEMQ_ALLOW_SUBSCRIBE_DURING_NETSPLIT
	value: "on"
	- name: DOCKER_VERNEMQ_ALLOW_UNSUBSCRIBE_DURING_NETSPLIT
	value: "on"
	- name: DOCKER_VERNEMQ_ACCEPT_EULA
	value: "yes"
	- name: DOCKER_VERNEMQ_ALLOW_ANONYMOUS
	value: "on"
	#- name: DOCKER_VERNEMQ_USER_YOURUSERNAME
	# value: "yourpassword"
	- name: DOCKER_VERNEMQ_LISTENER__SSL__CAFILE
	value: "/etc/ssl/vernemq/tls.crt"
	- name: DOCKER_VERNEMQ_LISTENER__SSL__CERTFILE
	value: "/etc/ssl/vernemq/tls.crt"
	- name: DOCKER_VERNEMQ_LISTENER__SSL__KEYFILE
	value: "/etc/ssl/vernemq/tls.key"
	- name: DOCKER_VERNEMQ_LISTENER__WSS__CAFILE
	value: "/etc/ssl/vernemq/tls.crt"
	- name: DOCKER_VERNEMQ_LISTENER__WSS__CERTFILE
	value: "/etc/ssl/vernemq/tls.crt"
	- name: DOCKER_VERNEMQ_LISTENER__WSS__KEYFILE
	value: "/etc/ssl/vernemq/tls.key"

	envFrom: []
	# add additional environment variables e.g. from a configmap or secret
	# can be usefull if you wanna use authentication via files
	# - secretRef:
	# name: vernemq-users