Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

feat: add possibility to deploy emqx-exporter with FlowFuse helm chart #500

Merged
merged 8 commits into from
Nov 14, 2024
Merged
Show file tree
Hide file tree
Changes from 6 commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
1 change: 1 addition & 0 deletions helm/flowforge/README.md
Original file line number Diff line number Diff line change
Expand Up @@ -119,6 +119,7 @@ To use STMP to send email
- `broker.listenersServiceTemplate` Service spec for the MQTT listeners
- `broker.dashboardServiceTemplate` Service spec for the teamBroker admin console
- `broker.existingSecret` name of existing Secret holding dashboard admin password and API key
- `broker.monitoring.emqxExporter.enabled` controls deployment of [emqx-exporter](https://github.com/emqx/emqx-exporter) (default `false`)

### Telemetry

Expand Down
23 changes: 22 additions & 1 deletion helm/flowforge/templates/_helpers.tpl
Original file line number Diff line number Diff line change
Expand Up @@ -57,6 +57,14 @@ app.kubernetes.io/component: "file-server"
app: flowforge-file
{{- end }}

{{/*
emqx-exporter Selector labels
*/}}
{{- define "forge.emqxExporterSelectorLabels" -}}
{{ include "forge.commonSelectorLabels" . }}
app.kubernetes.io/component: "emqx-exporter"
{{- end -}}

{{/*
Get the postgresql secret object name.
*/}}
Expand Down Expand Up @@ -109,7 +117,7 @@ Note: The value for key .Values.postgresql.auth.existingSecret is inherited from

{{- define "forge.createSecret" -}}
{{- if not (and .Values.postgresql.auth.existingSecret
(not (and .Values.forge.email (not .Values.forge.email.smtp.existingSecret)))) -}}
(not (and .Values.forge.email ((and .Values.forge.email.smtp (not .Values.forge.email.smtp.existingSecret)))))) -}}
hardillb marked this conversation as resolved.
Show resolved Hide resolved
true
{{- else -}}
false
Expand Down Expand Up @@ -172,3 +180,16 @@ Configure broker domain
{{ printf "%s.%s" "mqtt" .Values.forge.domain }}
{{- end -}}
{{- end -}}

{{/*
Configure emqx bootstrap api secret
*/}}
{{- define "emqx.bootstrapApiKeySecret" -}}
{{- $secretName := "emqx-config-secrets" }}
{{- $existingSecret := (lookup "v1" "Secret" .Release.Namespace $secretName) | default dict }}
{{- if and $existingSecret.data (hasKey $existingSecret.data "api_key_secret") }}
{{- printf $existingSecret.data.api_key_secret | b64dec }}
{{- else }}
{{- randAlphaNum 32 -}}
{{- end }}
{{- end -}}
hardillb marked this conversation as resolved.
Show resolved Hide resolved
17 changes: 17 additions & 0 deletions helm/flowforge/templates/emqx-exporter-config.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,17 @@
{{- if .Values.broker.monitoring.emqxExporter.enabled }}
apiVersion: v1
kind: ConfigMap
metadata:
name: emqx-exporter-config
namespace: {{ .Release.Namespace }}
labels:
{{ include "forge.emqxExporterSelectorLabels" . | nindent 4 }}
data:
config.yaml: |
metrics:
target: emqx-dashboard.{{ .Release.Namespace }}:18083
api_key: "flowfuse"
api_secret: <%= ENV['BOOTSTRAP_API_KEY'] %>
probes:
- target: emqx-listeners.default.svc.cluster.local:1883
{{- end }}
90 changes: 90 additions & 0 deletions helm/flowforge/templates/emqx-exporter.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,90 @@
{{- if .Values.broker.monitoring.emqxExporter.enabled }}
apiVersion: v1
kind: Service
metadata:
labels:
{{ include "forge.emqxExporterSelectorLabels" . | nindent 4 }}
name: emqx-exporter-service
namespace: {{ .Release.Namespace }}
spec:
ports:
- name: metrics
port: 8085
targetPort: metrics
selector:
{{ include "forge.emqxExporterSelectorLabels" . | nindent 6 }}
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: emqx-exporter
namespace: {{ .Release.Namespace }}
labels:
{{ include "forge.emqxExporterSelectorLabels" . | nindent 4 }}
spec:
selector:
matchLabels:
{{ include "forge.emqxExporterSelectorLabels" . | nindent 6 }}
replicas: 1
template:
metadata:
labels:
{{ include "forge.emqxExporterSelectorLabels" . | nindent 8 }}
annotations:
checksum/config: {{ include (print $.Template.BasePath "/emqx-exporter-config.yaml") . | sha256sum }}
spec:
securityContext:
runAsUser: 1000
initContainers:
- name: config
image: "ruby:2.7-slim"
imagePullPolicy: Always
command: ['sh', '-c', 'erb /tmpl/config.yaml > /config/config.yaml' ]
volumeMounts:
- name: configtemplate
mountPath: /tmpl
- name: configdir
mountPath: /config
env:
- name: BOOTSTRAP_API_KEY
valueFrom:
secretKeyRef:
name: emqx-config-secrets
key: api_key_secret
securityContext:
readOnlyRootFilesystem: true
allowPrivilegeEscalation: false
capabilities:
drop:
- ALL
containers:
- name: exporter
image: emqx/emqx-exporter:0.2
imagePullPolicy: IfNotPresent
args:
- --config.file
- /etc/emqx-exporter/config.yaml
securityContext:
allowPrivilegeEscalation: false
runAsNonRoot: true
ports:
- containerPort: 8085
name: metrics
protocol: TCP
resources:
limits:
cpu: 100m
memory: 100Mi
requests:
cpu: 100m
memory: 20Mi
volumeMounts:
- name: configdir
mountPath: /etc/emqx-exporter/
volumes:
- name: configdir
emptyDir: {}
- name: configtemplate
configMap:
name: emqx-exporter-config
{{- end }}
23 changes: 11 additions & 12 deletions helm/flowforge/templates/emqx.yaml
Original file line number Diff line number Diff line change
@@ -1,5 +1,7 @@
{{- if and ( eq .Values.forge.broker.enabled true) ( eq .Values.forge.broker.teamBroker.enabled true ) -}}
{{- if .Capabilities.APIVersions.Has "apps.emqx.io/v2beta1" }}
{{- if not (.Capabilities.APIVersions.Has "apps.emqx.io/v2beta1") }}
{{- fail "EMQX Operator not installed. Please install it or disable team broker before continuing" }}
{{- end }}
apiVersion: apps.emqx.io/v2beta1
kind: EMQX
metadata:
Expand Down Expand Up @@ -144,12 +146,12 @@ spec:
}
bootstrapAPIKeys:
- secretRef:
key:
secretName: emqx-config-secrets
secretKey: api-key-name
secret:
secretName: emqx-config-secrets
secretKey: api-key-secret
key:
secretName: emqx-config-secrets
secretKey: api_key_name
secret:
secretName: emqx-config-secrets
secretKey: api_key_secret
coreTemplate:
spec:
{{- if .Values.forge.registrySecrets }}
Expand Down Expand Up @@ -220,8 +222,8 @@ metadata:
type: Opaque
data:
EMQX_DASHBOARD__DEFAULT_PASSWORD: {{ "topSecret" | b64enc | quote }}
api-key-name: {{ "flowfuse" | b64enc | quote }}
apit-key-secret: {{ "verySecret" | b64enc | quote }}
api_key_name: {{ "flowfuse" | b64enc | quote }}
api_key_secret: {{ include "emqx.bootstrapApiKeySecret" . | b64enc | quote }}
hardillb marked this conversation as resolved.
Show resolved Hide resolved
---
{{- end }}
apiVersion: networking.k8s.io/v1
Expand Down Expand Up @@ -258,7 +260,4 @@ spec:
- {{ include "forge.brokerDomain" . }}
secretName: {{ include "forge.brokerDomain" . }}
{{- end }}
{{- else }}
{{- fail "EMQX Operator not installed" }}
{{- end }}
{{- end }}
4 changes: 4 additions & 0 deletions helm/flowforge/tests/deployment_test.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -2,16 +2,19 @@
suite: test deployment object
templates:
- deployment.yaml
- configmap.yaml
set:
forge.domain: "chart-unit-tests.com"
tests:
- it: should create a deployment
template: deployment.yaml
asserts:
- hasDocuments:
count: 1
- isKind:
of: Deployment
- it: should create a deployment with init container
template: deployment.yaml
asserts:
- isNotNullOrEmpty:
path: spec.template.spec.initContainers
Expand All @@ -20,6 +23,7 @@ tests:
count: 1

- it: should create an init container with two secrets
template: deployment.yaml
asserts:
- isNotNullOrEmpty:
path: spec.template.spec.initContainers[0].env
Expand Down
62 changes: 62 additions & 0 deletions helm/flowforge/tests/emqx-exporter_test.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,62 @@
# yaml-language-server: $schema=https://raw.githubusercontent.com/helm-unittest/helm-unittest/main/schema/helm-testsuite.json
suite: test emqx-exporter deployment object
templates:
- emqx-exporter.yaml
- emqx-exporter-config.yaml
set:
forge.domain: "chart-unit-tests.com"
broker.monitoring.emqxExporter.enabled: true
tests:
- it: should create a service for emqx-exporter
templates:
- emqx-exporter.yaml
documentSelector:
path: metadata.name
value: emqx-exporter-service
asserts:
- isKind:
of: Service
- matchRegex:
path: metadata.name
pattern: ^emqx-exporter-service$
- it: should create a deployment for emqx-exporter
templates:
- emqx-exporter.yaml
documentSelector:
path: metadata.name
value: emqx-exporter
asserts:
- isKind:
of: Deployment
- matchRegex:
path: metadata.name
pattern: ^emqx-exporter$
- lengthEqual:
path: spec.template.spec.containers
count: 1
- it: should create a configmap for emqx-exporter
templates:
- emqx-exporter-config.yaml
asserts:
- isKind:
of: ConfigMap
- equal:
path: metadata.name
value: emqx-exporter-config
- it: should create an init container with one secret
template: emqx-exporter.yaml
documentSelector:
path: metadata.name
value: emqx-exporter
asserts:
- isNotNullOrEmpty:
path: spec.template.spec.initContainers[0].env
- lengthEqual:
path: spec.template.spec.initContainers[0].env
count: 1
- equal:
path: spec.template.spec.initContainers[0].env[0].name
value: BOOTSTRAP_API_KEY
- equal:
path: spec.template.spec.initContainers[0].env[*].valueFrom.secretKeyRef.name
value: emqx-config-secrets
13 changes: 13 additions & 0 deletions helm/flowforge/values.schema.json
Original file line number Diff line number Diff line change
Expand Up @@ -981,6 +981,19 @@
},
"existingSecret": {
"type": "string"
},
"monitoring": {
"type": "object",
"properties": {
"emqxExporter": {
"type": "object",
"properties": {
"enabled": {
"type": "boolean"
}
}
}
}
}
}
}
Expand Down
3 changes: 3 additions & 0 deletions helm/flowforge/values.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -159,3 +159,6 @@ broker:
listenersServiceTemplate: {}
dashboardServiceTemplate: {}
existingSecret: ''
monitoring:
emqxExporter:
enabled: false