forked from vernemq/vernemq
-
Notifications
You must be signed in to change notification settings - Fork 1
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
Showing
4 changed files
with
551 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,54 @@ | ||
# Builder | ||
FROM erlang:25.3.2.8-alpine AS builder | ||
RUN apk add --update git build-base bsd-compat-headers openssl-dev snappy-dev curl alpine-sdk bash \ | ||
&& git clone -b 1.13.0 https://github.com/vernemq/vernemq \ | ||
&& cd vernemq \ | ||
&& make -j 16 rel | ||
|
||
# Executor | ||
FROM alpine:3.20 | ||
|
||
COPY --from=builder /vernemq/_build/default/rel / | ||
|
||
RUN apk --no-cache --update --available upgrade && \ | ||
apk add --no-cache ncurses-libs openssl libstdc++ jq curl bash snappy-dev && \ | ||
addgroup --gid 10000 vernemq && \ | ||
adduser --uid 10000 -H -D -G vernemq -h /vernemq vernemq && \ | ||
install -d -o vernemq -g vernemq /vernemq | ||
|
||
# Defaults | ||
ENV DOCKER_VERNEMQ_KUBERNETES_LABEL_SELECTOR="app=vernemq" \ | ||
DOCKER_VERNEMQ_LOG__CONSOLE=console \ | ||
PATH="/vernemq/bin:$PATH" \ | ||
VERNEMQ_VERSION="2.0.1" | ||
|
||
WORKDIR /vernemq | ||
|
||
COPY --chown=10000:10000 bin/vernemq.sh /usr/sbin/start_vernemq | ||
COPY --chown=10000:10000 bin/join_cluster.sh /usr/sbin/join_cluster | ||
COPY --chown=10000:10000 files/vm.args /vernemq/etc/vm.args | ||
|
||
RUN chown -R 10000:10000 /vernemq && \ | ||
ln -s /vernemq/etc /etc/vernemq && \ | ||
ln -s /vernemq/data /var/lib/vernemq && \ | ||
ln -s /vernemq/log /var/log/vernemq | ||
|
||
# Ports | ||
# 1883 MQTT | ||
# 8883 MQTT/SSL | ||
# 8080 MQTT WebSockets | ||
# 44053 VerneMQ Message Distribution | ||
# 4369 EPMD - Erlang Port Mapper Daemon | ||
# 8888 Health, API, Prometheus Metrics | ||
# 9100 9101 9102 9103 9104 9105 9106 9107 9108 9109 Specific Distributed Erlang Port Range | ||
|
||
EXPOSE 1883 8883 8080 44053 4369 8888 \ | ||
9100 9101 9102 9103 9104 9105 9106 9107 9108 9109 | ||
|
||
|
||
VOLUME ["/vernemq/log", "/vernemq/data", "/vernemq/etc"] | ||
|
||
HEALTHCHECK CMD vernemq ping | grep -q pong | ||
|
||
USER vernemq | ||
CMD ["start_vernemq"] |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,69 @@ | ||
#!/usr/bin/env bash | ||
|
||
SECRETS_KUBERNETES_DIR="/var/run/secrets/kubernetes.io/serviceaccount" | ||
DOCKER_VERNEMQ_KUBERNETES_CLUSTER_NAME=${DOCKER_VERNEMQ_KUBERNETES_CLUSTER_NAME:-cluster.local} | ||
|
||
if [ -d "${SECRETS_KUBERNETES_DIR}" ] ; then | ||
# Let's get the namespace if it isn't set | ||
DOCKER_VERNEMQ_KUBERNETES_NAMESPACE=${DOCKER_VERNEMQ_KUBERNETES_NAMESPACE:-$(cat "${SECRETS_KUBERNETES_DIR}/namespace")} | ||
fi | ||
|
||
insecure="" | ||
if env | grep "DOCKER_VERNEMQ_KUBERNETES_INSECURE" -q; then | ||
echo "Using curl with \"--insecure\" argument to access kubernetes API without matching SSL certificate" | ||
insecure="--insecure" | ||
fi | ||
|
||
function k8sCurlGet () { | ||
local urlPath=$1 | ||
|
||
local hostname="kubernetes.default.svc.${DOCKER_VERNEMQ_KUBERNETES_CLUSTER_NAME}" | ||
local certsFile="${SECRETS_KUBERNETES_DIR}/ca.crt" | ||
local token=$(cat ${SECRETS_KUBERNETES_DIR}/token) | ||
local header="Authorization: Bearer ${token}" | ||
local url="https://${hostname}/${urlPath}" | ||
|
||
curl -sS ${insecure} --cacert ${certsFile} -H "${header}" ${url} \ | ||
|| ( echo "### Error on accessing URL ${url}" ) | ||
} | ||
|
||
try_join() { | ||
local exit_code=0 | ||
if env | grep "DOCKER_VERNEMQ_DISCOVERY_KUBERNETES" -q; then | ||
# Let's set our nodename correctly | ||
# https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.19/#list-pod-v1-core | ||
podList=$(k8sCurlGet "api/v1/namespaces/${DOCKER_VERNEMQ_KUBERNETES_NAMESPACE}/pods?labelSelector=${DOCKER_VERNEMQ_KUBERNETES_LABEL_SELECTOR}") | ||
kube_pod_names=$(echo ${podList} | jq '.items[].spec.hostname' | sed 's/"//g' | tr '\n' ' ' | sed 's/ *$//') | ||
VERNEMQ_KUBERNETES_SUBDOMAIN=${DOCKER_VERNEMQ_KUBERNETES_SUBDOMAIN:-$(echo ${podList} | jq '.items[0].spec.subdomain' | tr '\n' '"' | sed 's/"//g')} | ||
|
||
for kube_pod_name in $kube_pod_names; do | ||
if [[ $kube_pod_name == "null" ]]; then | ||
echo "Kubernetes discovery selected, but no pods found. Maybe we're the first?" | ||
echo "Anyway, we won't attempt to join any cluster." | ||
exit 0 | ||
fi | ||
|
||
if [[ $kube_pod_name != "$MY_POD_NAME" ]]; then | ||
discoveryHostname="${kube_pod_name}.${VERNEMQ_KUBERNETES_SUBDOMAIN}.${DOCKER_VERNEMQ_KUBERNETES_NAMESPACE}.svc.${DOCKER_VERNEMQ_KUBERNETES_CLUSTER_NAME}" | ||
echo "Will join an existing Kubernetes cluster with discovery node at ${discoveryHostname}" | ||
vmq-admin cluster show | grep "VerneMQ@${discoveryHostname}" > /dev/null || exit_code=$? | ||
if [ $exit_code -eq 0 ]; then | ||
echo "We have already joined the cluster - no extra work required." | ||
exit 0 | ||
else | ||
echo "We have yet to join the cluster - attempting manual join..." | ||
vmq-admin cluster join discovery-node="VerneMQ@${discoveryHostname}" | ||
sleep 2 | ||
fi | ||
break | ||
fi | ||
done | ||
else | ||
exit 0 | ||
fi | ||
} | ||
|
||
while true | ||
do | ||
try_join | ||
done; |
Oops, something went wrong.