From 1bcd0a7c1d5c7e39f7546c81f92f3b0e09997022 Mon Sep 17 00:00:00 2001 From: jacky-xbb Date: Fri, 3 Nov 2023 17:51:13 +0800 Subject: [PATCH] feat: add bootstrap secrets --- apis/apps/v2beta1/emqx_types.go | 14 +++- apis/apps/v2beta1/zz_generated.deepcopy.go | 49 +++++++++++++- config/crd/bases/apps.emqx.io_emqxes.yaml | 29 ++++++++ .../apps/v2beta1/add_bootstrap_resource.go | 41 +++++++++++- .../add_bootstrap_resource_suite_test.go | 66 +++++++++++++++++++ .../v2beta1/add_bootstrap_resource_test.go | 54 ++++++++++++++- docs/en_US/reference/v1beta3-reference.md | 18 +---- docs/en_US/reference/v1beta4-reference.md | 8 +-- docs/en_US/reference/v2alpha1-reference.md | 2 +- docs/en_US/reference/v2alpha2-reference.md | 4 ++ docs/en_US/reference/v2beta1-reference.md | 35 ++++++++-- docs/zh_CN/reference/v1beta3-reference.md | 18 +---- docs/zh_CN/reference/v1beta4-reference.md | 8 +-- docs/zh_CN/reference/v2alpha1-reference.md | 2 +- docs/zh_CN/reference/v2alpha2-reference.md | 4 ++ docs/zh_CN/reference/v2beta1-reference.md | 35 ++++++++-- 16 files changed, 331 insertions(+), 56 deletions(-) create mode 100644 controllers/apps/v2beta1/add_bootstrap_resource_suite_test.go create mode 100644 docs/en_US/reference/v2alpha2-reference.md create mode 100644 docs/zh_CN/reference/v2alpha2-reference.md diff --git a/apis/apps/v2beta1/emqx_types.go b/apis/apps/v2beta1/emqx_types.go index 105754264..60a47921b 100644 --- a/apis/apps/v2beta1/emqx_types.go +++ b/apis/apps/v2beta1/emqx_types.go @@ -103,7 +103,19 @@ type BootstrapAPIKey struct { Key string `json:"key"` // +kubebuilder:validation:MinLength:=3 // +kubebuilder:validation:MaxLength:=32 - Secret string `json:"secret"` + Secret string `json:"secret"` + SecretRef *SecretRef `json:"secretRef"` +} + +type SecretRef struct { + Key *KeyRef `json:"key"` + Secret *KeyRef `json:"secret"` +} + +type KeyRef struct { + SecretName string `json:"secretName"` + // +kubebuilder:validation:Pattern:=`^[a-zA-Z\d-_]+$` + SecretKey string `json:"secretKey"` } type Config struct { diff --git a/apis/apps/v2beta1/zz_generated.deepcopy.go b/apis/apps/v2beta1/zz_generated.deepcopy.go index d4b2d7491..d140d3bda 100644 --- a/apis/apps/v2beta1/zz_generated.deepcopy.go +++ b/apis/apps/v2beta1/zz_generated.deepcopy.go @@ -30,6 +30,11 @@ import ( // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *BootstrapAPIKey) DeepCopyInto(out *BootstrapAPIKey) { *out = *in + if in.SecretRef != nil { + in, out := &in.SecretRef, &out.SecretRef + *out = new(SecretRef) + (*in).DeepCopyInto(*out) + } } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new BootstrapAPIKey. @@ -347,7 +352,9 @@ func (in *EMQXSpec) DeepCopyInto(out *EMQXSpec) { if in.BootstrapAPIKeys != nil { in, out := &in.BootstrapAPIKeys, &out.BootstrapAPIKeys *out = make([]BootstrapAPIKey, len(*in)) - copy(*out, *in) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } } out.Config = in.Config if in.RevisionHistoryLimit != nil { @@ -444,6 +451,21 @@ func (in *EvacuationStrategy) DeepCopy() *EvacuationStrategy { return out } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *KeyRef) DeepCopyInto(out *KeyRef) { + *out = *in +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new KeyRef. +func (in *KeyRef) DeepCopy() *KeyRef { + if in == nil { + return nil + } + out := new(KeyRef) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *NodeEvacuationStats) DeepCopyInto(out *NodeEvacuationStats) { *out = *in @@ -663,6 +685,31 @@ func (in *RebalanceStrategy) DeepCopy() *RebalanceStrategy { return out } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *SecretRef) DeepCopyInto(out *SecretRef) { + *out = *in + if in.Key != nil { + in, out := &in.Key, &out.Key + *out = new(KeyRef) + **out = **in + } + if in.Secret != nil { + in, out := &in.Secret, &out.Secret + *out = new(KeyRef) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SecretRef. +func (in *SecretRef) DeepCopy() *SecretRef { + if in == nil { + return nil + } + out := new(SecretRef) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *ServiceTemplate) DeepCopyInto(out *ServiceTemplate) { *out = *in diff --git a/config/crd/bases/apps.emqx.io_emqxes.yaml b/config/crd/bases/apps.emqx.io_emqxes.yaml index 44b8ceee6..6ac0317bb 100644 --- a/config/crd/bases/apps.emqx.io_emqxes.yaml +++ b/config/crd/bases/apps.emqx.io_emqxes.yaml @@ -6492,9 +6492,38 @@ spec: maxLength: 32 minLength: 3 type: string + secretRef: + properties: + key: + properties: + secretKey: + pattern: ^[a-zA-Z\d-_]+$ + type: string + secretName: + type: string + required: + - secretKey + - secretName + type: object + secret: + properties: + secretKey: + pattern: ^[a-zA-Z\d-_]+$ + type: string + secretName: + type: string + required: + - secretKey + - secretName + type: object + required: + - key + - secret + type: object required: - key - secret + - secretRef type: object type: array clusterDomain: diff --git a/controllers/apps/v2beta1/add_bootstrap_resource.go b/controllers/apps/v2beta1/add_bootstrap_resource.go index 1515db27a..43be5b107 100644 --- a/controllers/apps/v2beta1/add_bootstrap_resource.go +++ b/controllers/apps/v2beta1/add_bootstrap_resource.go @@ -7,6 +7,7 @@ import ( corev1 "k8s.io/api/core/v1" k8sErrors "k8s.io/apimachinery/pkg/api/errors" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "k8s.io/apimachinery/pkg/types" ctrl "sigs.k8s.io/controller-runtime" "sigs.k8s.io/controller-runtime/pkg/client" @@ -23,7 +24,7 @@ type addBootstrap struct { func (a *addBootstrap) reconcile(ctx context.Context, instance *appsv2beta1.EMQX, _ innerReq.RequesterInterface) subResult { for _, resource := range []client.Object{ generateNodeCookieSecret(instance), - generateBootstrapAPIKeySecret(instance), + generateBootstrapAPIKeySecret(a.Client, ctx, instance), } { if err := ctrl.SetControllerReference(instance, resource, a.Scheme); err != nil { return subResult{err: emperror.Wrap(err, "failed to set controller reference")} @@ -63,12 +64,46 @@ func generateNodeCookieSecret(instance *appsv2beta1.EMQX) *corev1.Secret { } } -func generateBootstrapAPIKeySecret(instance *appsv2beta1.EMQX) *corev1.Secret { +// ReadSecret reads a secret from the Kubernetes cluster. +func ReadSecret(k8sClient client.Client, ctx context.Context, namespace string, name string, key string) (string, error) { + // Define a new Secret object + secret := &corev1.Secret{} + + // Define the Secret Name and Namespace + secretName := types.NamespacedName{ + Namespace: namespace, + Name: name, + } + + // Use the client to fetch the Secret + if err := k8sClient.Get(ctx, secretName, secret); err != nil { + return "", err + } + + // secret.Data is a map[string][]byte + secretValue := string(secret.Data[key]) + + return secretValue, nil +} + +func generateBootstrapAPIKeySecret(k8sClient client.Client, ctx context.Context, instance *appsv2beta1.EMQX) *corev1.Secret { bootstrapAPIKeys := "" + for _, apiKey := range instance.Spec.BootstrapAPIKeys { bootstrapAPIKeys += apiKey.Key + ":" + apiKey.Secret + "\n" + if apiKey.SecretRef != nil { + // Read key and secret values from the refenced secrets + keyValue, err := ReadSecret(k8sClient, ctx, instance.Namespace, apiKey.SecretRef.Key.SecretName, apiKey.SecretRef.Key.SecretKey) + if err != nil { + continue + } + secretValue, err := ReadSecret(k8sClient, ctx, instance.Namespace, apiKey.SecretRef.Secret.SecretName, apiKey.SecretRef.Secret.SecretKey) + if err != nil { + continue + } + bootstrapAPIKeys += keyValue + ":" + secretValue + "\n" + } } - defPassword, _ := password.Generate(64, 10, 0, true, true) bootstrapAPIKeys += appsv2beta1.DefaultBootstrapAPIKey + ":" + defPassword diff --git a/controllers/apps/v2beta1/add_bootstrap_resource_suite_test.go b/controllers/apps/v2beta1/add_bootstrap_resource_suite_test.go new file mode 100644 index 000000000..d89d75b79 --- /dev/null +++ b/controllers/apps/v2beta1/add_bootstrap_resource_suite_test.go @@ -0,0 +1,66 @@ +package v2beta1 + +import ( + "context" + + . "github.com/onsi/ginkgo/v2" + . "github.com/onsi/gomega" + + appsv2beta1 "github.com/emqx/emqx-operator/apis/apps/v2beta1" + corev1 "k8s.io/api/core/v1" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "sigs.k8s.io/controller-runtime/pkg/client" +) + +var _ = Describe("AddBootstrap", Ordered, Label("bootstrap"), func() { + var ( + instance *appsv2beta1.EMQX + a *addBootstrap + ns *corev1.Namespace + ) + instance = new(appsv2beta1.EMQX) + ns = &corev1.Namespace{} + + BeforeEach(func() { + a = &addBootstrap{emqxReconciler} + ns = &corev1.Namespace{ + ObjectMeta: metav1.ObjectMeta{ + Name: "controller-v2beta1-add-emqx-bootstrap-test", + Labels: map[string]string{ + "test": "e2e", + }, + }, + } + instance = emqx.DeepCopy() + instance.Namespace = ns.Name + }) + + It("create namespace", func() { + Expect(k8sClient.Create(context.TODO(), ns)).Should(Succeed()) + }) + + It("should create bootstrap secrets", func() { + // Wait until the bootstrap secrets are created + // Call the reconciler. + result := a.reconcile(ctx, instance, nil) + + // Make sure there were no errors. + Expect(result.err).NotTo(HaveOccurred()) + // Check the created secrets. + cookieSecret := &corev1.Secret{} + err := k8sClient.Get(context.Background(), client.ObjectKey{ + Namespace: ns.Name, + Name: instance.NodeCookieNamespacedName().Name, + }, cookieSecret) + Expect(err).NotTo(HaveOccurred()) + Expect(cookieSecret.Data["node_cookie"]).ShouldNot(BeEmpty()) + + bootstrapSecret := &corev1.Secret{} + err = k8sClient.Get(context.Background(), client.ObjectKey{ + Namespace: ns.Name, + Name: instance.BootstrapAPIKeyNamespacedName().Name, + }, bootstrapSecret) + Expect(err).NotTo(HaveOccurred()) + Expect(bootstrapSecret.Data["bootstrap_api_key"]).ShouldNot(BeEmpty()) + }) +}) diff --git a/controllers/apps/v2beta1/add_bootstrap_resource_test.go b/controllers/apps/v2beta1/add_bootstrap_resource_test.go index 2781bebf6..fe4489aed 100644 --- a/controllers/apps/v2beta1/add_bootstrap_resource_test.go +++ b/controllers/apps/v2beta1/add_bootstrap_resource_test.go @@ -1,12 +1,16 @@ package v2beta1 import ( + "context" "strings" "testing" appsv2beta1 "github.com/emqx/emqx-operator/apis/apps/v2beta1" "github.com/stretchr/testify/assert" + corev1 "k8s.io/api/core/v1" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "k8s.io/apimachinery/pkg/runtime" + "sigs.k8s.io/controller-runtime/pkg/client/fake" ) func TestGenerateNodeCookieSecret(t *testing.T) { @@ -35,6 +39,18 @@ func TestGenerateNodeCookieSecret(t *testing.T) { } func TestGenerateBootstrapAPIKeySecret(t *testing.T) { + // Create a fake client + scheme := runtime.NewScheme() + err := corev1.AddToScheme(scheme) + if err != nil { + t.Fatal(err) + } + + fakeClient := fake.NewClientBuilder().WithScheme(scheme).Build() + + // Create a context + ctx := context.Background() + instance := &appsv2beta1.EMQX{ ObjectMeta: metav1.ObjectMeta{ Name: "emqx", @@ -50,7 +66,7 @@ func TestGenerateBootstrapAPIKeySecret(t *testing.T) { }, } - got := generateBootstrapAPIKeySecret(instance) + got := generateBootstrapAPIKeySecret(fakeClient, ctx, instance) assert.Equal(t, "emqx-bootstrap-api-key", got.Name) data, ok := got.StringData["bootstrap_api_key"] assert.True(t, ok) @@ -62,3 +78,39 @@ func TestGenerateBootstrapAPIKeySecret(t *testing.T) { } assert.ElementsMatch(t, usernames, []string{appsv2beta1.DefaultBootstrapAPIKey, "test_key"}) } + +func TestReadSecret(t *testing.T) { + // Create a fake client + scheme := runtime.NewScheme() + err := corev1.AddToScheme(scheme) + if err != nil { + t.Fatal(err) + } + + // Define the secret data + secretData := map[string][]byte{ + "key": []byte("value"), + } + + // Create a secret + secret := &corev1.Secret{ + ObjectMeta: metav1.ObjectMeta{ + Name: "test-secret", + Namespace: "default", + }, + Data: secretData, + } + + fakeClient := fake.NewClientBuilder().WithScheme(scheme).WithObjects(secret).Build() + + // Create a context + ctx := context.Background() + + val, err := ReadSecret(fakeClient, ctx, "default", "test-secret", "key") + if err != nil { + t.Fatal(err) + } + + // Check the secret value + assert.Equal(t, "value", val) +} diff --git a/docs/en_US/reference/v1beta3-reference.md b/docs/en_US/reference/v1beta3-reference.md index 80c551d0c..f458f17b5 100644 --- a/docs/en_US/reference/v1beta3-reference.md +++ b/docs/en_US/reference/v1beta3-reference.md @@ -36,7 +36,7 @@ _Appears in:_ #### ConditionType -_Underlying type:_ _string_ +_Underlying type:_ `string` ConditionType defines the condition that the RF can have @@ -124,7 +124,7 @@ _Appears in:_ | `password` _string_ | Password for EMQX Dashboard and API | | `extraVolumes` _[Volume](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.22/#volume-v1-core) array_ | See https://github.com/emqx/emqx-operator/pull/72 | | `extraVolumeMounts` _[VolumeMount](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.22/#volumemount-v1-core) array_ | See https://github.com/emqx/emqx-operator/pull/72 | -| `config` _[EmqxConfig](#emqxconfig)_ | Config represents the configurations of EMQX More info: https://www.emqx.io/docs/en/v4.4/configuration/configuration.html | +| `config` _object (keys:string, values:string)_ | Config represents the configurations of EMQX More info: https://www.emqx.io/docs/en/v4.4/configuration/configuration.html | | `args` _string array_ | Arguments to the entrypoint. The container image's CMD is used if this is not provided. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell | | `securityContext` _[PodSecurityContext](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.22/#podsecuritycontext-v1-core)_ | SecurityContext defines the security options the container should be run with. If set, the fields of SecurityContext override the equivalent fields of PodSecurityContext. More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ | | `resources` _[ResourceRequirements](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.22/#resourcerequirements-v1-core)_ | Compute Resources required by EMQX container. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ | @@ -136,16 +136,6 @@ _Appears in:_ | `modules` _[EmqxBrokerModule](#emqxbrokermodule) array_ | Modules define functional modules for EMQX broker | -#### EmqxConfig - -_Underlying type:_ _object_ - - - -_Appears in:_ -- [EmqxBrokerTemplate](#emqxbrokertemplate) -- [EmqxEnterpriseTemplate](#emqxenterprisetemplate) - #### EmqxEnterprise @@ -226,7 +216,7 @@ _Appears in:_ | `password` _string_ | Password for EMQX Dashboard and API | | `extraVolumes` _[Volume](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.22/#volume-v1-core) array_ | See https://github.com/emqx/emqx-operator/pull/72 | | `extraVolumeMounts` _[VolumeMount](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.22/#volumemount-v1-core) array_ | See https://github.com/emqx/emqx-operator/pull/72 | -| `config` _[EmqxConfig](#emqxconfig)_ | Config represents the configurations of EMQX More info: https://docs.emqx.com/en/enterprise/v4.4/configuration/configuration.html | +| `config` _object (keys:string, values:string)_ | Config represents the configurations of EMQX More info: https://docs.emqx.com/en/enterprise/v4.4/configuration/configuration.html | | `args` _string array_ | Arguments to the entrypoint. The container image's CMD is used if this is not provided. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell | | `securityContext` _[PodSecurityContext](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.22/#podsecuritycontext-v1-core)_ | SecurityContext defines the security options the container should be run with. If set, the fields of SecurityContext override the equivalent fields of PodSecurityContext. More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ | | `resources` _[ResourceRequirements](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.22/#resourcerequirements-v1-core)_ | Compute Resources required by EMQX container. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ | @@ -325,8 +315,6 @@ _Appears in:_ - - #### ServiceTemplate diff --git a/docs/en_US/reference/v1beta4-reference.md b/docs/en_US/reference/v1beta4-reference.md index 1e2d3f8f4..e11861f57 100644 --- a/docs/en_US/reference/v1beta4-reference.md +++ b/docs/en_US/reference/v1beta4-reference.md @@ -54,7 +54,7 @@ _Appears in:_ #### ConditionType -_Underlying type:_ _string_ +_Underlying type:_ `string` ConditionType defines the condition that the RF can have @@ -432,8 +432,6 @@ _Appears in:_ - - #### Rebalance @@ -473,7 +471,7 @@ _Appears in:_ #### RebalanceConditionType -_Underlying type:_ _string_ +_Underlying type:_ `string` @@ -500,7 +498,7 @@ RebalanceList contains a list of Rebalance #### RebalancePhase -_Underlying type:_ _string_ +_Underlying type:_ `string` diff --git a/docs/en_US/reference/v2alpha1-reference.md b/docs/en_US/reference/v2alpha1-reference.md index d0018a972..492ac9b7d 100644 --- a/docs/en_US/reference/v2alpha1-reference.md +++ b/docs/en_US/reference/v2alpha1-reference.md @@ -50,7 +50,7 @@ _Appears in:_ #### ConditionType -_Underlying type:_ _string_ +_Underlying type:_ `string` diff --git a/docs/en_US/reference/v2alpha2-reference.md b/docs/en_US/reference/v2alpha2-reference.md new file mode 100644 index 000000000..4d7ef43a9 --- /dev/null +++ b/docs/en_US/reference/v2alpha2-reference.md @@ -0,0 +1,4 @@ +# API Reference + +## Packages + diff --git a/docs/en_US/reference/v2beta1-reference.md b/docs/en_US/reference/v2beta1-reference.md index 90a247fcc..f8a64c501 100644 --- a/docs/en_US/reference/v2beta1-reference.md +++ b/docs/en_US/reference/v2beta1-reference.md @@ -29,6 +29,7 @@ _Appears in:_ | --- | --- | | `key` _string_ | | | `secret` _string_ | | +| `secretRef` _[SecretRef](#secretref)_ | | #### Config @@ -142,8 +143,8 @@ _Appears in:_ | Field | Description | | --- | --- | -| `controllerUID` _[UID](#uid)_ | | -| `podUID` _[UID](#uid)_ | | +| `controllerUID` _UID_ | | +| `podUID` _UID_ | | | `node` _string_ | EMQX node name, example: emqx@127.0.0.1 | | `node_status` _string_ | EMQX node status, example: Running | | `otp_release` _string_ | Erlang/OTP version used by EMQX, example: 24.2/12.2 | @@ -287,6 +288,17 @@ _Appears in:_ | `sessEvictRate` _integer_ | Just work in EMQX Enterprise. | +#### KeyRef + + + + + +_Appears in:_ +- [SecretRef](#secretref) + + + #### NodeEvacuationStats @@ -364,7 +376,7 @@ _Appears in:_ #### RebalanceConditionType -_Underlying type:_ _string_ +_Underlying type:_ `string` @@ -391,7 +403,7 @@ RebalanceList contains a list of Rebalance #### RebalancePhase -_Underlying type:_ _string_ +_Underlying type:_ `string` @@ -475,6 +487,21 @@ _Appears in:_ | `relSessThreshold` _string_ | RelSessThreshold represents the relative threshold for checking session connection balance. same to rel-sess-threshold in [EMQX Rebalancing](https://docs.emqx.com/en/enterprise/v4.4/advanced/rebalancing.html#rebalancing) the usage of float highly discouraged, as support for them varies across languages. So we define the RelSessThreshold field as string type and you not float type The value must be greater than "1.0" Defaults to "1.1". | +#### SecretRef + + + + + +_Appears in:_ +- [BootstrapAPIKey](#bootstrapapikey) + +| Field | Description | +| --- | --- | +| `key` _[KeyRef](#keyref)_ | | +| `secret` _[KeyRef](#keyref)_ | | + + #### ServiceTemplate diff --git a/docs/zh_CN/reference/v1beta3-reference.md b/docs/zh_CN/reference/v1beta3-reference.md index 80c551d0c..f458f17b5 100644 --- a/docs/zh_CN/reference/v1beta3-reference.md +++ b/docs/zh_CN/reference/v1beta3-reference.md @@ -36,7 +36,7 @@ _Appears in:_ #### ConditionType -_Underlying type:_ _string_ +_Underlying type:_ `string` ConditionType defines the condition that the RF can have @@ -124,7 +124,7 @@ _Appears in:_ | `password` _string_ | Password for EMQX Dashboard and API | | `extraVolumes` _[Volume](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.22/#volume-v1-core) array_ | See https://github.com/emqx/emqx-operator/pull/72 | | `extraVolumeMounts` _[VolumeMount](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.22/#volumemount-v1-core) array_ | See https://github.com/emqx/emqx-operator/pull/72 | -| `config` _[EmqxConfig](#emqxconfig)_ | Config represents the configurations of EMQX More info: https://www.emqx.io/docs/en/v4.4/configuration/configuration.html | +| `config` _object (keys:string, values:string)_ | Config represents the configurations of EMQX More info: https://www.emqx.io/docs/en/v4.4/configuration/configuration.html | | `args` _string array_ | Arguments to the entrypoint. The container image's CMD is used if this is not provided. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell | | `securityContext` _[PodSecurityContext](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.22/#podsecuritycontext-v1-core)_ | SecurityContext defines the security options the container should be run with. If set, the fields of SecurityContext override the equivalent fields of PodSecurityContext. More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ | | `resources` _[ResourceRequirements](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.22/#resourcerequirements-v1-core)_ | Compute Resources required by EMQX container. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ | @@ -136,16 +136,6 @@ _Appears in:_ | `modules` _[EmqxBrokerModule](#emqxbrokermodule) array_ | Modules define functional modules for EMQX broker | -#### EmqxConfig - -_Underlying type:_ _object_ - - - -_Appears in:_ -- [EmqxBrokerTemplate](#emqxbrokertemplate) -- [EmqxEnterpriseTemplate](#emqxenterprisetemplate) - #### EmqxEnterprise @@ -226,7 +216,7 @@ _Appears in:_ | `password` _string_ | Password for EMQX Dashboard and API | | `extraVolumes` _[Volume](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.22/#volume-v1-core) array_ | See https://github.com/emqx/emqx-operator/pull/72 | | `extraVolumeMounts` _[VolumeMount](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.22/#volumemount-v1-core) array_ | See https://github.com/emqx/emqx-operator/pull/72 | -| `config` _[EmqxConfig](#emqxconfig)_ | Config represents the configurations of EMQX More info: https://docs.emqx.com/en/enterprise/v4.4/configuration/configuration.html | +| `config` _object (keys:string, values:string)_ | Config represents the configurations of EMQX More info: https://docs.emqx.com/en/enterprise/v4.4/configuration/configuration.html | | `args` _string array_ | Arguments to the entrypoint. The container image's CMD is used if this is not provided. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell | | `securityContext` _[PodSecurityContext](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.22/#podsecuritycontext-v1-core)_ | SecurityContext defines the security options the container should be run with. If set, the fields of SecurityContext override the equivalent fields of PodSecurityContext. More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ | | `resources` _[ResourceRequirements](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.22/#resourcerequirements-v1-core)_ | Compute Resources required by EMQX container. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ | @@ -325,8 +315,6 @@ _Appears in:_ - - #### ServiceTemplate diff --git a/docs/zh_CN/reference/v1beta4-reference.md b/docs/zh_CN/reference/v1beta4-reference.md index 1e2d3f8f4..e11861f57 100644 --- a/docs/zh_CN/reference/v1beta4-reference.md +++ b/docs/zh_CN/reference/v1beta4-reference.md @@ -54,7 +54,7 @@ _Appears in:_ #### ConditionType -_Underlying type:_ _string_ +_Underlying type:_ `string` ConditionType defines the condition that the RF can have @@ -432,8 +432,6 @@ _Appears in:_ - - #### Rebalance @@ -473,7 +471,7 @@ _Appears in:_ #### RebalanceConditionType -_Underlying type:_ _string_ +_Underlying type:_ `string` @@ -500,7 +498,7 @@ RebalanceList contains a list of Rebalance #### RebalancePhase -_Underlying type:_ _string_ +_Underlying type:_ `string` diff --git a/docs/zh_CN/reference/v2alpha1-reference.md b/docs/zh_CN/reference/v2alpha1-reference.md index d0018a972..492ac9b7d 100644 --- a/docs/zh_CN/reference/v2alpha1-reference.md +++ b/docs/zh_CN/reference/v2alpha1-reference.md @@ -50,7 +50,7 @@ _Appears in:_ #### ConditionType -_Underlying type:_ _string_ +_Underlying type:_ `string` diff --git a/docs/zh_CN/reference/v2alpha2-reference.md b/docs/zh_CN/reference/v2alpha2-reference.md new file mode 100644 index 000000000..4d7ef43a9 --- /dev/null +++ b/docs/zh_CN/reference/v2alpha2-reference.md @@ -0,0 +1,4 @@ +# API Reference + +## Packages + diff --git a/docs/zh_CN/reference/v2beta1-reference.md b/docs/zh_CN/reference/v2beta1-reference.md index 90a247fcc..f8a64c501 100644 --- a/docs/zh_CN/reference/v2beta1-reference.md +++ b/docs/zh_CN/reference/v2beta1-reference.md @@ -29,6 +29,7 @@ _Appears in:_ | --- | --- | | `key` _string_ | | | `secret` _string_ | | +| `secretRef` _[SecretRef](#secretref)_ | | #### Config @@ -142,8 +143,8 @@ _Appears in:_ | Field | Description | | --- | --- | -| `controllerUID` _[UID](#uid)_ | | -| `podUID` _[UID](#uid)_ | | +| `controllerUID` _UID_ | | +| `podUID` _UID_ | | | `node` _string_ | EMQX node name, example: emqx@127.0.0.1 | | `node_status` _string_ | EMQX node status, example: Running | | `otp_release` _string_ | Erlang/OTP version used by EMQX, example: 24.2/12.2 | @@ -287,6 +288,17 @@ _Appears in:_ | `sessEvictRate` _integer_ | Just work in EMQX Enterprise. | +#### KeyRef + + + + + +_Appears in:_ +- [SecretRef](#secretref) + + + #### NodeEvacuationStats @@ -364,7 +376,7 @@ _Appears in:_ #### RebalanceConditionType -_Underlying type:_ _string_ +_Underlying type:_ `string` @@ -391,7 +403,7 @@ RebalanceList contains a list of Rebalance #### RebalancePhase -_Underlying type:_ _string_ +_Underlying type:_ `string` @@ -475,6 +487,21 @@ _Appears in:_ | `relSessThreshold` _string_ | RelSessThreshold represents the relative threshold for checking session connection balance. same to rel-sess-threshold in [EMQX Rebalancing](https://docs.emqx.com/en/enterprise/v4.4/advanced/rebalancing.html#rebalancing) the usage of float highly discouraged, as support for them varies across languages. So we define the RelSessThreshold field as string type and you not float type The value must be greater than "1.0" Defaults to "1.1". | +#### SecretRef + + + + + +_Appears in:_ +- [BootstrapAPIKey](#bootstrapapikey) + +| Field | Description | +| --- | --- | +| `key` _[KeyRef](#keyref)_ | | +| `secret` _[KeyRef](#keyref)_ | | + + #### ServiceTemplate