fix(z2m): MQTT TLS

2026-03-21 21:39:47 +00:00 · 2025-01-07 04:32:44 +08:00
parent 28b3726689
commit dcc10ade36
2 changed files with 8 additions and 30 deletions
--- a/kube/deploy/apps/zigbee2mqtt/app/hr.yaml
+++ b/kube/deploy/apps/zigbee2mqtt/app/hr.yaml
@@ -48,7 +48,7 @@ spec:
              ZIGBEE2MQTT_CONFIG_MQTT_INCLUDE_DEVICE_INFORMATION: true
              ZIGBEE2MQTT_CONFIG_MQTT_KEEPALIVE: 60
              ZIGBEE2MQTT_CONFIG_MQTT_REJECT_UNAUTHORIZED: true
-              ZIGBEE2MQTT_CONFIG_MQTT_SERVER: mqtt://emqx-listeners.emqx.svc.cluster.local
+              ZIGBEE2MQTT_CONFIG_MQTT_SERVER: mqtts://${APP_DNS_EMQX}:8883
              ZIGBEE2MQTT_CONFIG_MQTT_VERSION: 5
              ZIGBEE2MQTT_CONFIG_PERMIT_JOIN: false
              ZIGBEE2MQTT_CONFIG_SERIAL_BAUDRATE: 115200
--- a/kube/deploy/core/db/emqx/cluster/emqx.yaml
+++ b/kube/deploy/core/db/emqx/cluster/emqx.yaml
@@ -47,26 +47,12 @@ spec:
          fail_if_no_peer_cert = false
        }
      }
-  # bootstrapAPIKeys:
-  #   - secretRef:
-  #       key:
-  #         secretName: emqx-secrets
-  #         secretKey: X_EMQX_APIKEY_KEY
-  #       secret:
-  #         secretName: emqx-secrets
-  #         secretKey: X_EMQX_APIKEY_SECRET
  coreTemplate:
    spec:
      replicas: 2
      envFrom: &envFrom
        - secretRef:
            name: emqx-secrets
-      #volumeClaimTemplates:
-      #  storageClassName: local
-      #  accessModes: [ReadWriteOnce]
-      #  resources:
-      #    requests:
-      #      storage: 1Gi
      extraVolumes:
        - name: emqx-secrets
          secret:
@@ -91,18 +77,10 @@ spec:
          subPath: tls.key
          mountPath: /tls/key.pem
          readOnly: true
-  #     topologySpreadConstraints:
-  #       - maxSkew: 1
-  #         topologyKey: kubernetes.io/hostname
-  #         whenUnsatisfiable: DoNotSchedule
-  #         labelSelector:
-  #           matchLabels:
-  #             apps.emqx.io/instance: *app
-  #             apps.emqx.io/db-role: core
-  # listenersServiceTemplate:
-  #   metadata:
-  #     annotations:
-  #       coredns.io/hostname: "${APP_DNS_EMQX}"
-  #       io.cilium/lb-ipam-ips: "${APP_IP_EMQX}"
-  #   spec:
-  #     type: LoadBalancer
+  listenersServiceTemplate:
+    metadata:
+      annotations:
+        coredns.io/hostname: "${APP_DNS_EMQX}" # TLS SNI
+        io.cilium/lb-ipam-ips: "${APP_IP_EMQX}"
+    spec:
+      type: LoadBalancer