From 4df2b74cb8e06d5c309cfbb82ef04bd87f36cc51 Mon Sep 17 00:00:00 2001
From: Gabriele Montano <gabriele.montano@a2asmartcity.it>
Date: Mon, 18 Oct 2021 16:43:12 +0200
Subject: [PATCH 1/3] fix: fix networking api version, add service monitor for
 prometheus

---
 deploy/charts/emqx/templates/secret.yaml      | 13 ++++++
 .../emqx/templates/service-monitor.yaml       | 39 ++++++++++++++++
 deploy/charts/emqx/values.yaml                | 44 +++++++++++++++++--
 3 files changed, 93 insertions(+), 3 deletions(-)
 create mode 100644 deploy/charts/emqx/templates/secret.yaml
 create mode 100644 deploy/charts/emqx/templates/service-monitor.yaml

diff --git a/deploy/charts/emqx/templates/secret.yaml b/deploy/charts/emqx/templates/secret.yaml
new file mode 100644
index 000000000..b9a452006
--- /dev/null
+++ b/deploy/charts/emqx/templates/secret.yaml
@@ -0,0 +1,13 @@
+{{- if .Values.metrics.enabled }}
+apiVersion: v1
+kind: Secret
+metadata:
+  name: {{ include "emqx.fullname" . }}-basic-auth
+  namespace: {{ .Release.Namespace }}
+type: kubernetes.io/basic-auth
+stringData:
+  username: admin
+  password: public
+{{- end }}
+
+# this credentials are not configurable
\ No newline at end of file
diff --git a/deploy/charts/emqx/templates/service-monitor.yaml b/deploy/charts/emqx/templates/service-monitor.yaml
new file mode 100644
index 000000000..2f6eb9db7
--- /dev/null
+++ b/deploy/charts/emqx/templates/service-monitor.yaml
@@ -0,0 +1,39 @@
+{{- if and (.Values.metrics.enabled) (eq .Values.metrics.type "prometheus") }}
+apiVersion: monitoring.coreos.com/v1
+kind: ServiceMonitor
+metadata:
+  name: {{ include "emqx.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "emqx.name" . }}
+    helm.sh/chart: {{ include "emqx.chart" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{- if .Values.service.annotations }}
+  annotations:
+    {{ toYaml .Values.service.annotations | indent 4 }}
+  {{- end }}
+spec:
+  endpoints:
+  - interval: 10s
+    port: mgmt
+    scheme: http
+    path: /api/v4/emqx_prometheus
+    params:
+      type:
+        - prometheus
+    basicAuth:
+      password:
+        name: {{ include "emqx.fullname" . }}-basic-auth
+        key: password
+      username:
+        name: {{ include "emqx.fullname" . }}-basic-auth
+        key: username
+  jobLabel: {{ .Release.Name }}-scraping
+  namespaceSelector:
+    matchNames:
+      -  {{ .Release.Namespace }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ include "emqx.name" . }}
+{{- end }}
diff --git a/deploy/charts/emqx/values.yaml b/deploy/charts/emqx/values.yaml
index abb9094a7..c6d8ae0c0 100644
--- a/deploy/charts/emqx/values.yaml
+++ b/deploy/charts/emqx/values.yaml
@@ -51,9 +51,43 @@ resources: {}
 
 # Containers that run before the creation of EMQX containers. They can contain utilities or setup scripts.
 initContainers: {}
-  # - name: mysql-probe
-  #   image: alpine
-  #   command: ["sh", "-c", "for i in $(seq 1 300); do nc -zvw1 mysql 3306 && exit 0 || sleep 3; done; exit 1"]
+  # - name: sysctl
+  #   image: busybox
+  #   securityContext:
+  #     runAsUser: 0
+  #     runAsGroup: 0
+  #     capabilities:
+  #       add:
+  #       - SYS_ADMIN
+  #       drop:
+  #       - ALL
+  #   command:
+  #     - /bin/sh
+  #     - -c
+  #     - |
+  #       mount -o remount rw /proc/sys
+  #       sysctl -w net.core.somaxconn=65535
+  #       sysctl -w net.ipv4.ip_local_port_range="1024 65535"
+  #       sysctl -w kernel.core_uses_pid=0
+  #       sysctl -w net.ipv4.tcp_tw_reuse=1
+  #       sysctl -w fs.nr_open=1000000000
+  #       sysctl -w fs.file-max=1000000000
+  #       sysctl -w net.ipv4.ip_local_port_range='1025 65534'
+  #       sysctl -w net.ipv4.udp_mem='74583000 499445000 749166000'
+  #       sysctl -w net.ipv4.tcp_max_sync_backlog=163840
+  #       sysctl -w net.core.netdev_max_backlog=163840
+  #       sysctl -w net.core.optmem_max=16777216
+  #       sysctl -w net.ipv4.tcp_rmem='1024 4096 16777216'
+  #       sysctl -w net.ipv4.tcp_wmem='1024 4096 16777216'
+  #       sysctl -w net.ipv4.tcp_max_tw_buckets=1048576
+  #       sysctl -w net.ipv4.tcp_fin_timeout=15
+  #       sysctl -w net.core.rmem_default=262144000
+  #       sysctl -w net.core.wmem_default=262144000
+  #       sysctl -w net.core.rmem_max=262144000
+  #       sysctl -w net.core.wmem_max=262144000
+  #       sysctl -w net.ipv4.tcp_mem='378150000  504200000  756300000'
+  #       sysctl -w net.netfilter.nf_conntrack_max=1000000
+  #       sysctl -w net.netfilter.nf_conntrack_tcp_timeout_time_wait=30
 
 ## EMQX configuration item, see the documentation (https://hub.docker.com/r/emqx/emqx)
 emqxConfig:
@@ -168,3 +202,7 @@ containerSecurityContext:
   enabled: true
   runAsNonRoot: true
   runAsUser: 1000
+
+metrics:
+  enabled: true
+  type: prometheus

From 5f5b3618e2833c03b81a77d3f49902d9f353cff4 Mon Sep 17 00:00:00 2001
From: Rory Z <rory-z@outlook.com>
Date: Mon, 18 Apr 2022 11:28:04 +0800
Subject: [PATCH 2/3] chore(helm): update api path to v5

---
 deploy/charts/emqx/templates/secret.yaml          | 8 ++++++++
 deploy/charts/emqx/templates/service-monitor.yaml | 4 ++--
 deploy/charts/emqx/values.yaml                    | 2 ++
 3 files changed, 12 insertions(+), 2 deletions(-)

diff --git a/deploy/charts/emqx/templates/secret.yaml b/deploy/charts/emqx/templates/secret.yaml
index b9a452006..f2ff16f6a 100644
--- a/deploy/charts/emqx/templates/secret.yaml
+++ b/deploy/charts/emqx/templates/secret.yaml
@@ -6,8 +6,16 @@ metadata:
   namespace: {{ .Release.Namespace }}
 type: kubernetes.io/basic-auth
 stringData:
+  {{- if not (empty .Values.emqxConfig.EMQX_DASHBOARD__DEFAULT_USERNAME) }}
   username: admin
+  {{- else }}
+  username: {{ .Values.emqxConfig.EMQX_DASHBOARD__DEFAULT_USERNAME }}
+  {{- end }}
+  {{- if not (empty .Values.emqxConfig.EMQX_DASHBOARD__DEFAULT_PASSWORD) }}
   password: public
+  {{- else }}
+  password: {{ .Values.emqxConfig.EMQX_DASHBOARD__DEFAULT_PASSWORD}}
+  {{- end }}
 {{- end }}
 
 # this credentials are not configurable
\ No newline at end of file
diff --git a/deploy/charts/emqx/templates/service-monitor.yaml b/deploy/charts/emqx/templates/service-monitor.yaml
index 2f6eb9db7..3d97ab351 100644
--- a/deploy/charts/emqx/templates/service-monitor.yaml
+++ b/deploy/charts/emqx/templates/service-monitor.yaml
@@ -16,9 +16,9 @@ metadata:
 spec:
   endpoints:
   - interval: 10s
-    port: mgmt
+    port: dashboard
     scheme: http
-    path: /api/v4/emqx_prometheus
+    path: /api/v5/prometheus/stats
     params:
       type:
         - prometheus
diff --git a/deploy/charts/emqx/values.yaml b/deploy/charts/emqx/values.yaml
index c6d8ae0c0..2bccefeee 100644
--- a/deploy/charts/emqx/values.yaml
+++ b/deploy/charts/emqx/values.yaml
@@ -99,6 +99,8 @@ emqxConfig:
   EMQX_CLUSTER__K8S__SUFFIX: "svc.cluster.local"
   ## if EMQX_CLUSTER__K8S__ADDRESS_TYPE eq dns
   # EMQX_CLUSTER__K8S__SUFFIX: "pod.cluster.local"
+  EMQX_DASHBOARD__DEFAULT_USERNAME: "admin"
+  EMQX_DASHBOARD__DEFAULT_PASSWORD: "public"
 
 ## EMQX Enterprise Edition requires manual creation of a Secret containing the licensed content. Write the name of Secret to the value of "emqxLicenseSecretName"
 ## Example:

From 8cbb0041d4fcc0fc52285b5f290c4afae5f1fba7 Mon Sep 17 00:00:00 2001
From: Rory Z <rory-z@outlook.com>
Date: Mon, 18 Apr 2022 11:33:32 +0800
Subject: [PATCH 3/3] docs(helm): add metrics part for README

---
 deploy/charts/emqx/README.md             | 2 ++
 deploy/charts/emqx/templates/secret.yaml | 2 --
 deploy/charts/emqx/values.yaml           | 2 +-
 3 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/deploy/charts/emqx/README.md b/deploy/charts/emqx/README.md
index 20e0e6b7e..af96c4124 100644
--- a/deploy/charts/emqx/README.md
+++ b/deploy/charts/emqx/README.md
@@ -78,4 +78,6 @@ The following table lists the configurable parameters of the emqx chart and thei
 | `ingress.mgmt.hosts` | Ingress hosts for EMQX Mgmt API |	api.emqx.local |
 | `ingress.mgmt.tls` | Ingress tls for EMQX Mgmt API |	[] |
 | `ingress.mgmt.annotations` | Ingress annotations for EMQX Mgmt API |	{} |
+| `metrics.enable` | If set to true, [prometheus-operator](https://github.com/prometheus-operator/prometheus-operator) needs to be installed, and emqx_prometheus needs to enable | false |
+| `metrics.type` | Now we only supported "prometheus" | "prometheus" |
 | `emqxConfig` | Emqx configuration item, see the [documentation](https://hub.docker.com/r/emqx/emqx) | |
diff --git a/deploy/charts/emqx/templates/secret.yaml b/deploy/charts/emqx/templates/secret.yaml
index f2ff16f6a..447326769 100644
--- a/deploy/charts/emqx/templates/secret.yaml
+++ b/deploy/charts/emqx/templates/secret.yaml
@@ -17,5 +17,3 @@ stringData:
   password: {{ .Values.emqxConfig.EMQX_DASHBOARD__DEFAULT_PASSWORD}}
   {{- end }}
 {{- end }}
-
-# this credentials are not configurable
\ No newline at end of file
diff --git a/deploy/charts/emqx/values.yaml b/deploy/charts/emqx/values.yaml
index 2bccefeee..6e6aa1859 100644
--- a/deploy/charts/emqx/values.yaml
+++ b/deploy/charts/emqx/values.yaml
@@ -206,5 +206,5 @@ containerSecurityContext:
   runAsUser: 1000
 
 metrics:
-  enabled: true
+  enabled: false
   type: prometheus