From 1649f679968c791f98abb082301543ec01245a90 Mon Sep 17 00:00:00 2001 From: Ivan Dyachkov Date: Tue, 2 Jan 2024 09:03:43 +0100 Subject: [PATCH 1/2] chore: do not expose 11883 by default in docker as we do not listen on it --- Dockerfile.ubuntu20.04.runner | 3 +-- .../emqx-enterprise/templates/StatefulSet.yaml | 4 ---- .../emqx-enterprise/templates/service.yaml | 17 ----------------- deploy/charts/emqx/templates/StatefulSet.yaml | 4 ---- deploy/charts/emqx/templates/service.yaml | 17 ----------------- deploy/docker/Dockerfile | 3 +-- 6 files changed, 2 insertions(+), 46 deletions(-) diff --git a/Dockerfile.ubuntu20.04.runner b/Dockerfile.ubuntu20.04.runner index 1bb44a6e9d..1b340aaf87 100644 --- a/Dockerfile.ubuntu20.04.runner +++ b/Dockerfile.ubuntu20.04.runner @@ -30,11 +30,10 @@ VOLUME ["/opt/emqx/log", "/opt/emqx/data"] # - 8083 for WebSocket/HTTP # - 8084 for WSS/HTTPS # - 8883 port for MQTT(SSL) -# - 11883 port for internal MQTT/TCP # - 18083 for dashboard and API # - 4370 default Erlang distrbution port # - 5369 for backplain gen_rpc -EXPOSE 1883 8083 8084 8883 11883 18083 4370 5369 +EXPOSE 1883 8083 8084 8883 18083 4370 5369 ENTRYPOINT ["/usr/bin/docker-entrypoint.sh"] diff --git a/deploy/charts/emqx-enterprise/templates/StatefulSet.yaml b/deploy/charts/emqx-enterprise/templates/StatefulSet.yaml index a70b6d1687..96702ebd78 100644 --- a/deploy/charts/emqx-enterprise/templates/StatefulSet.yaml +++ b/deploy/charts/emqx-enterprise/templates/StatefulSet.yaml @@ -111,10 +111,6 @@ spec: containerPort: {{ .Values.emqxConfig.EMQX_LISTENERS__WSS__DEFAULT__BIND | default 8084 }} - name: dashboard containerPort: {{ .Values.emqxConfig.EMQX_DASHBOARD__LISTENER__HTTP__BIND | default 18083 }} - {{- if not (empty .Values.emqxConfig.EMQX_LISTENERS__TCP__INTERNAL__BIND) }} - - name: internalmqtt - containerPort: {{ .Values.emqxConfig.EMQX_LISTENERS__TCP__INTERNAL__BIND }} - {{- end }} {{- if not (empty .Values.emqxConfig.EMQX_DASHBOARD__LISTENER__HTTPS__BIND) }} - name: dashboardtls containerPort: {{ .Values.emqxConfig.EMQX_DASHBOARD__LISTENER__HTTPS__BIND }} diff --git a/deploy/charts/emqx-enterprise/templates/service.yaml b/deploy/charts/emqx-enterprise/templates/service.yaml index 525390a900..bb45adb502 100644 --- a/deploy/charts/emqx-enterprise/templates/service.yaml +++ b/deploy/charts/emqx-enterprise/templates/service.yaml @@ -41,17 +41,6 @@ spec: {{- else if eq .Values.service.type "ClusterIP" }} nodePort: null {{- end }} - {{- if not (empty .Values.emqxConfig.EMQX_LISTENERS__TCP__INTERNAL__BIND) }} - - name: internalmqtt - port: {{ .Values.service.internalmqtt | default 11883 }} - protocol: TCP - targetPort: internalmqtt - {{- if and (or (eq .Values.service.type "NodePort") (eq .Values.service.type "LoadBalancer")) (not (empty .Values.service.nodePorts.internalmqtt)) }} - nodePort: {{ .Values.service.nodePorts.internalmqtt }} - {{- else if eq .Values.service.type "ClusterIP" }} - nodePort: null - {{- end }} - {{ end }} - name: mqttssl port: {{ .Values.service.mqttssl | default 8883 }} protocol: TCP @@ -124,12 +113,6 @@ spec: port: {{ .Values.service.mqtt | default 1883 }} protocol: TCP targetPort: mqtt - {{- if not (empty .Values.emqxConfig.EMQX_LISTENERS__TCP__INTERNAL__BIND) }} - - name: internalmqtt - port: {{ .Values.service.internalmqtt | default 11883 }} - protocol: TCP - targetPort: internalmqtt - {{ end }} - name: mqttssl port: {{ .Values.service.mqttssl | default 8883 }} protocol: TCP diff --git a/deploy/charts/emqx/templates/StatefulSet.yaml b/deploy/charts/emqx/templates/StatefulSet.yaml index 624f0f2ab2..1eba3d1ba1 100644 --- a/deploy/charts/emqx/templates/StatefulSet.yaml +++ b/deploy/charts/emqx/templates/StatefulSet.yaml @@ -111,10 +111,6 @@ spec: containerPort: {{ .Values.emqxConfig.EMQX_LISTENERS__WSS__DEFAULT__BIND | default 8084 }} - name: dashboard containerPort: {{ .Values.emqxConfig.EMQX_DASHBOARD__LISTENERS__HTTP__BIND | default 18083 }} - {{- if not (empty .Values.emqxConfig.EMQX_LISTENERS__TCP__INTERNAL__BIND) }} - - name: internalmqtt - containerPort: {{ .Values.emqxConfig.EMQX_LISTENERS__TCP__INTERNAL__BIND }} - {{- end }} {{- if not (empty .Values.emqxConfig.EMQX_DASHBOARD__LISTENERS__HTTPS__BIND) }} - name: dashboardtls containerPort: {{ .Values.emqxConfig.EMQX_DASHBOARD__LISTENERS__HTTPS__BIND }} diff --git a/deploy/charts/emqx/templates/service.yaml b/deploy/charts/emqx/templates/service.yaml index 525390a900..bb45adb502 100644 --- a/deploy/charts/emqx/templates/service.yaml +++ b/deploy/charts/emqx/templates/service.yaml @@ -41,17 +41,6 @@ spec: {{- else if eq .Values.service.type "ClusterIP" }} nodePort: null {{- end }} - {{- if not (empty .Values.emqxConfig.EMQX_LISTENERS__TCP__INTERNAL__BIND) }} - - name: internalmqtt - port: {{ .Values.service.internalmqtt | default 11883 }} - protocol: TCP - targetPort: internalmqtt - {{- if and (or (eq .Values.service.type "NodePort") (eq .Values.service.type "LoadBalancer")) (not (empty .Values.service.nodePorts.internalmqtt)) }} - nodePort: {{ .Values.service.nodePorts.internalmqtt }} - {{- else if eq .Values.service.type "ClusterIP" }} - nodePort: null - {{- end }} - {{ end }} - name: mqttssl port: {{ .Values.service.mqttssl | default 8883 }} protocol: TCP @@ -124,12 +113,6 @@ spec: port: {{ .Values.service.mqtt | default 1883 }} protocol: TCP targetPort: mqtt - {{- if not (empty .Values.emqxConfig.EMQX_LISTENERS__TCP__INTERNAL__BIND) }} - - name: internalmqtt - port: {{ .Values.service.internalmqtt | default 11883 }} - protocol: TCP - targetPort: internalmqtt - {{ end }} - name: mqttssl port: {{ .Values.service.mqttssl | default 8883 }} protocol: TCP diff --git a/deploy/docker/Dockerfile b/deploy/docker/Dockerfile index b2dfbb1f65..6aaf1bf2ee 100644 --- a/deploy/docker/Dockerfile +++ b/deploy/docker/Dockerfile @@ -64,11 +64,10 @@ VOLUME ["/opt/emqx/log", "/opt/emqx/data"] # - 8083 for WebSocket/HTTP # - 8084 for WSS/HTTPS # - 8883 port for MQTT(SSL) -# - 11883 port for internal MQTT/TCP # - 18083 for dashboard and API # - 4370 default Erlang distribution port # - 5369 for backplane gen_rpc -EXPOSE 1883 8083 8084 8883 11883 18083 4370 5369 +EXPOSE 1883 8083 8084 8883 18083 4370 5369 ENTRYPOINT ["/usr/bin/docker-entrypoint.sh"] From 4c761b0ff9f25e9d4f87ad1513fdec7ac0188430 Mon Sep 17 00:00:00 2001 From: Ivan Dyachkov Date: Tue, 2 Jan 2024 10:50:15 +0100 Subject: [PATCH 2/2] docs: add changelog entry --- changes/ee/fix-12246.en.md | 1 + 1 file changed, 1 insertion(+) create mode 100644 changes/ee/fix-12246.en.md diff --git a/changes/ee/fix-12246.en.md b/changes/ee/fix-12246.en.md new file mode 100644 index 0000000000..29ea2419ec --- /dev/null +++ b/changes/ee/fix-12246.en.md @@ -0,0 +1 @@ +Do not expose 11883 port by default in docker and remove it from helm chart since this port is no longer in use.