Skip to content

chore(k8s): refresh emqx-operator documentation #3260

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
keynslug wants to merge 11 commits into
base: release-6.0
Choose a base branch
from
Open

chore(k8s): refresh emqx-operator documentation #3260

Show file tree
Hide file tree
Changes from 6 commits
Commits
Show all changes
11 commits
Select commit Hold shift + click to select a range
fecddc3
chore(k8s): refresh emqx-operator documentation
keynslug Nov 26, 2025
1d1e4a1
fix(k8s): unbreak CRD reference links
keynslug Nov 26, 2025
0c8c949
fix: refer to 5.8 as recent open source release
keynslug Nov 17, 2025
671d395
chore(k8s): move GKE-related warning to respective doc
keynslug Nov 17, 2025
26225eb
Editorial updates
Meggielqk Dec 5, 2025
8f5717b
Sync zh and ja folders
Meggielqk Dec 5, 2025
40aa1a9
fix: delete 'Enterprise' before 'license' because Enterprise is the only
zmstone Dec 5, 2025
444fbde
chore(k8s): explain 2.2.x compatibility shortcomings
keynslug Dec 5, 2025
06ebcb4
fix: refine license management docs
zmstone Dec 5, 2025
c5287f2
docs: add translations
zmstone Dec 5, 2025
44b70c9
fix: rename diagram
id Dec 5, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
4 changes: 2 additions & 2 deletions current-version.env
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
EE_VERSION=6.0.1
CE_VERSION=5.9.0
CE_VERSION=5.8.8
EE_MINOR_VERSION=6.0
CE_MINOR_VERSION=5.9
CE_MINOR_VERSION=5.8
41 changes: 24 additions & 17 deletions dir.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -141,33 +141,33 @@
path: deploy/kubernetes/operator/tasks/overview
collapsed: true
children:
- title_en: Configure License (Enterprise)
title_cn: 配置 License (企业版)
title_ja: Configure License (Enterprise)
- title_en: Manage Enterprise License
title_cn: 配置 License
title_ja: Manage Enterprise License
path: deploy/kubernetes/operator/tasks/configure-emqx-license
- title_en: Enable TLS in EMQX
- title_en: Enable TLS for Listeners
title_cn: 在 EMQX 中开启 TLS
title_ja: Enable TLS in EMQX
title_ja: Enable TLS for Listeners
path: deploy/kubernetes/operator/tasks/configure-emqx-tls
- title_en: Change EMQX Configurations
- title_en: Change EMQX Configuration
title_cn: 修改 EMQX 配置
title_ja: Change EMQX Configurations
title_ja: Change EMQX Configuration
path: deploy/kubernetes/operator/tasks/configure-emqx-config
- title_en: Enable Core + Replicant Cluster
title_cn: 配置 Core + Replica 集群
title_ja: Enable Core + Replicant Cluster
- title_en: Enable Core-Replicant Deployment
title_cn: 配置 Core-Replicant 集群
title_ja: Enable Core-Replicant Deployment
path: deploy/kubernetes/operator/tasks/configure-emqx-core-replicant
- title_en: Enable Persistence
title_cn: 开启持久化
title_ja: Enable Persistence
path: deploy/kubernetes/operator/tasks/configure-emqx-persistence
- title_en: Access EMQX Cluster by LoadBalancer
- title_en: Access EMQX Cluster through LoadBalancer
title_cn: 通过 LoadBalancer 访问 EMQX Cluster
title_ja: Access EMQX Cluster by LoadBalancer
title_ja: Access EMQX Cluster through LoadBalancer
path: deploy/kubernetes/operator/tasks/configure-emqx-service
- title_en: Configure Blue-Green Upgrade
- title_en: Perform Blue-Green Upgrade
title_cn: 配置蓝绿发布
title_ja: Configure Blue-Green Upgrade
title_ja: Perform Blue-Green Upgrade
path: deploy/kubernetes/operator/tasks/configure-emqx-blueGreenUpdate
- title_en: Collect EMQX Logs
title_cn: 采集 EMQX 日志
Expand All @@ -181,15 +181,22 @@
title_cn: 监控 EMQX 集群
title_ja: Monitor EMQX Cluster
path: deploy/kubernetes/operator/tasks/configure-emqx-prometheus
- title_en: Load Balance EMQX Cluster
- title_en: Rebalance Cluster Load
title_cn: 负载均衡 EMQX 集群
title_ja: Load Balance EMQX Cluster
title_ja: Rebalance Cluster Load
path: deploy/kubernetes/operator/tasks/configure-emqx-rebalance
- title_en: Deploy EMQX Cluster in k8s with Restricted Access
title_ja: Deploy EMQX Cluster in k8s with Restricted Access
title_cn: 在受限的 k8s 环境中部署 EMQX 集群
path: deploy/kubernetes/operator/tasks/configure-emqx-restricted-k8s
- deploy/kubernetes/operator/api-reference
- title_en: API Reference
title_cn: API Reference
title_ja: API Reference
path: deploy/kubernetes/operator/reference/overview
collapsed: true
children:
- deploy/kubernetes/operator/reference/v2-reference
- deploy/kubernetes/operator/reference/v2beta1-reference
- title_en: EMQX Helm Chart
title_cn: EMQX Helm Chart
title_ja: EMQX Helm Chart
Expand Down
298 changes: 154 additions & 144 deletions en_US/deploy/kubernetes/operator/aws-eks.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,153 +1,161 @@
# Deploy EMQX on Amazon Elastic Kubernetes Service

EMQX Operator supports deploying EMQX on Amazon Container Service EKS (Elastic Kubernetes Service). Amazon EKS is a managed Kubernetes service that makes it easy to deploy, manage, and scale containerized applications. EKS provides the Kubernetes control plane and node groups, automatically handling node replacements, upgrades, and patching. It supports AWS services such as Load Balancers, RDS, and IAM, and integrates seamlessly with other Kubernetes ecosystem tools. For details, please see [What is Amazon EKS](https://docs.aws.amazon.com/eks/latest/userguide/what-is-eks.html)
EMQX Operator supports running on Amazon Container Service EKS (Elastic Kubernetes Service). Amazon EKS is a managed Kubernetes service that simplifies the deployment, management, and scaling of containerized applications. EKS provides the Kubernetes control plane and node groups, automatically handling node replacements, upgrades, and patching. It supports AWS services such as Load Balancers, RDS, and IAM, and integrates seamlessly with other Kubernetes ecosystem tools.

## Before You Begin
For an in-depth introduction, refer to [What is Amazon EKS](https://docs.aws.amazon.com/eks/latest/userguide/what-is-eks.html).

Before you begin, you must have the following:

- Activate Amazon Container Service and create an EKS cluster. For details, please refer to: [Create an Amazon EKS cluster](https://docs.aws.amazon.com/eks/latest/userguide/getting-started.html)

- Connect to EKS cluster by installing kubectl tool locally: For details, please refer to: [Using kubectl to connect to the cluster](https://docs.aws.amazon.com/eks/latest/userguide/getting-started-console.html#eks-configure-kubectl)

- Deploy an AWS Load Balancer Controller on a cluster, for details, please refer to: [Create a Network Load Balancer](https://docs.aws.amazon.com/eks/latest/userguide/network-load-balancing.html)

- Install the Amazon EBS CSI driver on the cluster, for details, please refer to: [Amazon EBS CSI driver](https://docs.aws.amazon.com/eks/latest/userguide/ebs-csi.html)

- Install EMQX Operator: For details, please refer to: [Install EMQX Operator](./getting-started.md)

## Quickly Deploy an EMQX Cluster

The following is the relevant configuration of EMQX custom resources.

+ Save the following content as a YAML file and deploy it via the `kubectl apply` command

```yaml
# Configure EBS StorageClass with WaitForFirstConsumer binding mode
# This ensures volumes are created in the same AZ as the pods that will use them
apiVersion: storage.k8s.io/v1
kind: StorageClass
metadata:
name: ebs-sc
provisioner: ebs.csi.aws.com
volumeBindingMode: WaitForFirstConsumer
---
apiVersion: apps.emqx.io/v2beta1
kind: EMQX
metadata:
name: emqx
spec:
image: emqx/emqx-enterprise:@EE_VERSION@
config:
data: |
license {
key = "..."
}
coreTemplate:
spec:
## EMQX custom resources do not support updating this field at runtime
volumeClaimTemplates:
storageClassName: ebs-sc
resources:
requests:
storage: 10Gi
accessModes:
- ReadWriteOnce
dashboardServiceTemplate:
metadata:
## More content: https://kubernetes-sigs.github.io/aws-load-balancer-controller/v2.4/guide/service/annotations/
annotations:
## Specifies whether the NLB is Internet-facing or internal. If not specified, defaults to internal.
service.beta.kubernetes.io/aws-load-balancer-type: external
service.beta.kubernetes.io/aws-load-balancer-scheme: internet-facing
spec:
type: LoadBalancer
## More content: https://kubernetes-sigs.github.io/aws-load-balancer-controller/v2.4/guide/service/nlb/
loadBalancerClass: service.k8s.aws/nlb
listenersServiceTemplate:
metadata:
## More content: https://kubernetes-sigs.github.io/aws-load-balancer-controller/v2.4/guide/service/annotations/
annotations:
## Specifies whether the NLB is Internet-facing or internal. If not specified, defaults to internal.
service.beta.kubernetes.io/aws-load-balancer-type: external
service.beta.kubernetes.io/aws-load-balancer-scheme: internet-facing
spec:
type: LoadBalancer
## More content: https://kubernetes-sigs.github.io/aws-load-balancer-controller/v2.4/guide/service/nlb/
loadBalancerClass: service.k8s.aws/nlb
```

+ Wait for EMQX cluster to be ready, you can check the status of EMQX cluster through `kubectl get` command, please make sure that `STATUS` is `Running`, this may take some time

```bash
$ kubectl get emqx emqx
NAME IMAGE STATUS AGE
emqx emqx/emqx-enterprise:@EE_VERSION@ Running 10m
```

+ Obtain Dashboard External IP of EMQX cluster and access EMQX console

EMQX Operator will create two EMQX Service resources, one is emqx-dashboard and the other is emqx-listeners, corresponding to EMQX console and EMQX listening port respectively.

```bash
$ kubectl get svc emqx-dashboard -o json | jq '.status.loadBalancer.ingress[0].ip'

192.168.1.200
```

Access `http://192.168.1.200:18083` through a browser, and use the default username and password `admin/public` to login EMQX console.

## Use MQTTX application To Publish/Subscribe Messages

[MQTTX CLI](https://mqttx.app/cli) is an open source MQTT 5.0 command line client tool, designed to help developers to more Quickly develop and debug MQTT services and applications.

+ Obtain External IP of EMQX cluster

```bash
external_ip=$(kubectl get svc emqx-listeners -o json | jq '.status.loadBalancer.ingress[0].ip')
```

+ Subscribe to news

```bash
$ mqttx sub -t 'hello' -h ${external_ip} -p 1883

[10:00:25] › … Connecting...
[10:00:25] › ✔ Connected
[10:00:25] › … Subscribing to hello...
[10:00:25] › ✔ Subscribed to hello
```

+ create a new terminal window and publish message

```bash
$ mqttx pub -t 'hello' -h ${external_ip} -p 1883 -m 'hello world'

[10:00:58] › … Connecting...
[10:00:58] › ✔ Connected
[10:00:58] › … Message Publishing...
[10:00:58] › ✔ Message published
```

+ View messages received in the subscribed terminal window

```bash
[10:00:58] › payload: hello world
```

## Terminate TLS Encryption With LoadBalancer

On Amazon EKS, you can use the NLB to do TLS termination, which you can do in the following steps:

1. Import relevant certificates in [AWS Console](https://us-east-2.console.aws.amazon.com/acm/home), then enter the details page by clicking the certificate ID, Then record the ARN information

:::tip

For the import format of certificates and keys, please refer to [import certificate](https://docs.aws.amazon.com/acm/latest/userguide/import-certificate-format.html)
## Before You Begin

Before deploying EMQX on EKS, ensure you have completed the following prerequisites:

- Create an EKS cluster.<br/>See [Create an Amazon EKS cluster](https://docs.aws.amazon.com/eks/latest/userguide/getting-started.html) for more details.

- Configure kubectl to connect to your EKS cluster.<br/>See [Using kubectl to connect to the cluster](https://docs.aws.amazon.com/eks/latest/userguide/getting-started-console.html#eks-configure-kubectl) for more details.

- Deploy an AWS Load Balancer Controller on a cluster.<br/>See [Create a Network Load Balancer](https://docs.aws.amazon.com/eks/latest/userguide/network-load-balancing.html) for more details.

- Install the Amazon EBS CSI driver on the cluster.<br/>See [Amazon EBS CSI driver](https://docs.aws.amazon.com/eks/latest/userguide/ebs-csi.html) for further details.

- Install EMQX Operator.<br/>Please refer to [Install EMQX Operator](./getting-started.md) for further details.

## Deploy EMQX Cluster Quickly

The following example demonstrates the relevant EMQX Custom Resource (CR) configuration for deployment on EKS.

1. Save the following content as a YAML file and deploy it with `kubectl apply`.

```yaml
# Configure EBS StorageClass with WaitForFirstConsumer binding mode
# This ensures volumes are created in the same AZ as the pods that will use them
apiVersion: storage.k8s.io/v1
kind: StorageClass
metadata:
name: ebs-sc
provisioner: ebs.csi.aws.com
volumeBindingMode: WaitForFirstConsumer
---
apiVersion: apps.emqx.io/v2beta1
kind: EMQX
metadata:
name: emqx
spec:
image: emqx/emqx:@EE_VERSION@
config:
data: |
license {
key = "..."
}
coreTemplate:
spec:
## EMQX custom resources do not support updating this field at runtime
volumeClaimTemplates:
storageClassName: ebs-sc
resources:
requests:
storage: 10Gi
accessModes:
- ReadWriteOnce
dashboardServiceTemplate:
metadata:
## More content: https://kubernetes-sigs.github.io/aws-load-balancer-controller/v2.4/guide/service/annotations/
annotations:
## Specifies whether the NLB is Internet-facing or internal. If not specified, defaults to internal.
service.beta.kubernetes.io/aws-load-balancer-type: external
service.beta.kubernetes.io/aws-load-balancer-scheme: internet-facing
spec:
type: LoadBalancer
## More content: https://kubernetes-sigs.github.io/aws-load-balancer-controller/v2.4/guide/service/nlb/
loadBalancerClass: service.k8s.aws/nlb
listenersServiceTemplate:
metadata:
## More content: https://kubernetes-sigs.github.io/aws-load-balancer-controller/v2.4/guide/service/annotations/
annotations:
## Specifies whether the NLB is Internet-facing or internal. If not specified, defaults to internal.
service.beta.kubernetes.io/aws-load-balancer-type: external
service.beta.kubernetes.io/aws-load-balancer-scheme: internet-facing
spec:
type: LoadBalancer
## More content: https://kubernetes-sigs.github.io/aws-load-balancer-controller/v2.4/guide/service/nlb/
loadBalancerClass: service.k8s.aws/nlb
```

2. Wait for the EMQX cluster to become ready.

Use the following command to check the status. The `STATUS` field must show `Ready`, which may take several minutes:

```shell
$ kubectl get emqx
NAME STATUS AGE
emqx Ready 55s
```

3. Obtain the external IP of the EMQX Dashboard and access it.

The EMQX Operator creates a Service for the EMQX Dashboard based on your `dashboardServiceTemplate` configuration.

```shell
$ kubectl get svc emqx-dashboard -o json | jq -r '.status.loadBalancer.ingress[0].ip'
192.168.1.200
```

4. Open the Dashboard at: `http://192.168.1.200:18083`.

Log in with the default credentials:

- **Username:** `admin`
- **Password:** `public`

## Subscribe and Publish

This walkthrough uses [MQTTX CLI](https://mqttx.app/cli), an open-source MQTT 5.0 command-line client tool that helps developers quickly test the MQTT services and applications.

1. Retrieve the external IP of the EMQX TCP listener.

The EMQX Operator automatically creates a Service resource for each configured listener.

```shell
external_ip=$(kubectl get svc emqx-listeners -o json | jq -r '.status.loadBalancer.ingress[0].ip')
```

2. Subscribe to a topic.

```shell
$ mqttx sub -t 'hello' -h ${external_ip} -p 1883

[10:00:25] › … Connecting...
[10:00:25] › ✔ Connected
[10:00:25] › … Subscribing to hello...
[10:00:25] › ✔ Subscribed to hello
```

3. In another terminal, connect to the EMQX cluster and publish a message.

```shell
$ mqttx pub -t 'hello' -h ${external_ip} -p 1883 -m 'hello world'

[10:00:58] › … Connecting...
[10:00:58] › ✔ Connected
[10:00:58] › … Message Publishing...
[10:00:58] › ✔ Message published
```

4. Observe the subscriber receiving the message.

```shell
[10:00:58] › payload: hello world
```

## Terminate TLS Encryption with LoadBalancer

You can use an AWS Network Load Balancer (NLB) to terminate TLS traffic for EMQX. Follow the steps below:

1. Import relevant certificates in [AWS Console](https://us-east-2.console.aws.amazon.com/acm/home). Open the certificate details page by clicking the certificate ID. Record the certificate ARN.

::: tip
For certificate/key import formats, see [Importing certificates](https://docs.aws.amazon.com/acm/latest/userguide/import-certificate-format.html).
:::

2. Add some annotations in EMQX custom resources' metadata, just as shown below:
2. Add annotations to the EMQX Service metadata, for example:

```yaml
## Specifies the ARN of one or more certificates managed by the AWS Certificate Manager.
Expand All @@ -159,4 +167,6 @@ On Amazon EKS, you can use the NLB to do TLS termination, which you can do in th
service.beta.kubernetes.io/aws-load-balancer-ssl-ports: "1883"
```

> The value of `service.beta.kubernetes.io/aws-load-balancer-ssl-cert` is the ARN information we record in step 1.
::: tip
The value of `service.beta.kubernetes.io/aws-load-balancer-ssl-cert` should match the ARN recorded in step 1.
:::
Loading