search

emqx / emqx-rel

Release Project for EMQX Broker prior to 4.3. Newer releases are built here: https://github.com/emqx/emqx
https://www.emqx.com
Apache License 2.0
190 stars 221 forks source link

How to update emqx enterprise license without restart pod #657

Closed xpunch closed 3 years ago

xpunch commented 3 years ago

I'm using emqx/emqx-ee@4.2.6 with helm, as the license will expire soon, I brought an new license. After update emqxLicenseSecret in k8s, emqx.lic file didn't change in emqx pod. Can I update license without redploy emqx cluster, cause this will make client disconnect.

k32 commented 3 years ago

Hello,

Apologies in advance, since I don't know k8s very well, but from reading the definition of the emqx-ee helm chart, it looks like the chart mounts the secret configured as emqxLicenseSecretName as a volume in the container: 

      volumes:
      {{- if .Values.emqxLicenseSecretName  }}
      - name: emqx-license
        secret:
          secretName: {{ .Values.emqxLicenseSecretName }}

...

      containers:
        - name: emqx
         ...
          volumeMounts:
          - ....
          {{ if .Values.emqxLicenseSecretName  }}
          - name: emqx-license
            mountPath: "/opt/emqx/etc/emqx.lic"
            subPath: "emqx.lic"
            readOnly: true
          {{ end }}
       ...

Perhaps the way forward is to edit the existing secret (kubectl edit secrets <emqxLicenseSecretName>) and wait until Kubernetes updates the mounted secret: https://kubernetes.io/docs/concepts/configuration/secret/#mounted-secrets-are-updated-automatically

But please keep in mind, that my experience in operating k8s is extremely limited, so maybe wait until someone else with more experience gives the answer.

k32 commented 3 years ago

P.S.

Can I update license without redploy emqx cluster, cause this will make client disconnect.

Are you worried about client disconnect or reconnect? If you use kubectl rollout feature to perform rolling restart, the configuration upgrade will proceed with a retatively little traffic disturbance. The clients will indeed reconnect immediately to the new pod. This is completely normal in the kubernetes world, where everything is immutable.

xpunch commented 3 years ago

@k32 Thanks for your advice, the volume mount is defined as emqx.lic, which is a file, will not updated in pod when original file updated(Seems an docker issue). If volume mounted is a path, which will works when original file updated. I've tried what you said that to edit existing secret, as I said, the emqx.lic still get no changed in the target pod(two days passed after I edit the secret).