move acls and passwds to sealed secrets
This commit is contained in:
parent
b96f8c2ef8
commit
313ab18c22
|
@ -0,0 +1,17 @@
|
||||||
|
# Mosquitto installation
|
||||||
|
|
||||||
|
## Usage
|
||||||
|
|
||||||
|
*Modify ACLs*
|
||||||
|
|
||||||
|
```
|
||||||
|
vim ../../gitops-tbrnt-private/mosquitto/acl-secret.yaml
|
||||||
|
kubeseal --controller-namespace sealed-secrets -o yaml -n mosquitto < ../../gitops-tbrnt-private/mosquitto/acl-secret.yaml > acl-secret.yaml
|
||||||
|
```
|
||||||
|
|
||||||
|
*Modify users/passwords*
|
||||||
|
|
||||||
|
```
|
||||||
|
vim ../../gitops-tbrnt-private/mosquitto/passwd-secret.yaml
|
||||||
|
kubeseal --controller-namespace sealed-secrets -o yaml -n mosquitto < ../../gitops-tbrnt-private/mosquitto/passwd-secret.yaml > passwd-secret.yaml
|
||||||
|
```
|
|
@ -0,0 +1,17 @@
|
||||||
|
apiVersion: bitnami.com/v1alpha1
|
||||||
|
kind: SealedSecret
|
||||||
|
metadata:
|
||||||
|
creationTimestamp: null
|
||||||
|
name: mosquitto-acl
|
||||||
|
namespace: mosquitto
|
||||||
|
spec:
|
||||||
|
encryptedData:
|
||||||
|
mosquitto.acl: AgC/9E1WTQxVu2TtSD4P9iUjsJkRZFq2IoQXRt/acP35LI718LuYFi7FFpPQ8cLuju5TY18aQmE95yTrzux9lScADwNQc2BgkdCLt/dRmN9GYhgU/yPBOsGhWMeGo3jxqARdcKcnD3Bph6oM6ldRWg/XFdSDd8pjsmTD/MXs0i18hE/LXQpj68TtDVJKQvzsZ5ZcJqrMBSEROiGm4GrKtWVAnHae74p7Ge7STj3lg6xSY53F9UqMjbf+ldom636+0YKdAQUgl27kMMtaPyJ2LvNqaxdTpaGjRXAbAs8ZJOdUFOgtwBGxb1G7nMsxNlS1R/mzZBYi0KWptIqBbB0po+rcN7U8Sx638QqjagPLBTVIxn/I1ItmnuldwbBU2YaPCJ8hmjTa2xJT2EpgY9z5mWmxTGCHZmrlfe3t3z54o60lNsIMvMnUItND5x2hfQuC5tQUbbBCi2jUUmWGfapJS0Q+JFCvIg5w+k+xX50oqvDbQkFOOZxSZmvll38B6DUUiWlqY6p5vFzIDNlbXxHARe2fru6EFLPkYezbP3oSm8P7ArmaV7Rd8FO3P7Bchr+DcwprNlzYy+BHdwqwlWwrIXWxMHzVW+om4l0FG5JjSCPGXO8jkxox2Iis+RvAkuk1Con0WWk5JBzqs2S+yRnQr4eie4Zz0hcbhbw6twrCLH62fPcO6q8q4Rnmnd+HSGRjN1z+edlVGr0nYVy9h1CipHca3dsLXc1iwcN2kh49byhdT/TW7+iPa9DKmicfZNHOZuDOlNSFC2ixNe/0yo4xqLzrzOLM/0LY6ICxKl2mloqP5qaqBmQ1D4Cu9/JNS6xbCVjO4lLHfuwF3PVaCRvtLou5vrrXKxJcnUwdpimEQunCA5X0pdu2Q9p9gCQ//84D1EDmFmWC1ybIeMVrO4H8GtHvVloMJJxR6sLMsErzS6yNf2Ucg/TOjV8C5ojCmYlo+LJSQ7+9V2c/tvRYdBz/5Bhaxphhr8UcFXghykp4j6FskWRDz0ebhhjRmm7N7iAF0yoYDj1voYOsCVtkn8YEYqz9L066yzAuq5I4mkwBt2JS1StMlXx5zwY=
|
||||||
|
template:
|
||||||
|
metadata:
|
||||||
|
creationTimestamp: null
|
||||||
|
name: mosquitto-acl
|
||||||
|
namespace: mosquitto
|
||||||
|
type: Opaque
|
||||||
|
status: {}
|
||||||
|
|
|
@ -36,6 +36,10 @@ spec:
|
||||||
name: config
|
name: config
|
||||||
- mountPath: /mosquitto/certificates
|
- mountPath: /mosquitto/certificates
|
||||||
name: certificates
|
name: certificates
|
||||||
|
- mountPath: /mosquitto/acl
|
||||||
|
name: acl
|
||||||
|
- mountPath: /mosquitto/passwd
|
||||||
|
name: passwd
|
||||||
livenessProbe:
|
livenessProbe:
|
||||||
failureThreshold: 3
|
failureThreshold: 3
|
||||||
initialDelaySeconds: 1
|
initialDelaySeconds: 1
|
||||||
|
@ -59,6 +63,12 @@ spec:
|
||||||
- name: certificates
|
- name: certificates
|
||||||
secret:
|
secret:
|
||||||
secretName: mosquitto-tls
|
secretName: mosquitto-tls
|
||||||
|
- name: acl
|
||||||
|
secret:
|
||||||
|
secretName: mosquitto-acl
|
||||||
|
- name: passwd
|
||||||
|
secret:
|
||||||
|
secretName: mosquitto-passwd
|
||||||
---
|
---
|
||||||
apiVersion: v1
|
apiVersion: v1
|
||||||
kind: Service
|
kind: Service
|
||||||
|
@ -99,20 +109,6 @@ metadata:
|
||||||
name: mosquitto
|
name: mosquitto
|
||||||
namespace: mosquitto
|
namespace: mosquitto
|
||||||
data:
|
data:
|
||||||
mosquitto.acl: |
|
|
||||||
# This affects access control for clients with no username.
|
|
||||||
topic read $SYS/#
|
|
||||||
|
|
||||||
# This only affects clients with username "tobru".
|
|
||||||
user tobru
|
|
||||||
topic /#
|
|
||||||
topic owntracks/#
|
|
||||||
|
|
||||||
user ot-recorder
|
|
||||||
topic owntracks/#
|
|
||||||
|
|
||||||
# This affects all clients.
|
|
||||||
pattern write $SYS/broker/connection/%c/state
|
|
||||||
mosquitto.conf: |
|
mosquitto.conf: |
|
||||||
# Config file for mosquitto
|
# Config file for mosquitto
|
||||||
user mosquitto
|
user mosquitto
|
||||||
|
@ -161,11 +157,8 @@ data:
|
||||||
keyfile /mosquitto/certificates/tls.key
|
keyfile /mosquitto/certificates/tls.key
|
||||||
|
|
||||||
# Security
|
# Security
|
||||||
password_file /mosquitto/config/mosquitto.passwd
|
password_file /mosquitto/passwd/mosquitto.passwd
|
||||||
acl_file /mosquitto/config/mosquitto.acl
|
acl_file /mosquitto/acl/mosquitto.acl
|
||||||
mosquitto.passwd: |
|
|
||||||
tobru:$6$J8h/CHCqJgNR6O3I$jhvpbYRQkS59NUHCWcTl4Bno0dBOHmGyI9wjMObvMXCabt//ksWN33AkYOeZc+afMbHlBftX2NfIxuclzLNXMg==
|
|
||||||
ot-recorder:$6$naz4hsdtrfSyQa4P$IJnC8S6B4nDHxFLS2xFKkHzEL6UQg6iS3Y9mduzrY26LrA5JuXjMLer7dRmAT39yRyo6jEW4y01vBoVSxacFdQ==
|
|
||||||
ca.crt: |
|
ca.crt: |
|
||||||
-----BEGIN CERTIFICATE-----
|
-----BEGIN CERTIFICATE-----
|
||||||
MIIEkjCCA3qgAwIBAgIQCgFBQgAAAVOFc2oLheynCDANBgkqhkiG9w0BAQsFADA/
|
MIIEkjCCA3qgAwIBAgIQCgFBQgAAAVOFc2oLheynCDANBgkqhkiG9w0BAQsFADA/
|
||||||
|
|
|
@ -0,0 +1,17 @@
|
||||||
|
apiVersion: bitnami.com/v1alpha1
|
||||||
|
kind: SealedSecret
|
||||||
|
metadata:
|
||||||
|
creationTimestamp: null
|
||||||
|
name: mosquitto-passwd
|
||||||
|
namespace: mosquitto
|
||||||
|
spec:
|
||||||
|
encryptedData:
|
||||||
|
mosquitto.passwd: AgDY5IkOr4zeS1eHw7id85poA4wuun5apYDeRsnN7cojwiYkTtxEWWfpnUxhTL7KShbf1vvNTEXQqm0T5uNlcOimvORcurnikUFpKyfU0di0UhuJLeshoL/VOcPuN1gFSu0e9MV8cCQSou/+72ZR4Os0xG5PEqdY3UyI0vGM7tbmp89mvpFwBom84t7PlaSHxSKvZT6bAwDcenjwXSMGLl3NMuLwI6mze/Y23IPUkATllZf0ovwFQmxml5snhMzkthJ+ShLTuIKr/rB8XvAfM90vMtgAVE8q1RPscXfBaO9u16I/M1yzKbLlJh3UVnq7IZzxRamotbmheV2jOIzBs2ATkAX3j3yqA2HPmxjpsJUt8HrE84g61jjE0VSO6u55xlA+WECXfHMOdIBDrVFdOnejzBJ8TTLfHOJQTq4NitM9GtcnzGPLWsYrm459zeBdH5l9y9Z5ONHS0wAEqMsRuzPSPoeGwwLWy1hd2XePJQ/jBD+DhS8g9leEFL8GudmaRK7xgoC3/v+LEN4xkQs43FOIp/C43TgS/NyvZWGHXDsHTL8g6gThnFxf1D7yTo73ngCpxVnrNH3EMOI28HjWvoOSjLzM7IIf0erJmYMg57qkiWNIXms8hrHeWH4wFEe9gBz1emaVGbrVMPjsXdN/b36zc4DTVGhyqhQ8SUxNfY5bfrJK/pRRWKzRNSDoBYV+/nu3btwNdlHkVOq2knb7agNfHtIqP64GBosaaMYzaIHs9GxRkvKFX6KARIqPW9JXvXXGVMh1AZcg18TsnbQ1Nk06u9froldDBiQbMmvBh4aqueInHL7QmSkwqhUjQUQHhUb4Cm4GMc26qVs1IHWRpW+QA9TyL2QbYneMnaVRx9WirAR1FE/Z7l+mnSKKBgx14nfNqr2YYQR0AhDZSEmYhruQt29qbRqenbJY4UFLd3ZI57P0hbUTd/2+7at5w4AHkBSxDmyaGdx6mB7Pzley2A+rT+Z/VoEt52za5vq7cyWElAbeqksqwhZQQNy9Lw==
|
||||||
|
template:
|
||||||
|
metadata:
|
||||||
|
creationTimestamp: null
|
||||||
|
name: mosquitto-passwd
|
||||||
|
namespace: mosquitto
|
||||||
|
type: Opaque
|
||||||
|
status: {}
|
||||||
|
|
Reference in New Issue