install mosquitto

2020-01-25 20:26:22 +01:00 · 2020-01-25 20:26:22 +01:00 · 67a1df682a
parent de1660a9d9
commit 67a1df682a
2 changed files with 225 additions and 0 deletions
--- a/_apps/mosquitto.yaml
+++ b/_apps/mosquitto.yaml
@ -0,0 +1,21 @@
+apiVersion: argoproj.io/v1alpha1
+kind: Application
+metadata:
+  name: mosquitto
+  namespace: argocd
+  finalizers:
+  - resources-finalizer.argocd.argoproj.io
+spec:
+  destination:
+    namespace: mosquitto
+    server: https://kubernetes.default.svc
+  project: default
+  source:
+    path: mosquitto
+    repoURL: https://git.tbrnt.ch/tobru/gitops-tbrnt.git
+    targetRevision: HEAD
+---
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: mosquitto
--- a/mosquitto/app.yaml
+++ b/mosquitto/app.yaml
@ -0,0 +1,204 @@
+apiVersion: extensions/v1beta1
+kind: Deployment
+metadata:
+  name: mosquitto
+  namespace: mosquitto
+  labels:
+    app: mosquitto
+spec:
+  replicas: 1
+  template:
+    metadata:
+      labels:
+        app: mosquitto
+    spec:
+      containers:
+      - name: mosquitto
+        image: docker.io/eclipse-mosquitto:1.6
+        imagePullPolicy: Always
+        ports:
+          - containerPort: 1883
+            name: mqtt
+            protocol: TCP
+          - containerPort: 8883
+            name: mqtts
+            protocol: TCP
+          - containerPort: 9002
+            name: mqttwebsocket
+            protocol: TCP
+        volumeMounts:
+          - mountPath: /mosquitto/config
+            name: config
+          - mountPath: /mosquitto/certificates
+            name: certificates
+        livenessProbe:
+          failureThreshold: 3
+          initialDelaySeconds: 1
+          periodSeconds: 10
+          successThreshold: 1
+          tcpSocket:
+            port: 9002
+          timeoutSeconds: 1
+        readinessProbe:
+          failureThreshold: 3
+          initialDelaySeconds: 1
+          periodSeconds: 10
+          successThreshold: 1
+          tcpSocket:
+            port: 9002
+          timeoutSeconds: 1
+      volumes:
+        - name: config
+          configMap:
+            name: mosquitto
+        - name: certificates
+          secret:
+            secretName: mosquitto-tls
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: mqtt-tls
+  namespace: mosquitto
+  labels:
+    app: mosquitto
+spec:
+  ports:
+  - port: 8883
+    protocol: TCP
+    targetPort: mqtts
+    name: mqtts
+  selector:
+    app: mosquitto
+  type: LoadBalancer
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: mqtt-plain
+  namespace: mosquitto
+  labels:
+    app: mosquitto
+spec:
+  ports:
+  - port: 1883
+    protocol: TCP
+    targetPort: mqtt
+  selector:
+    app: mosquitto
+  type: ClusterIP
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: mosquitto
+  namespace: mosquitto
+data:
+  mosquitto.acl: |
+    # This affects access control for clients with no username.
+    topic read $SYS/#
+
+    # This only affects clients with username "tobru".
+    user tobru
+    topic /#
+    topic owntracks/#
+
+    user ot-recorder
+    topic owntracks/#
+
+    # This affects all clients.
+    pattern write $SYS/broker/connection/%c/state
+  mosquitto.conf: |
+    # Config file for mosquitto
+    user mosquitto
+
+    sys_interval 10
+    max_inflight_messages 40
+    max_queued_messages 200
+    queue_qos0_messages false
+    message_size_limit 0
+    allow_zero_length_clientid true
+    persistent_client_expiration 3m
+    allow_duplicate_messages false
+    autosave_interval 60
+    autosave_on_changes false
+
+    # Persistence configuration
+    persistence false
+    # persistence_location /mosquitto/data/
+
+    # Logging
+    connection_messages true
+    log_dest stderr
+    log_dest stdout
+    log_type error
+    log_type warning
+    log_type notice
+    log_type information
+    log_type subscribe
+    #log_type all
+    #log_type debug
+    log_timestamp true
+
+    # Listeners
+    listener 1883
+
+    listener 8883
+    cafile /mosquitto/config/ca.crt
+    certfile /mosquitto/certificates/tls.crt
+    keyfile /mosquitto/certificates/tls.key
+    require_certificate false
+
+    listener 9002
+    protocol websockets
+    cafile /mosquitto/config/ca.crt
+    certfile /mosquitto/certificates/tls.crt
+    keyfile /mosquitto/certificates/tls.key
+
+    # Security
+    password_file /mosquitto/config/mosquitto.passwd
+    acl_file /mosquitto/config/mosquitto.acl
+  mosquitto.passwd: |
+    tobru:$6$J8h/CHCqJgNR6O3I$jhvpbYRQkS59NUHCWcTl4Bno0dBOHmGyI9wjMObvMXCabt//ksWN33AkYOeZc+afMbHlBftX2NfIxuclzLNXMg==
+    ot-recorder:$6$naz4hsdtrfSyQa4P$IJnC8S6B4nDHxFLS2xFKkHzEL6UQg6iS3Y9mduzrY26LrA5JuXjMLer7dRmAT39yRyo6jEW4y01vBoVSxacFdQ==
+  ca.crt: |
+    -----BEGIN CERTIFICATE-----
+    MIIEkjCCA3qgAwIBAgIQCgFBQgAAAVOFc2oLheynCDANBgkqhkiG9w0BAQsFADA/
+    MSQwIgYDVQQKExtEaWdpdGFsIFNpZ25hdHVyZSBUcnVzdCBDby4xFzAVBgNVBAMT
+    DkRTVCBSb290IENBIFgzMB4XDTE2MDMxNzE2NDA0NloXDTIxMDMxNzE2NDA0Nlow
+    SjELMAkGA1UEBhMCVVMxFjAUBgNVBAoTDUxldCdzIEVuY3J5cHQxIzAhBgNVBAMT
+    GkxldCdzIEVuY3J5cHQgQXV0aG9yaXR5IFgzMIIBIjANBgkqhkiG9w0BAQEFAAOC
+    AQ8AMIIBCgKCAQEAnNMM8FrlLke3cl03g7NoYzDq1zUmGSXhvb418XCSL7e4S0EF
+    q6meNQhY7LEqxGiHC6PjdeTm86dicbp5gWAf15Gan/PQeGdxyGkOlZHP/uaZ6WA8
+    SMx+yk13EiSdRxta67nsHjcAHJyse6cF6s5K671B5TaYucv9bTyWaN8jKkKQDIZ0
+    Z8h/pZq4UmEUEz9l6YKHy9v6Dlb2honzhT+Xhq+w3Brvaw2VFn3EK6BlspkENnWA
+    a6xK8xuQSXgvopZPKiAlKQTGdMDQMc2PMTiVFrqoM7hD8bEfwzB/onkxEz0tNvjj
+    /PIzark5McWvxI0NHWQWM6r6hCm21AvA2H3DkwIDAQABo4IBfTCCAXkwEgYDVR0T
+    AQH/BAgwBgEB/wIBADAOBgNVHQ8BAf8EBAMCAYYwfwYIKwYBBQUHAQEEczBxMDIG
+    CCsGAQUFBzABhiZodHRwOi8vaXNyZy50cnVzdGlkLm9jc3AuaWRlbnRydXN0LmNv
+    bTA7BggrBgEFBQcwAoYvaHR0cDovL2FwcHMuaWRlbnRydXN0LmNvbS9yb290cy9k
+    c3Ryb290Y2F4My5wN2MwHwYDVR0jBBgwFoAUxKexpHsscfrb4UuQdf/EFWCFiRAw
+    VAYDVR0gBE0wSzAIBgZngQwBAgEwPwYLKwYBBAGC3xMBAQEwMDAuBggrBgEFBQcC
+    ARYiaHR0cDovL2Nwcy5yb290LXgxLmxldHNlbmNyeXB0Lm9yZzA8BgNVHR8ENTAz
+    MDGgL6AthitodHRwOi8vY3JsLmlkZW50cnVzdC5jb20vRFNUUk9PVENBWDNDUkwu
+    Y3JsMB0GA1UdDgQWBBSoSmpjBH3duubRObemRWXv86jsoTANBgkqhkiG9w0BAQsF
+    AAOCAQEA3TPXEfNjWDjdGBX7CVW+dla5cEilaUcne8IkCJLxWh9KEik3JHRRHGJo
+    uM2VcGfl96S8TihRzZvoroed6ti6WqEBmtzw3Wodatg+VyOeph4EYpr/1wXKtx8/
+    wApIvJSwtmVi4MFU5aMqrSDE6ea73Mj2tcMyo5jMd6jmeWUHK8so/joWUoHOUgwu
+    X4Po1QYz+3dszkDqMp4fklxBwXRsW10KXzPMTZ+sOPAveyxindmjkW8lGy+QsRlG
+    PfZ+G6Z6h7mjem0Y+iWlkYcV4PIWL1iwBi8saCbGS5jN2p8M+X+Q7UNKEkROb3N6
+    KOqkqm57TH2H3eDJAkSnh6/DNFu0Qg==
+    -----END CERTIFICATE-----
+---
+apiVersion: cert-manager.io/v1alpha2
+kind: Certificate
+metadata:
+  name: mosquitto-tls
+  namespace: mosquitto
+spec:
+  dnsNames:
+  - mqtt.tbrnt.ch
+  issuerRef:
+    kind: ClusterIssuer
+    name: letsencrypt-prod
+  secretName: mosquitto-tls