install mosquitto
This commit is contained in:
parent
de1660a9d9
commit
67a1df682a
21
_apps/mosquitto.yaml
Normal file
21
_apps/mosquitto.yaml
Normal file
|
@ -0,0 +1,21 @@
|
||||||
|
apiVersion: argoproj.io/v1alpha1
|
||||||
|
kind: Application
|
||||||
|
metadata:
|
||||||
|
name: mosquitto
|
||||||
|
namespace: argocd
|
||||||
|
finalizers:
|
||||||
|
- resources-finalizer.argocd.argoproj.io
|
||||||
|
spec:
|
||||||
|
destination:
|
||||||
|
namespace: mosquitto
|
||||||
|
server: https://kubernetes.default.svc
|
||||||
|
project: default
|
||||||
|
source:
|
||||||
|
path: mosquitto
|
||||||
|
repoURL: https://git.tbrnt.ch/tobru/gitops-tbrnt.git
|
||||||
|
targetRevision: HEAD
|
||||||
|
---
|
||||||
|
apiVersion: v1
|
||||||
|
kind: Namespace
|
||||||
|
metadata:
|
||||||
|
name: mosquitto
|
204
mosquitto/app.yaml
Normal file
204
mosquitto/app.yaml
Normal file
|
@ -0,0 +1,204 @@
|
||||||
|
apiVersion: extensions/v1beta1
|
||||||
|
kind: Deployment
|
||||||
|
metadata:
|
||||||
|
name: mosquitto
|
||||||
|
namespace: mosquitto
|
||||||
|
labels:
|
||||||
|
app: mosquitto
|
||||||
|
spec:
|
||||||
|
replicas: 1
|
||||||
|
template:
|
||||||
|
metadata:
|
||||||
|
labels:
|
||||||
|
app: mosquitto
|
||||||
|
spec:
|
||||||
|
containers:
|
||||||
|
- name: mosquitto
|
||||||
|
image: docker.io/eclipse-mosquitto:1.6
|
||||||
|
imagePullPolicy: Always
|
||||||
|
ports:
|
||||||
|
- containerPort: 1883
|
||||||
|
name: mqtt
|
||||||
|
protocol: TCP
|
||||||
|
- containerPort: 8883
|
||||||
|
name: mqtts
|
||||||
|
protocol: TCP
|
||||||
|
- containerPort: 9002
|
||||||
|
name: mqttwebsocket
|
||||||
|
protocol: TCP
|
||||||
|
volumeMounts:
|
||||||
|
- mountPath: /mosquitto/config
|
||||||
|
name: config
|
||||||
|
- mountPath: /mosquitto/certificates
|
||||||
|
name: certificates
|
||||||
|
livenessProbe:
|
||||||
|
failureThreshold: 3
|
||||||
|
initialDelaySeconds: 1
|
||||||
|
periodSeconds: 10
|
||||||
|
successThreshold: 1
|
||||||
|
tcpSocket:
|
||||||
|
port: 9002
|
||||||
|
timeoutSeconds: 1
|
||||||
|
readinessProbe:
|
||||||
|
failureThreshold: 3
|
||||||
|
initialDelaySeconds: 1
|
||||||
|
periodSeconds: 10
|
||||||
|
successThreshold: 1
|
||||||
|
tcpSocket:
|
||||||
|
port: 9002
|
||||||
|
timeoutSeconds: 1
|
||||||
|
volumes:
|
||||||
|
- name: config
|
||||||
|
configMap:
|
||||||
|
name: mosquitto
|
||||||
|
- name: certificates
|
||||||
|
secret:
|
||||||
|
secretName: mosquitto-tls
|
||||||
|
---
|
||||||
|
apiVersion: v1
|
||||||
|
kind: Service
|
||||||
|
metadata:
|
||||||
|
name: mqtt-tls
|
||||||
|
namespace: mosquitto
|
||||||
|
labels:
|
||||||
|
app: mosquitto
|
||||||
|
spec:
|
||||||
|
ports:
|
||||||
|
- port: 8883
|
||||||
|
protocol: TCP
|
||||||
|
targetPort: mqtts
|
||||||
|
name: mqtts
|
||||||
|
selector:
|
||||||
|
app: mosquitto
|
||||||
|
type: LoadBalancer
|
||||||
|
---
|
||||||
|
apiVersion: v1
|
||||||
|
kind: Service
|
||||||
|
metadata:
|
||||||
|
name: mqtt-plain
|
||||||
|
namespace: mosquitto
|
||||||
|
labels:
|
||||||
|
app: mosquitto
|
||||||
|
spec:
|
||||||
|
ports:
|
||||||
|
- port: 1883
|
||||||
|
protocol: TCP
|
||||||
|
targetPort: mqtt
|
||||||
|
selector:
|
||||||
|
app: mosquitto
|
||||||
|
type: ClusterIP
|
||||||
|
---
|
||||||
|
apiVersion: v1
|
||||||
|
kind: ConfigMap
|
||||||
|
metadata:
|
||||||
|
name: mosquitto
|
||||||
|
namespace: mosquitto
|
||||||
|
data:
|
||||||
|
mosquitto.acl: |
|
||||||
|
# This affects access control for clients with no username.
|
||||||
|
topic read $SYS/#
|
||||||
|
|
||||||
|
# This only affects clients with username "tobru".
|
||||||
|
user tobru
|
||||||
|
topic /#
|
||||||
|
topic owntracks/#
|
||||||
|
|
||||||
|
user ot-recorder
|
||||||
|
topic owntracks/#
|
||||||
|
|
||||||
|
# This affects all clients.
|
||||||
|
pattern write $SYS/broker/connection/%c/state
|
||||||
|
mosquitto.conf: |
|
||||||
|
# Config file for mosquitto
|
||||||
|
user mosquitto
|
||||||
|
|
||||||
|
sys_interval 10
|
||||||
|
max_inflight_messages 40
|
||||||
|
max_queued_messages 200
|
||||||
|
queue_qos0_messages false
|
||||||
|
message_size_limit 0
|
||||||
|
allow_zero_length_clientid true
|
||||||
|
persistent_client_expiration 3m
|
||||||
|
allow_duplicate_messages false
|
||||||
|
autosave_interval 60
|
||||||
|
autosave_on_changes false
|
||||||
|
|
||||||
|
# Persistence configuration
|
||||||
|
persistence false
|
||||||
|
# persistence_location /mosquitto/data/
|
||||||
|
|
||||||
|
# Logging
|
||||||
|
connection_messages true
|
||||||
|
log_dest stderr
|
||||||
|
log_dest stdout
|
||||||
|
log_type error
|
||||||
|
log_type warning
|
||||||
|
log_type notice
|
||||||
|
log_type information
|
||||||
|
log_type subscribe
|
||||||
|
#log_type all
|
||||||
|
#log_type debug
|
||||||
|
log_timestamp true
|
||||||
|
|
||||||
|
# Listeners
|
||||||
|
listener 1883
|
||||||
|
|
||||||
|
listener 8883
|
||||||
|
cafile /mosquitto/config/ca.crt
|
||||||
|
certfile /mosquitto/certificates/tls.crt
|
||||||
|
keyfile /mosquitto/certificates/tls.key
|
||||||
|
require_certificate false
|
||||||
|
|
||||||
|
listener 9002
|
||||||
|
protocol websockets
|
||||||
|
cafile /mosquitto/config/ca.crt
|
||||||
|
certfile /mosquitto/certificates/tls.crt
|
||||||
|
keyfile /mosquitto/certificates/tls.key
|
||||||
|
|
||||||
|
# Security
|
||||||
|
password_file /mosquitto/config/mosquitto.passwd
|
||||||
|
acl_file /mosquitto/config/mosquitto.acl
|
||||||
|
mosquitto.passwd: |
|
||||||
|
tobru:$6$J8h/CHCqJgNR6O3I$jhvpbYRQkS59NUHCWcTl4Bno0dBOHmGyI9wjMObvMXCabt//ksWN33AkYOeZc+afMbHlBftX2NfIxuclzLNXMg==
|
||||||
|
ot-recorder:$6$naz4hsdtrfSyQa4P$IJnC8S6B4nDHxFLS2xFKkHzEL6UQg6iS3Y9mduzrY26LrA5JuXjMLer7dRmAT39yRyo6jEW4y01vBoVSxacFdQ==
|
||||||
|
ca.crt: |
|
||||||
|
-----BEGIN CERTIFICATE-----
|
||||||
|
MIIEkjCCA3qgAwIBAgIQCgFBQgAAAVOFc2oLheynCDANBgkqhkiG9w0BAQsFADA/
|
||||||
|
MSQwIgYDVQQKExtEaWdpdGFsIFNpZ25hdHVyZSBUcnVzdCBDby4xFzAVBgNVBAMT
|
||||||
|
DkRTVCBSb290IENBIFgzMB4XDTE2MDMxNzE2NDA0NloXDTIxMDMxNzE2NDA0Nlow
|
||||||
|
SjELMAkGA1UEBhMCVVMxFjAUBgNVBAoTDUxldCdzIEVuY3J5cHQxIzAhBgNVBAMT
|
||||||
|
GkxldCdzIEVuY3J5cHQgQXV0aG9yaXR5IFgzMIIBIjANBgkqhkiG9w0BAQEFAAOC
|
||||||
|
AQ8AMIIBCgKCAQEAnNMM8FrlLke3cl03g7NoYzDq1zUmGSXhvb418XCSL7e4S0EF
|
||||||
|
q6meNQhY7LEqxGiHC6PjdeTm86dicbp5gWAf15Gan/PQeGdxyGkOlZHP/uaZ6WA8
|
||||||
|
SMx+yk13EiSdRxta67nsHjcAHJyse6cF6s5K671B5TaYucv9bTyWaN8jKkKQDIZ0
|
||||||
|
Z8h/pZq4UmEUEz9l6YKHy9v6Dlb2honzhT+Xhq+w3Brvaw2VFn3EK6BlspkENnWA
|
||||||
|
a6xK8xuQSXgvopZPKiAlKQTGdMDQMc2PMTiVFrqoM7hD8bEfwzB/onkxEz0tNvjj
|
||||||
|
/PIzark5McWvxI0NHWQWM6r6hCm21AvA2H3DkwIDAQABo4IBfTCCAXkwEgYDVR0T
|
||||||
|
AQH/BAgwBgEB/wIBADAOBgNVHQ8BAf8EBAMCAYYwfwYIKwYBBQUHAQEEczBxMDIG
|
||||||
|
CCsGAQUFBzABhiZodHRwOi8vaXNyZy50cnVzdGlkLm9jc3AuaWRlbnRydXN0LmNv
|
||||||
|
bTA7BggrBgEFBQcwAoYvaHR0cDovL2FwcHMuaWRlbnRydXN0LmNvbS9yb290cy9k
|
||||||
|
c3Ryb290Y2F4My5wN2MwHwYDVR0jBBgwFoAUxKexpHsscfrb4UuQdf/EFWCFiRAw
|
||||||
|
VAYDVR0gBE0wSzAIBgZngQwBAgEwPwYLKwYBBAGC3xMBAQEwMDAuBggrBgEFBQcC
|
||||||
|
ARYiaHR0cDovL2Nwcy5yb290LXgxLmxldHNlbmNyeXB0Lm9yZzA8BgNVHR8ENTAz
|
||||||
|
MDGgL6AthitodHRwOi8vY3JsLmlkZW50cnVzdC5jb20vRFNUUk9PVENBWDNDUkwu
|
||||||
|
Y3JsMB0GA1UdDgQWBBSoSmpjBH3duubRObemRWXv86jsoTANBgkqhkiG9w0BAQsF
|
||||||
|
AAOCAQEA3TPXEfNjWDjdGBX7CVW+dla5cEilaUcne8IkCJLxWh9KEik3JHRRHGJo
|
||||||
|
uM2VcGfl96S8TihRzZvoroed6ti6WqEBmtzw3Wodatg+VyOeph4EYpr/1wXKtx8/
|
||||||
|
wApIvJSwtmVi4MFU5aMqrSDE6ea73Mj2tcMyo5jMd6jmeWUHK8so/joWUoHOUgwu
|
||||||
|
X4Po1QYz+3dszkDqMp4fklxBwXRsW10KXzPMTZ+sOPAveyxindmjkW8lGy+QsRlG
|
||||||
|
PfZ+G6Z6h7mjem0Y+iWlkYcV4PIWL1iwBi8saCbGS5jN2p8M+X+Q7UNKEkROb3N6
|
||||||
|
KOqkqm57TH2H3eDJAkSnh6/DNFu0Qg==
|
||||||
|
-----END CERTIFICATE-----
|
||||||
|
---
|
||||||
|
apiVersion: cert-manager.io/v1alpha2
|
||||||
|
kind: Certificate
|
||||||
|
metadata:
|
||||||
|
name: mosquitto-tls
|
||||||
|
namespace: mosquitto
|
||||||
|
spec:
|
||||||
|
dnsNames:
|
||||||
|
- mqtt.tbrnt.ch
|
||||||
|
issuerRef:
|
||||||
|
kind: ClusterIssuer
|
||||||
|
name: letsencrypt-prod
|
||||||
|
secretName: mosquitto-tls
|
Reference in a new issue