diff --git a/mosquitto/certificate.yaml b/mosquitto/certificate.yaml new file mode 100644 index 0000000..08ff6f5 --- /dev/null +++ b/mosquitto/certificate.yaml @@ -0,0 +1,12 @@ +apiVersion: cert-manager.io/v1alpha2 +kind: Certificate +metadata: + name: mosquitto-tls + namespace: mosquitto +spec: + dnsNames: + - mqtt.tbrnt.ch + issuerRef: + kind: ClusterIssuer + name: letsencrypt-prod + secretName: mosquitto-tls diff --git a/mosquitto/app.yaml b/mosquitto/configmap.yaml similarity index 53% rename from mosquitto/app.yaml rename to mosquitto/configmap.yaml index 2df473d..4b40ebd 100644 --- a/mosquitto/app.yaml +++ b/mosquitto/configmap.yaml @@ -1,108 +1,3 @@ -apiVersion: apps/v1 -kind: Deployment -metadata: - name: mosquitto - namespace: mosquitto - labels: - app: mosquitto - annotations: - secret.reloader.stakater.com/reload: "mosquitto-tls" -spec: - replicas: 1 - selector: - matchLabels: - app: mosquitto - template: - metadata: - labels: - app: mosquitto - spec: - containers: - - name: mosquitto - image: docker.io/eclipse-mosquitto:1.6 - imagePullPolicy: Always - ports: - - containerPort: 1883 - name: mqtt - protocol: TCP - - containerPort: 8883 - name: mqtts - protocol: TCP - - containerPort: 9002 - name: mqttwebsocket - protocol: TCP - volumeMounts: - - mountPath: /mosquitto/config - name: config - - mountPath: /mosquitto/certificates - name: certificates - - mountPath: /mosquitto/acl - name: acl - - mountPath: /mosquitto/passwd - name: passwd - livenessProbe: - failureThreshold: 3 - initialDelaySeconds: 1 - periodSeconds: 10 - successThreshold: 1 - tcpSocket: - port: 9002 - timeoutSeconds: 1 - readinessProbe: - failureThreshold: 3 - initialDelaySeconds: 1 - periodSeconds: 10 - successThreshold: 1 - tcpSocket: - port: 9002 - timeoutSeconds: 1 - volumes: - - name: config - configMap: - name: mosquitto - - name: certificates - secret: - secretName: mosquitto-tls - - name: acl - secret: - secretName: mosquitto-acl - - name: passwd - secret: - secretName: mosquitto-passwd ---- -apiVersion: v1 -kind: Service -metadata: - name: mqtt-tls - namespace: mosquitto - labels: - app: mosquitto -spec: - ports: - - port: 8883 - protocol: TCP - targetPort: mqtts - name: mqtts - selector: - app: mosquitto - type: LoadBalancer ---- -apiVersion: v1 -kind: Service -metadata: - name: mqtt-plain - namespace: mosquitto - labels: - app: mosquitto -spec: - ports: - - port: 1883 - protocol: TCP - targetPort: mqtt - selector: - app: mosquitto - type: ClusterIP ---- apiVersion: v1 kind: ConfigMap metadata: @@ -121,12 +16,12 @@ data: allow_zero_length_clientid true persistent_client_expiration 3m allow_duplicate_messages false - autosave_interval 60 - autosave_on_changes false # Persistence configuration - persistence false - # persistence_location /mosquitto/data/ + persistence true + persistence_location /mosquitto/data/ + autosave_interval 60 + autosave_on_changes false # Logging connection_messages true @@ -187,16 +82,3 @@ data: PfZ+G6Z6h7mjem0Y+iWlkYcV4PIWL1iwBi8saCbGS5jN2p8M+X+Q7UNKEkROb3N6 KOqkqm57TH2H3eDJAkSnh6/DNFu0Qg== -----END CERTIFICATE----- ---- -apiVersion: cert-manager.io/v1alpha2 -kind: Certificate -metadata: - name: mosquitto-tls - namespace: mosquitto -spec: - dnsNames: - - mqtt.tbrnt.ch - issuerRef: - kind: ClusterIssuer - name: letsencrypt-prod - secretName: mosquitto-tls diff --git a/mosquitto/deployment.yaml b/mosquitto/deployment.yaml new file mode 100644 index 0000000..61a733b --- /dev/null +++ b/mosquitto/deployment.yaml @@ -0,0 +1,76 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: mosquitto + namespace: mosquitto + labels: + app: mosquitto + annotations: + secret.reloader.stakater.com/reload: "mosquitto-tls" +spec: + replicas: 1 + selector: + matchLabels: + app: mosquitto + template: + metadata: + labels: + app: mosquitto + spec: + containers: + - name: mosquitto + image: docker.io/eclipse-mosquitto:1.6 + imagePullPolicy: Always + ports: + - containerPort: 1883 + name: mqtt + protocol: TCP + - containerPort: 8883 + name: mqtts + protocol: TCP + - containerPort: 9002 + name: mqttwebsocket + protocol: TCP + volumeMounts: + - mountPath: /mosquitto/config + name: config + - mountPath: /mosquitto/certificates + name: certificates + - mountPath: /mosquitto/acl + name: acl + - mountPath: /mosquitto/passwd + name: passwd + - mountPath: /mosquitto/data + name: data + livenessProbe: + failureThreshold: 3 + initialDelaySeconds: 1 + periodSeconds: 10 + successThreshold: 1 + tcpSocket: + port: 9002 + timeoutSeconds: 1 + readinessProbe: + failureThreshold: 3 + initialDelaySeconds: 1 + periodSeconds: 10 + successThreshold: 1 + tcpSocket: + port: 9002 + timeoutSeconds: 1 + volumes: + - name: data + persistentVolumeClaim: + claimName: mosquitto + - name: config + configMap: + name: mosquitto + - name: certificates + secret: + secretName: mosquitto-tls + - name: acl + secret: + secretName: mosquitto-acl + - name: passwd + secret: + secretName: mosquitto-passwd diff --git a/mosquitto/pvc.yaml b/mosquitto/pvc.yaml new file mode 100644 index 0000000..cda392a --- /dev/null +++ b/mosquitto/pvc.yaml @@ -0,0 +1,11 @@ +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: mosquitto +spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 10Gi + storageClassName: local-path diff --git a/mosquitto/service.yaml b/mosquitto/service.yaml new file mode 100644 index 0000000..622ac5a --- /dev/null +++ b/mosquitto/service.yaml @@ -0,0 +1,32 @@ +apiVersion: v1 +kind: Service +metadata: + name: mqtt-tls + namespace: mosquitto + labels: + app: mosquitto +spec: + ports: + - port: 8883 + protocol: TCP + targetPort: mqtts + name: mqtts + selector: + app: mosquitto + type: LoadBalancer +--- +apiVersion: v1 +kind: Service +metadata: + name: mqtt-plain + namespace: mosquitto + labels: + app: mosquitto +spec: + ports: + - port: 1883 + protocol: TCP + targetPort: mqtt + selector: + app: mosquitto + type: ClusterIP