From 14c7ad04fc6c9aaac8b3bcabbf584043a9201500 Mon Sep 17 00:00:00 2001 From: Wolfgang Hottgenroth Date: Thu, 29 Jan 2026 10:38:43 +0100 Subject: [PATCH] initial --- certificate.yml | 27 ++++++++++++ deploy.sh | 31 ++++++++++++++ deploy.yml | 111 ++++++++++++++++++++++++++++++++++++++++++++++++ mosquitto.conf | 25 +++++++++++ pwfile | 0 5 files changed, 194 insertions(+) create mode 100644 certificate.yml create mode 100755 deploy.sh create mode 100644 deploy.yml create mode 100644 mosquitto.conf create mode 100644 pwfile diff --git a/certificate.yml b/certificate.yml new file mode 100644 index 0000000..0bfb741 --- /dev/null +++ b/certificate.yml @@ -0,0 +1,27 @@ +apiVersion: cert-manager.io/v1 +kind: Certificate +metadata: + name: mosquitto-broker-cert +spec: + secretName: mosquitto-broker-cert + duration: 2160h + renewBefore: 360h + subject: + organizations: + - hottis-de + isCA: false + privateKey: + algorithm: RSA + encoding: PKCS1 + size: 2048 + usages: + - server auth + dnsNames: + - broker.hottis.de + - broker2.hottis.de + - broker.cem-berresheim.ib-hottgenroth.de + issuerRef: + name: letsencrypt-staging-http + kind: ClusterIssuer + group: cert-manager.io + diff --git a/deploy.sh b/deploy.sh new file mode 100755 index 0000000..d12b167 --- /dev/null +++ b/deploy.sh @@ -0,0 +1,31 @@ +#!/bin/bash + +NAMESPACE=mosquitto + +kubectl create namespace $NAMESPACE \ + --dry-run=client \ + -o yaml | \ + kubectl -f - apply + +echo "Applying certificate ..." +kubectl apply -f $DEPLOYMENT_DIR/certificate.yml -n $NAMESPACE + +echo "Applyiny configuration ..." +kubectl create configmap mosquitto-broker-config + --from-file=mosquitto.conf=mosquitto.conf + --from-file=pwfile=pwfile + --namespace=$NAMESPACE + --dry-run=client -o yaml | kubectl apply -f - -n $NAMESPACE + +echo "Waiting for certificate secret to be created..." +kubectl wait --for=condition=Ready certificate/mosquitto-broker-cert -n $NAMESPACE --timeout=300s + +if [ $? -ne 0 ]; then + echo "Certificate secret creation failed or timed out" + exit 1 +fi + +echo "Certificate ready, applying deployment ..." + +kubectl apply -f deploy.yml -n $NAMESPACE + diff --git a/deploy.yml b/deploy.yml new file mode 100644 index 0000000..8b09577 --- /dev/null +++ b/deploy.yml @@ -0,0 +1,111 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: mosquitto-broker + annotations: + configmap.reloader.stakater.com/reload: "mosquitto-broker-config" + secret.reloader.stakater.com/reload: "mosquitto-broker-cert" +spec: + replicas: 1 + selector: + matchLabels: + app: mosquitto-broker + template: + metadata: + labels: + app: mosquitto-broker + spec: + containers: + - name: mosquitto-broker + image: eclipse-mosquitto:2.0.22 + ports: + - name: mqtt + containerPort: 1883 + protocol: TCP + - name: mqtt-anon + containerPort: 1884 + protocol: TCP + - name: mqtt-tls + containerPort: 8883 + protocol: TCP + readinessProbe: + tcpSocket: + port: 1883 + initialDelaySeconds: 5 + periodSeconds: 10 + timeoutSeconds: 5 + successThreshold: 1 + failureThreshold: 3 + volumeMounts: + - name: mosquitto-broker-config + mountPath: /mosquitto/config/ + readOnly: true + - name: mosquitto-broker-tls-config + mountPath: /mosquitto/config/ssl + readOnly: true + volumes: + - name: mosquitto-broker-config + configMap: + name: mosquitto-broker-config + items: + - key: mosquitto.conf + path: mosquitto.conf + - key: pwfile + path: pwfile + - name: mosquitto-broker-tls-conf + secret: + secretName: mosquitto-broker-tls-conf + defaultMode: 0644 + items: + - key: tls.crt + path: server.crt + mode: 0644 + - key: tls.key + path: server.key + mode: 0444 +--- +apiVersion: v1 +kind: Service +metadata: + name: mosquitto-broker-mqtt +spec: + type: LoadBalancer + externalTrafficPolicy: Local + selector: + app: mosquitto-broker + ports: + - name: mqtt + port: 1883 + targetPort: 1883 + protocol: TCP +--- +apiVersion: v1 +kind: Service +metadata: + name: mosquitto-broker-mqtt-anon +spec: + type: LoadBalancer + externalTrafficPolicy: Local + selector: + app: mosquitto-broker + ports: + - name: mqtt-anon + port: 1884 + targetPort: 1884 + protocol: TCP +--- +apiVersion: v1 +kind: Service +metadata: + name: mosquitto-broker-mqtt-tls +spec: + type: LoadBalancer + externalTrafficPolicy: Local + selector: + app: mosquitto-broker + ports: + - name: mqtt-tls + port: 8883 + targetPort: 8883 + protocol: TCP + diff --git a/mosquitto.conf b/mosquitto.conf new file mode 100644 index 0000000..c7edb48 --- /dev/null +++ b/mosquitto.conf @@ -0,0 +1,25 @@ +pid_file /mosquitto/config/mosquitto.pid +log_dest stdout +log_type all + +persistence true +persistence_location /mosquitto/data + +per_listener_settings true + +listener 1884 +protocol mqtt +allow_anonymous true + +listener 1883 +protocol mqtt +allow_anonymous false +password_file /mosquitto/config/pwfile + +listener 8883 +protocol mqtt +allow_anonymous false +password_file /mosquitto/config/pwfile +certfile /mosquitto/config/ssl/server.crt +keyfile /mosquitto/config/ssl/server.key + diff --git a/pwfile b/pwfile new file mode 100644 index 0000000..e69de29