deployments/mosquitto-broker
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

changes

Browse Source
This commit is contained in:
Wolfgang Hottgenroth
2026-01-29 13:07:34 +01:00
parent 41e50add87
commit e3a3e41f61
4 changed files with 14 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
certificate.yml
View File

@@ -21,7 +21,7 @@ spec:
- broker2.hottis.de - broker2.hottis.de
- broker.cem-berresheim.ib-hottgenroth.de - broker.cem-berresheim.ib-hottgenroth.de
issuerRef: issuerRef:
name: letsencrypt-staging-http name: letsencrypt-production-http
kind: ClusterIssuer kind: ClusterIssuer
group: cert-manager.io group: cert-manager.io

4
deploy.yml
View File

@@ -17,7 +17,7 @@ spec:
spec: spec:
containers: containers:
- name: mosquitto-broker - name: mosquitto-broker
image: eclipse-mosquitto:2.0.22 image: eclipse-mosquitto:2.0.22-openssl
ports: ports:
- name: mqtt - name: mqtt
containerPort: 1883 containerPort: 1883
@@ -52,6 +52,8 @@ spec:
path: mosquitto.conf path: mosquitto.conf
- key: pwfile - key: pwfile
path: pwfile path: pwfile
- key: dhparam.pem
path: dhparam.pem
- name: mosquitto-broker-cert - name: mosquitto-broker-cert
secret: secret:
secretName: mosquitto-broker-cert secretName: mosquitto-broker-cert

2
mosquitto.conf
View File

@@ -18,8 +18,10 @@ password_file /mosquitto/config/pwfile
listener 8883 listener 8883
protocol mqtt protocol mqtt
tls_version tlsv1.2
allow_anonymous false allow_anonymous false
password_file /mosquitto/config/pwfile password_file /mosquitto/config/pwfile
certfile /mosquitto/config/ssl/server.crt certfile /mosquitto/config/ssl/server.crt
keyfile /mosquitto/config/ssl/server.key keyfile /mosquitto/config/ssl/server.key
dhparamfile /mosquitto/config/dhparam.pem

8
update-config.sh
View File

@@ -6,9 +6,17 @@ NAMESPACE=mosquitto
SECRETS_PLAINTEXT=$(mktemp) SECRETS_PLAINTEXT=$(mktemp)
gpg --pinentry-mode=loopback --decrypt --output $SECRETS_PLAINTEXT secrets.asc gpg --pinentry-mode=loopback --decrypt --output $SECRETS_PLAINTEXT secrets.asc
DHPARAM=$(mktemp)
openssl dhparam -out $DHPARAM 2048
kubectl create configmap mosquitto-broker-config \ kubectl create configmap mosquitto-broker-config \
--from-file=mosquitto.conf=mosquitto.conf \ --from-file=mosquitto.conf=mosquitto.conf \
--from-file=pwfile=$SECRETS_PLAINTEXT \ --from-file=pwfile=$SECRETS_PLAINTEXT \
--from-file=dhparam.pem=$DHPARAM \
--namespace=$NAMESPACE \ --namespace=$NAMESPACE \
--dry-run=client -o yaml | kubectl apply -f - -n $NAMESPACE --dry-run=client -o yaml | kubectl apply -f - -n $NAMESPACE
rm $SECRETS_PLAINTEXT
rm $DHPARAM