changes
This commit is contained in:
@@ -21,7 +21,7 @@ spec:
|
||||
- broker2.hottis.de
|
||||
- broker.cem-berresheim.ib-hottgenroth.de
|
||||
issuerRef:
|
||||
name: letsencrypt-staging-http
|
||||
name: letsencrypt-production-http
|
||||
kind: ClusterIssuer
|
||||
group: cert-manager.io
|
||||
|
||||
|
||||
@@ -17,7 +17,7 @@ spec:
|
||||
spec:
|
||||
containers:
|
||||
- name: mosquitto-broker
|
||||
image: eclipse-mosquitto:2.0.22
|
||||
image: eclipse-mosquitto:2.0.22-openssl
|
||||
ports:
|
||||
- name: mqtt
|
||||
containerPort: 1883
|
||||
@@ -52,6 +52,8 @@ spec:
|
||||
path: mosquitto.conf
|
||||
- key: pwfile
|
||||
path: pwfile
|
||||
- key: dhparam.pem
|
||||
path: dhparam.pem
|
||||
- name: mosquitto-broker-cert
|
||||
secret:
|
||||
secretName: mosquitto-broker-cert
|
||||
|
||||
@@ -18,8 +18,10 @@ password_file /mosquitto/config/pwfile
|
||||
|
||||
listener 8883
|
||||
protocol mqtt
|
||||
tls_version tlsv1.2
|
||||
allow_anonymous false
|
||||
password_file /mosquitto/config/pwfile
|
||||
certfile /mosquitto/config/ssl/server.crt
|
||||
keyfile /mosquitto/config/ssl/server.key
|
||||
dhparamfile /mosquitto/config/dhparam.pem
|
||||
|
||||
|
||||
@@ -6,9 +6,17 @@ NAMESPACE=mosquitto
|
||||
|
||||
SECRETS_PLAINTEXT=$(mktemp)
|
||||
gpg --pinentry-mode=loopback --decrypt --output $SECRETS_PLAINTEXT secrets.asc
|
||||
|
||||
DHPARAM=$(mktemp)
|
||||
openssl dhparam -out $DHPARAM 2048
|
||||
|
||||
kubectl create configmap mosquitto-broker-config \
|
||||
--from-file=mosquitto.conf=mosquitto.conf \
|
||||
--from-file=pwfile=$SECRETS_PLAINTEXT \
|
||||
--from-file=dhparam.pem=$DHPARAM \
|
||||
--namespace=$NAMESPACE \
|
||||
--dry-run=client -o yaml | kubectl apply -f - -n $NAMESPACE
|
||||
|
||||
rm $SECRETS_PLAINTEXT
|
||||
rm $DHPARAM
|
||||
|
||||
|
||||
Reference in New Issue
Block a user