--- apiVersion: apps/v1 kind: Deployment metadata: name: mosquitto spec: progressDeadlineSeconds: 600 replicas: 1 selector: matchLabels: app.kubernetes.io/instance: mosquitto app.kubernetes.io/name: mosquitto strategy: type: Recreate template: metadata: labels: app.kubernetes.io/instance: mosquitto app.kubernetes.io/name: mosquitto spec: affinity: nodeAffinity: requiredDuringSchedulingIgnoredDuringExecution: nodeSelectorTerms: - matchExpressions: - key: mqhost operator: In values: - "true" containers: - image: eclipse-mosquitto:2.0.11-openssl imagePullPolicy: IfNotPresent livenessProbe: failureThreshold: 3 periodSeconds: 10 successThreshold: 1 tcpSocket: port: 8883 timeoutSeconds: 1 name: mosquitto ports: - containerPort: 1883 name: mqtt protocol: TCP - containerPort: 8883 name: mqtt2 protocol: TCP readinessProbe: failureThreshold: 3 periodSeconds: 10 successThreshold: 1 tcpSocket: port: 8883 timeoutSeconds: 1 resources: {} startupProbe: failureThreshold: 30 periodSeconds: 5 successThreshold: 1 tcpSocket: port: 8883 timeoutSeconds: 1 terminationMessagePath: /dev/termination-log terminationMessagePolicy: File volumeMounts: - mountPath: /mosquitto/config/mosquitto.conf name: mosquitto-config subPath: mosquitto.conf - mountPath: /mosquitto/certs name: shared-certs dnsPolicy: ClusterFirst restartPolicy: Always terminationGracePeriodSeconds: 30 volumes: - configMap: name: mosquitto-config name: mosquitto-config - name: shared-certs persistentVolumeClaim: claimName: shared-certs-pvc --- apiVersion: v1 kind: Service metadata: name: mq namespace: netmaker spec: ports: - name: mqtt port: 1883 protocol: TCP targetPort: mqtt - name: mqtt2 port: 8883 protocol: TCP targetPort: mqtt2 selector: app.kubernetes.io/instance: mosquitto app.kubernetes.io/name: mosquitto sessionAffinity: None --- apiVersion: v1 data: mosquitto.conf: | per_listener_settings true listener 8883 allow_anonymous false require_certificate true use_identity_as_username true cafile /mosquitto/certs/root.pem certfile /mosquitto/certs/server.pem keyfile /mosquitto/certs/server.key listener 1883 allow_anonymous true kind: ConfigMap metadata: labels: app.kubernetes.io/instance: mosquitto app.kubernetes.io/name: mosquitto name: mosquitto-config namespace: netmaker --- kind: PersistentVolumeClaim apiVersion: v1 metadata: name: shared-certs-pvc spec: storageClassName: RWX_STORAGE_CLASS accessModes: - ReadWriteMany resources: requests: storage: 100Mi --- apiVersion: v1 kind: Service metadata: labels: name: 'netmaker-mqtt' spec: externalTrafficPolicy: Cluster type: NodePort selector: app.kubernetes.io/instance: mosquitto app.kubernetes.io/name: mosquitto ports: - port: 31883 nodePort: 31883 protocol: TCP targetPort: 8883 name: nm-mqtt