--- apiVersion: apps/v1 kind: Deployment metadata: name: mosquitto spec: progressDeadlineSeconds: 600 replicas: 1 selector: matchLabels: app.kubernetes.io/instance: mosquitto app.kubernetes.io/name: mosquitto strategy: type: Recreate template: metadata: labels: app.kubernetes.io/instance: mosquitto app.kubernetes.io/name: mosquitto spec: affinity: nodeAffinity: requiredDuringSchedulingIgnoredDuringExecution: nodeSelectorTerms: - matchExpressions: - key: mqhost operator: In values: - "true" containers: - image: eclipse-mosquitto:2.0.11-openssl imagePullPolicy: IfNotPresent livenessProbe: failureThreshold: 3 periodSeconds: 10 successThreshold: 1 tcpSocket: port: 8883 timeoutSeconds: 1 name: mosquitto ports: - containerPort: 1883 name: mqtt protocol: TCP - containerPort: 8883 name: mqtt2 protocol: TCP readinessProbe: failureThreshold: 3 periodSeconds: 10 successThreshold: 1 tcpSocket: port: 8883 timeoutSeconds: 1 resources: {} startupProbe: failureThreshold: 30 periodSeconds: 5 successThreshold: 1 tcpSocket: port: 8883 timeoutSeconds: 1 terminationMessagePath: /dev/termination-log terminationMessagePolicy: File volumeMounts: - mountPath: /mosquitto/config/mosquitto.conf name: mosquitto-config subPath: mosquitto.conf - mountPath: /mosquitto/certs name: shared-certs dnsPolicy: ClusterFirst restartPolicy: Always terminationGracePeriodSeconds: 30 volumes: - configMap: name: mosquitto-config name: mosquitto-config - name: shared-certs persistentVolumeClaim: claimName: shared-certs-pvc --- apiVersion: v1 kind: Service metadata: name: mq namespace: netmaker spec: ports: - name: mqtt port: 1883 protocol: TCP targetPort: mqtt - name: mqtt2 port: 8883 protocol: TCP targetPort: mqtt2 selector: app.kubernetes.io/instance: mosquitto app.kubernetes.io/name: mosquitto sessionAffinity: None --- apiVersion: v1 data: mosquitto.conf: | per_listener_settings false listener 8883 protocol websockets allow_anonymous false listener 1883 protocol websockets allow_anonymous false plugin /usr/lib/mosquitto_dynamic_security.so plugin_opt_config_file /mosquitto/data/dynamic-security.json kind: ConfigMap metadata: labels: app.kubernetes.io/instance: mosquitto app.kubernetes.io/name: mosquitto name: mosquitto-config namespace: netmaker --- kind: PersistentVolumeClaim apiVersion: v1 metadata: name: shared-certs-pvc spec: storageClassName: RWX_STORAGE_CLASS accessModes: - ReadWriteMany resources: requests: storage: 100Mi --- apiVersion: v1 kind: Service metadata: labels: name: 'netmaker-mqtt' spec: externalTrafficPolicy: Cluster type: NodePort selector: app.kubernetes.io/instance: mosquitto app.kubernetes.io/name: mosquitto ports: - port: 31883 nodePort: 31883 protocol: TCP targetPort: 8883 name: nm-mqtt # --- # apiVersion: networking.k8s.io/v1 # kind: Ingress # metadata: # name: nm-mqtt-ingress-nginx # annotations: # nginx.ingress.kubernetes.io/rewrite-target: / # cert-manager.io/cluster-issuer: "letsencrypt-nginx" # nginx.ingress.kubernetes.io/ssl-redirect: 'true' # spec: # ingressClassName: nginx # tls: # - hosts: # - broker.NETMAKER_SUBDOMAIN # secretName: nm-mqtt-tls # rules: # - host: broker.NETMAKER_SUBDOMAIN # http: # paths: # - path: / # pathType: Prefix # backend: # service: # name: netmaker-mqtt # port: # number: 8883