netmaker/k8s/server/mosquitto.yaml

---
apiVersion: apps/v1
kind: Deployment
metadata:
  name: mosquitto
spec:
  progressDeadlineSeconds: 600
  replicas: 1
  selector:
    matchLabels:
      app.kubernetes.io/instance: mosquitto
      app.kubernetes.io/name: mosquitto
  strategy:
    type: Recreate
  template:
    metadata:
      labels:
        app.kubernetes.io/instance: mosquitto
        app.kubernetes.io/name: mosquitto
    spec:
      affinity:
        nodeAffinity:
          requiredDuringSchedulingIgnoredDuringExecution:
            nodeSelectorTerms:
            - matchExpressions:
              - key: mqhost
                operator: In
                values:
                - "true"
      containers:
      - image: eclipse-mosquitto:2.0.11-openssl
        imagePullPolicy: IfNotPresent
        livenessProbe:
          failureThreshold: 3
          periodSeconds: 10
          successThreshold: 1
          tcpSocket:
            port: 8883
          timeoutSeconds: 1
        name: mosquitto
        ports:
        - containerPort: 1883        
          name: mqtt
          protocol: TCP
        - containerPort: 8883        
          name: mqtt2
          protocol: TCP
        readinessProbe:
          failureThreshold: 3
          periodSeconds: 10
          successThreshold: 1
          tcpSocket:
            port: 8883
          timeoutSeconds: 1
        resources: {}
        startupProbe:
          failureThreshold: 30
          periodSeconds: 5
          successThreshold: 1
          tcpSocket:
            port: 8883
          timeoutSeconds: 1
        terminationMessagePath: /dev/termination-log
        terminationMessagePolicy: File
        volumeMounts:
        - mountPath: /mosquitto/config/mosquitto.conf
          name: mosquitto-config
          subPath: mosquitto.conf
        - mountPath: /mosquitto/certs
          name: shared-certs
      dnsPolicy: ClusterFirst
      restartPolicy: Always
      terminationGracePeriodSeconds: 30
      volumes:
      - configMap:
          name: mosquitto-config
        name: mosquitto-config
      - name: shared-certs
        persistentVolumeClaim:
          claimName: shared-certs-pvc
---
apiVersion: v1
kind: Service
metadata:
  name: mq
  namespace: netmaker
spec:
  ports:
  - name: mqtt
    port: 1883
    protocol: TCP
    targetPort: mqtt
  - name: mqtt2
    port: 8883
    protocol: TCP
    targetPort: mqtt2    
  selector:
    app.kubernetes.io/instance: mosquitto
    app.kubernetes.io/name: mosquitto
  sessionAffinity: None
---
apiVersion: v1
data:
  mosquitto.conf: |
    per_listener_settings false
    listener 8883
    protocol websockets
    allow_anonymous false
    listener 1883
    protocol websockets
    allow_anonymous false
    plugin /usr/lib/mosquitto_dynamic_security.so
    plugin_opt_config_file /mosquitto/data/dynamic-security.json    
kind: ConfigMap
metadata:
  labels:
    app.kubernetes.io/instance: mosquitto
    app.kubernetes.io/name: mosquitto
  name: mosquitto-config
  namespace: netmaker
---
kind: PersistentVolumeClaim
apiVersion: v1
metadata:
  name: shared-certs-pvc
spec:
  storageClassName: RWX_STORAGE_CLASS
  accessModes:
    - ReadWriteMany
  resources:
    requests:
      storage: 100Mi
---
apiVersion: v1
kind: Service
metadata:
  labels:
  name: 'netmaker-mqtt'
spec:
  externalTrafficPolicy: Cluster
  type: NodePort
  selector:
    app.kubernetes.io/instance: mosquitto
    app.kubernetes.io/name: mosquitto
  ports:
  - port: 31883
    nodePort: 31883
    protocol: TCP
    targetPort: 8883
    name: nm-mqtt
# ---
# apiVersion: networking.k8s.io/v1
# kind: Ingress
# metadata:
#   name: nm-mqtt-ingress-nginx
#   annotations:
#     nginx.ingress.kubernetes.io/rewrite-target: /
#     cert-manager.io/cluster-issuer: "letsencrypt-nginx"
#     nginx.ingress.kubernetes.io/ssl-redirect: 'true'
# spec:
#   ingressClassName: nginx
#   tls:
#   - hosts:
#     - broker.NETMAKER_SUBDOMAIN
#     secretName: nm-mqtt-tls
#   rules:
#   - host: broker.NETMAKER_SUBDOMAIN
#     http:
#       paths:
#       - path: /
#         pathType: Prefix
#         backend:
#           service:
#             name: netmaker-mqtt
#             port:
#               number: 8883