-
Notifications
You must be signed in to change notification settings - Fork 1
/
mqtt-broker-k8s.yaml
135 lines (120 loc) · 2.32 KB
/
mqtt-broker-k8s.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
apiVersion: apps/v1
kind: Deployment
metadata:
name: mqtt-broker
labels:
name: mqtt-broker
app: eclipse-mosquitto
spec:
replicas: 1
selector:
matchLabels:
app: eclipse-mosquitto
name: mqtt-broker
template:
metadata:
labels:
app: eclipse-mosquitto
name: mqtt-broker
spec:
containers:
- name: mqtt-broker-container
image: eclipse-mosquitto:latest
ports:
- containerPort: 8883
- containerPort: 1883
volumeMounts:
- mountPath: /mosquitto/config
name: mqtt-volume
- mountPath: /certs
name: cert-volume
#readOnly: true
- mountPath: /certs/client-ca
name: client-ca-volume
volumes:
- name: mqtt-volume
configMap:
name: mqtt-config
- name: cert-volume
secret:
secretName: cert-secrets
- name: client-ca-volume
secret:
secretName: client-ca-secrets
---
apiVersion: v1
kind: ConfigMap
metadata:
name: mqtt-config
data:
mosquitto.conf: |-
# General
allow_anonymous false
per_listener_settings false
# Certificates
listener 8883
cafile /certs/ca.cert.pem
certfile /certs/server.cert.pem
keyfile /certs/server.key.pem
#capath /certs/client-ca
#require_certificate true
#use_identity_as_username true
# Authentication
password_file /certs/pw.txt
listener 1883
# Logging
connection_messages true
log_timestamp true
---
apiVersion: v1
kind: Secret
metadata:
name: cert-secrets
type: opaque
data:
ca.cert.pem: |-
server.cert.pem : |-
server.key.pem: |-
pw.txt: |-
---
apiVersion: v1
kind: Secret
metadata:
name: client-ca-secrets
type: opaque
data:
client-ca.cert.pem: |-
---
apiVersion: route.openshift.io/v1
kind: Route
metadata:
name: mqtt-route
spec:
host: ""
port:
port: 8883
targetPort: 8883
to:
kind: Service
name: mqtt-service
selector:
app: eclipse-mosquitto
tls:
termination: passthrough
status:
ingress: []
---
apiVersion: v1
kind: Service
metadata:
name: mqtt-service
spec:
selector:
app: eclipse-mosquitto
ports:
- name: tls
port: 8883
targetPort: 8883
- name: non-tls
port: 1883
targetPort: 1883