diff --git a/charts/mosquitto/.helmignore b/charts/mosquitto/.helmignore new file mode 100644 index 00000000..50af0317 --- /dev/null +++ b/charts/mosquitto/.helmignore @@ -0,0 +1,22 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*~ +# Various IDEs +.project +.idea/ +*.tmproj +.vscode/ diff --git a/charts/mosquitto/Chart.yaml b/charts/mosquitto/Chart.yaml new file mode 100644 index 00000000..ad996731 --- /dev/null +++ b/charts/mosquitto/Chart.yaml @@ -0,0 +1,17 @@ +apiVersion: v1 +appVersion: "1.6.12" +description: Eclipse Mosquitto - An open source MQTT broker +name: mosquitto +version: 0.3.3 +keywords: + - message queue + - MQTT + - mosquitto + - eclipse-iot +home: https://mosquitto.org/ +icon: https://mosquitto.org/images/mosquitto-text-side-28.png +sources: + - https://github.com/eclipse/mosquitto +maintainers: + - name: ishioni + email: helm@movishell.pl diff --git a/charts/mosquitto/README.md b/charts/mosquitto/README.md new file mode 100644 index 00000000..d660ea32 --- /dev/null +++ b/charts/mosquitto/README.md @@ -0,0 +1,46 @@ +# Mosquitto: A small MQTT broker + +This is a helm chart for [mosquitto](https://mosquitto.org/) + +## TL;DR; + +```shell +$ helm repo add k8s-at-home https://k8s-at-home.com/charts/ +$ helm install k8s-at-home/mosquitto +``` + +## Installing the Chart + +To install the chart with the release name `my-release`: + +```console +helm install --name my-release k8s-at-home/mosquitto +``` + +## Uninstalling the Chart + +To uninstall/delete the `my-release` deployment: + +```console +helm delete my-release --purge +``` + +The command removes all the Kubernetes components associated with the chart and deletes the release. + +## Configuration + +Read through the [values.yaml](https://github.com/k8s-at-home/charts/blob/master/charts/mosquitto/values.yaml) file. It has several commented out suggested values. + +Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`. For example, + +```console +helm install --name my-release \ + --set persistence.enabled=true \ + k8s-at-home/mosquitto +``` + +Alternatively, a YAML file that specifies the values for the above parameters can be provided while installing the chart. For example, + +```console +helm install --name my-release -f values.yaml k8s-at-home/mosquitto +``` diff --git a/charts/mosquitto/templates/NOTES.txt b/charts/mosquitto/templates/NOTES.txt new file mode 100644 index 00000000..9de1eef2 --- /dev/null +++ b/charts/mosquitto/templates/NOTES.txt @@ -0,0 +1,38 @@ +** Please be patient while the chart is being deployed ** + +Mosquitto can be accessed within the cluster on port 1883 at {{ template "mosquitto.fullname" . }}.{{ .Release.Namespace }}.svc.cluster.local + +To access for outside the cluster, perform the following steps: + +{{- if contains "NodePort" .Values.service.type }} + +Obtain the NodePort IP and ports: + + export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}") + export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[1].nodePort}" services {{ template "mosquitto.fullname" . }}) + +To Access the Mosquitto MQTT port: + + echo "URL : amqp://$NODE_IP:$NODE_PORT/" + +{{- else if contains "LoadBalancer" .Values.service.type }} + +Obtain the LoadBalancer IP: + +NOTE: It may take a few minutes for the LoadBalancer IP to be available. + Watch the status with: 'kubectl get svc --namespace {{ .Release.Namespace }} -w {{ template "mosquitto.fullname" . }}' + + export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ template "mosquitto.fullname" . }} --template "{{"{{ range (index .status.loadBalancer.ingress 0) }}{{.}}{{ end }}"}}") + +To Access the Moquitto port: + + echo "URL : mqtt://$SERVICE_IP:1883/" + +{{- else if contains "ClusterIP" .Values.service.type }} + +To Access the Mosquitto MQTT port: + + kubectl port-forward --namespace {{ .Release.Namespace }} svc/{{ template "mosquitto.fullname" . }} 1883:1883 + echo "URL : mqtt://127.0.0.1:1883/" + +{{- end }} diff --git a/charts/mosquitto/templates/_helpers.tpl b/charts/mosquitto/templates/_helpers.tpl new file mode 100644 index 00000000..ed25be98 --- /dev/null +++ b/charts/mosquitto/templates/_helpers.tpl @@ -0,0 +1,56 @@ +{{/* vim: set filetype=mustache: */}} +{{/* +Expand the name of the chart. +*/}} +{{- define "mosquitto.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "mosquitto.fullname" -}} +{{- if .Values.fullnameOverride -}} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- $name := default .Chart.Name .Values.nameOverride -}} +{{- if contains $name .Release.Name -}} +{{- .Release.Name | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} +{{- end -}} +{{- end -}} +{{- end -}} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "mosquitto.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Common labels +*/}} +{{- define "mosquitto.labels" -}} +app.kubernetes.io/name: {{ include "mosquitto.name" . }} +helm.sh/chart: {{ include "mosquitto.chart" . }} +app.kubernetes.io/instance: {{ .Release.Name }} +{{- if .Chart.AppVersion }} +app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} +{{- end }} +app.kubernetes.io/managed-by: {{ .Release.Service }} +{{- end -}} + +{{/* +Create the name of the service account to use +*/}} +{{- define "mosquitto.serviceAccountName" -}} +{{- if .Values.serviceAccount.create -}} + {{ default (include "mosquitto.fullname" .) .Values.serviceAccount.name }} +{{- else -}} + {{ default "default" .Values.serviceAccount.name }} +{{- end -}} +{{- end -}} diff --git a/charts/mosquitto/templates/configmap.yaml b/charts/mosquitto/templates/configmap.yaml new file mode 100644 index 00000000..a0d073dc --- /dev/null +++ b/charts/mosquitto/templates/configmap.yaml @@ -0,0 +1,1009 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "mosquitto.fullname" . }} + labels: +{{ include "mosquitto.labels" . | indent 4 }} +data: + mosquitto.conf: | +{{- if not .Values.customConfig }} + # Config file for mosquitto + # + # See mosquitto.conf(5) for more information. + # + # Default values are shown, uncomment to change. + # + # Use the # character to indicate a comment, but only if it is the + # very first character on the line. + + # ================================================================= + # General configuration + # ================================================================= + + # Use per listener security settings. + # + # It is recommended this option be set before any other options. + # + # If this option is set to true, then all authentication and access control + # options are controlled on a per listener basis. The following options are + # affected: + # + # password_file acl_file psk_file auth_plugin auth_opt_* allow_anonymous + # auto_id_prefix allow_zero_length_clientid + # + # Note that if set to true, then a durable client (i.e. with clean session set + # to false) that has disconnected will use the ACL settings defined for the + # listener that it was most recently connected to. + # + # The default behaviour is for this to be set to false, which maintains the + # setting behaviour from previous versions of mosquitto. + #per_listener_settings false + + + # If a client is subscribed to multiple subscriptions that overlap, e.g. foo/# + # and foo/+/baz , then MQTT expects that when the broker receives a message on + # a topic that matches both subscriptions, such as foo/bar/baz, then the client + # should only receive the message once. + # Mosquitto keeps track of which clients a message has been sent to in order to + # meet this requirement. The allow_duplicate_messages option allows this + # behaviour to be disabled, which may be useful if you have a large number of + # clients subscribed to the same set of topics and are very concerned about + # minimising memory usage. + # It can be safely set to true if you know in advance that your clients will + # never have overlapping subscriptions, otherwise your clients must be able to + # correctly deal with duplicate messages even when then have QoS=2. + #allow_duplicate_messages false + + # This option controls whether a client is allowed to connect with a zero + # length client id or not. This option only affects clients using MQTT v3.1.1 + # and later. If set to false, clients connecting with a zero length client id + # are disconnected. If set to true, clients will be allocated a client id by + # the broker. This means it is only useful for clients with clean session set + # to true. + #allow_zero_length_clientid true + + # If allow_zero_length_clientid is true, this option allows you to set a prefix + # to automatically generated client ids to aid visibility in logs. + # Defaults to 'auto-' + #auto_id_prefix auto- + + # This option affects the scenario when a client subscribes to a topic that has + # retained messages. It is possible that the client that published the retained + # message to the topic had access at the time they published, but that access + # has been subsequently removed. If check_retain_source is set to true, the + # default, the source of a retained message will be checked for access rights + # before it is republished. When set to false, no check will be made and the + # retained message will always be published. This affects all listeners. + #check_retain_source true + + # QoS 1 and 2 messages will be allowed inflight per client until this limit + # is exceeded. Defaults to 0. (No maximum) + # See also max_inflight_messages + #max_inflight_bytes 0 + + # The maximum number of QoS 1 and 2 messages currently inflight per + # client. + # This includes messages that are partway through handshakes and + # those that are being retried. Defaults to 20. Set to 0 for no + # maximum. Setting to 1 will guarantee in-order delivery of QoS 1 + # and 2 messages. + #max_inflight_messages 20 + + # For MQTT v5 clients, it is possible to have the server send a "server + # keepalive" value that will override the keepalive value set by the client. + # This is intended to be used as a mechanism to say that the server will + # disconnect the client earlier than it anticipated, and that the client should + # use the new keepalive value. The max_keepalive option allows you to specify + # that clients may only connect with keepalive less than or equal to this + # value, otherwise they will be sent a server keepalive telling them to use + # max_keepalive. This only applies to MQTT v5 clients. The maximum value + # allowable is 65535. Do not set below 10. + #max_keepalive 65535 + + # For MQTT v5 clients, it is possible to have the server send a "maximum packet + # size" value that will instruct the client it will not accept MQTT packets + # with size greater than max_packet_size bytes. This applies to the full MQTT + # packet, not just the payload. Setting this option to a positive value will + # set the maximum packet size to that number of bytes. If a client sends a + # packet which is larger than this value, it will be disconnected. This applies + # to all clients regardless of the protocol version they are using, but v3.1.1 + # and earlier clients will of course not have received the maximum packet size + # information. Defaults to no limit. Setting below 20 bytes is forbidden + # because it is likely to interfere with ordinary client operation, even with + # very small payloads. + #max_packet_size 0 + + # QoS 1 and 2 messages above those currently in-flight will be queued per + # client until this limit is exceeded. Defaults to 0. (No maximum) + # See also max_queued_messages. + # If both max_queued_messages and max_queued_bytes are specified, packets will + # be queued until the first limit is reached. + #max_queued_bytes 0 + + # The maximum number of QoS 1 and 2 messages to hold in a queue per client + # above those that are currently in-flight. Defaults to 100. Set + # to 0 for no maximum (not recommended). + # See also queue_qos0_messages. + # See also max_queued_bytes. + #max_queued_messages 100 + # + # This option sets the maximum number of heap memory bytes that the broker will + # allocate, and hence sets a hard limit on memory use by the broker. Memory + # requests that exceed this value will be denied. The effect will vary + # depending on what has been denied. If an incoming message is being processed, + # then the message will be dropped and the publishing client will be + # disconnected. If an outgoing message is being sent, then the individual + # message will be dropped and the receiving client will be disconnected. + # Defaults to no limit. + #memory_limit 0 + + # This option sets the maximum publish payload size that the broker will allow. + # Received messages that exceed this size will not be accepted by the broker. + # The default value is 0, which means that all valid MQTT messages are + # accepted. MQTT imposes a maximum payload size of 268435455 bytes. + #message_size_limit 0 + + # This option allows persistent clients (those with clean session set to false) + # to be removed if they do not reconnect within a certain time frame. + # + # This is a non-standard option in MQTT V3.1 but allowed in MQTT v3.1.1. + # + # Badly designed clients may set clean session to false whilst using a randomly + # generated client id. This leads to persistent clients that will never + # reconnect. This option allows these clients to be removed. + # + # The expiration period should be an integer followed by one of h d w m y for + # hour, day, week, month and year respectively. For example + # + # persistent_client_expiration 2m + # persistent_client_expiration 14d + # persistent_client_expiration 1y + # + # The default if not set is to never expire persistent clients. + #persistent_client_expiration + + # Write process id to a file. Default is a blank string which means + # a pid file shouldn't be written. + # This should be set to /var/run/mosquitto.pid if mosquitto is + # being run automatically on boot with an init script and + # start-stop-daemon or similar. + #pid_file + + # Set to true to queue messages with QoS 0 when a persistent client is + # disconnected. These messages are included in the limit imposed by + # max_queued_messages and max_queued_bytes + # Defaults to false. + # This is a non-standard option for the MQTT v3.1 spec but is allowed in + # v3.1.1. + #queue_qos0_messages false + + # Set to false to disable retained message support. If a client publishes a + # message with the retain bit set, it will be disconnected if this is set to + # false. + #retain_available true + + # Disable Nagle's algorithm on client sockets. This has the effect of reducing + # latency of individual messages at the potential cost of increasing the number + # of packets being sent. + #set_tcp_nodelay false + + # Time in seconds between updates of the $SYS tree. + # Set to 0 to disable the publishing of the $SYS tree. + #sys_interval 10 + + # The MQTT specification requires that the QoS of a message delivered to a + # subscriber is never upgraded to match the QoS of the subscription. Enabling + # this option changes this behaviour. If upgrade_outgoing_qos is set true, + # messages sent to a subscriber will always match the QoS of its subscription. + # This is a non-standard option explicitly disallowed by the spec. + #upgrade_outgoing_qos false + + # When run as root, drop privileges to this user and its primary + # group. + # Set to root to stay as root, but this is not recommended. + # If run as a non-root user, this setting has no effect. + # Note that on Windows this has no effect and so mosquitto should + # be started by the user you wish it to run as. + #user mosquitto + + # ================================================================= + # Default listener + # ================================================================= + + # IP address/hostname to bind the default listener to. If not + # given, the default listener will not be bound to a specific + # address and so will be accessible to all network interfaces. + # bind_address ip-address/host name + #bind_address + + # Port to use for the default listener. + #port 1883 + + # Bind the listener to a specific interface. This is similar to + # bind_address above but is useful when an interface has multiple addresses or + # the address may change. It is valid to use this with the bind_address option, + # but take care that the interface you are binding to contains the address you + # are binding to, otherwise you will not be able to connect. + # Example: bind_interface eth0 + #bind_interface + + # When a listener is using the websockets protocol, it is possible to serve + # http data as well. Set http_dir to a directory which contains the files you + # wish to serve. If this option is not specified, then no normal http + # connections will be possible. + #http_dir + + # The maximum number of client connections to allow. This is + # a per listener setting. + # Default is -1, which means unlimited connections. + # Note that other process limits mean that unlimited connections + # are not really possible. Typically the default maximum number of + # connections possible is around 1024. + #max_connections -1 + + # Choose the protocol to use when listening. + # This can be either mqtt or websockets. + # Websockets support is currently disabled by default at compile time. + # Certificate based TLS may be used with websockets, except that + # only the cafile, certfile, keyfile and ciphers options are supported. + #protocol mqtt + + # Set use_username_as_clientid to true to replace the clientid that a client + # connected with with its username. This allows authentication to be tied to + # the clientid, which means that it is possible to prevent one client + # disconnecting another by using the same clientid. + # If a client connects with no username it will be disconnected as not + # authorised when this option is set to true. + # Do not use in conjunction with clientid_prefixes. + # See also use_identity_as_username. + #use_username_as_clientid + + # ----------------------------------------------------------------- + # Certificate based SSL/TLS support + # ----------------------------------------------------------------- + # The following options can be used to enable SSL/TLS support for + # this listener. Note that the recommended port for MQTT over TLS + # is 8883, but this must be set manually. + # + # See also the mosquitto-tls man page. + + # At least one of cafile or capath must be defined. They both + # define methods of accessing the PEM encoded Certificate + # Authority certificates that have signed your server certificate + # and that you wish to trust. + # cafile defines the path to a file containing the CA certificates. + # capath defines a directory that will be searched for files + # containing the CA certificates. For capath to work correctly, the + # certificate files must have ".crt" as the file ending and you must run + # "openssl rehash " each time you add/remove a certificate. + #cafile + #capath + + # Path to the PEM encoded server certificate. + #certfile + + # Path to the PEM encoded keyfile. + #keyfile + + + # If you have require_certificate set to true, you can create a certificate + # revocation list file to revoke access to particular client certificates. If + # you have done this, use crlfile to point to the PEM encoded revocation file. + #crlfile + + # If you wish to control which encryption ciphers are used, use the ciphers + # option. The list of available ciphers can be obtained using the "openssl + # ciphers" command and should be provided in the same format as the output of + # that command. + # If unset defaults to DEFAULT:!aNULL:!eNULL:!LOW:!EXPORT:!SSLv2:@STRENGTH + #ciphers DEFAULT:!aNULL:!eNULL:!LOW:!EXPORT:!SSLv2:@STRENGTH + + # To allow the use of ephemeral DH key exchange, which provides forward + # security, the listener must load DH parameters. This can be specified with + # the dhparamfile option. The dhparamfile can be generated with the command + # e.g. "openssl dhparam -out dhparam.pem 2048" + #dhparamfile + + # By default a TLS enabled listener will operate in a similar fashion to a + # https enabled web server, in that the server has a certificate signed by a CA + # and the client will verify that it is a trusted certificate. The overall aim + # is encryption of the network traffic. By setting require_certificate to true, + # the client must provide a valid certificate in order for the network + # connection to proceed. This allows access to the broker to be controlled + # outside of the mechanisms provided by MQTT. + #require_certificate false + + # This option defines the version of the TLS protocol to use for this listener. + # The default value allows all of v1.3, v1.2 and v1.1. The valid values are + # tlsv1.3 tlsv1.2 and tlsv1.1. + #tls_version + + # If require_certificate is true, you may set use_identity_as_username to true + # to use the CN value from the client certificate as a username. If this is + # true, the password_file option will not be used for this listener. + # This takes priority over use_subject_as_username. + # See also use_subject_as_username. + #use_identity_as_username false + + # If require_certificate is true, you may set use_subject_as_username to true + # to use the complete subject value from the client certificate as a username. + # If this is true, the password_file option will not be used for this listener. + # See also use_identity_as_username + #use_subject_as_username false + + # ----------------------------------------------------------------- + # Pre-shared-key based SSL/TLS support + # ----------------------------------------------------------------- + # The following options can be used to enable PSK based SSL/TLS support for + # this listener. Note that the recommended port for MQTT over TLS is 8883, but + # this must be set manually. + # + # See also the mosquitto-tls man page and the "Certificate based SSL/TLS + # support" section. Only one of certificate or PSK encryption support can be + # enabled for any listener. + + # The psk_hint option enables pre-shared-key support for this listener and also + # acts as an identifier for this listener. The hint is sent to clients and may + # be used locally to aid authentication. The hint is a free form string that + # doesn't have much meaning in itself, so feel free to be creative. + # If this option is provided, see psk_file to define the pre-shared keys to be + # used or create a security plugin to handle them. + #psk_hint + + # When using PSK, the encryption ciphers used will be chosen from the list of + # available PSK ciphers. If you want to control which ciphers are available, + # use the "ciphers" option. The list of available ciphers can be obtained + # using the "openssl ciphers" command and should be provided in the same format + # as the output of that command. + #ciphers + + # Set use_identity_as_username to have the psk identity sent by the client used + # as its username. Authentication will be carried out using the PSK rather than + # the MQTT username/password and so password_file will not be used for this + # listener. + #use_identity_as_username false + + + # ================================================================= + # Extra listeners + # ================================================================= + + # Listen on a port/ip address combination. By using this variable + # multiple times, mosquitto can listen on more than one port. If + # this variable is used and neither bind_address nor port given, + # then the default listener will not be started. + # The port number to listen on must be given. Optionally, an ip + # address or host name may be supplied as a second argument. In + # this case, mosquitto will attempt to bind the listener to that + # address and so restrict access to the associated network and + # interface. By default, mosquitto will listen on all interfaces. + # Note that for a websockets listener it is not possible to bind to a host + # name. + # listener port-number [ip address/host name] + #listener + + # Bind the listener to a specific interface. This is similar to + # the [ip address/host name] part of the listener definition, but is useful + # when an interface has multiple addresses or the address may change. It is + # valid to use this with the [ip address/host name] part of the listener + # definition, but take care that the interface you are binding to contains the + # address you are binding to, otherwise you will not be able to connect. + # Only available on Linux and requires elevated privileges. + # + # Example: bind_interface eth0 + #bind_interface + + # When a listener is using the websockets protocol, it is possible to serve + # http data as well. Set http_dir to a directory which contains the files you + # wish to serve. If this option is not specified, then no normal http + # connections will be possible. + #http_dir + + # The maximum number of client connections to allow. This is + # a per listener setting. + # Default is -1, which means unlimited connections. + # Note that other process limits mean that unlimited connections + # are not really possible. Typically the default maximum number of + # connections possible is around 1024. + #max_connections -1 + + # The listener can be restricted to operating within a topic hierarchy using + # the mount_point option. This is achieved be prefixing the mount_point string + # to all topics for any clients connected to this listener. This prefixing only + # happens internally to the broker; the client will not see the prefix. + #mount_point + + # Choose the protocol to use when listening. + # This can be either mqtt or websockets. + # Certificate based TLS may be used with websockets, except that only the + # cafile, certfile, keyfile and ciphers options are supported. + #protocol mqtt + + # Set use_username_as_clientid to true to replace the clientid that a client + # connected with with its username. This allows authentication to be tied to + # the clientid, which means that it is possible to prevent one client + # disconnecting another by using the same clientid. + # If a client connects with no username it will be disconnected as not + # authorised when this option is set to true. + # Do not use in conjunction with clientid_prefixes. + # See also use_identity_as_username. + #use_username_as_clientid + + # Change the websockets headers size. This is a global option, it is not + # possible to set per listener. This option sets the size of the buffer used in + # the libwebsockets library when reading HTTP headers. If you are passing large + # header data such as cookies then you may need to increase this value. If left + # unset, or set to 0, then the default of 1024 bytes will be used. + #websockets_headers_size + + # ----------------------------------------------------------------- + # Certificate based SSL/TLS support + # ----------------------------------------------------------------- + # The following options can be used to enable certificate based SSL/TLS support + # for this listener. Note that the recommended port for MQTT over TLS is 8883, + # but this must be set manually. + # + # See also the mosquitto-tls man page and the "Pre-shared-key based SSL/TLS + # support" section. Only one of certificate or PSK encryption support can be + # enabled for any listener. + + # At least one of cafile or capath must be defined to enable certificate based + # TLS encryption. They both define methods of accessing the PEM encoded + # Certificate Authority certificates that have signed your server certificate + # and that you wish to trust. + # cafile defines the path to a file containing the CA certificates. + # capath defines a directory that will be searched for files + # containing the CA certificates. For capath to work correctly, the + # certificate files must have ".crt" as the file ending and you must run + # "openssl rehash " each time you add/remove a certificate. + #cafile + #capath + + # Path to the PEM encoded server certificate. + #certfile + + # Path to the PEM encoded keyfile. + #keyfile + + + # If you wish to control which encryption ciphers are used, use the ciphers + # option. The list of available ciphers can be optained using the "openssl + # ciphers" command and should be provided in the same format as the output of + # that command. + #ciphers + + # If you have require_certificate set to true, you can create a certificate + # revocation list file to revoke access to particular client certificates. If + # you have done this, use crlfile to point to the PEM encoded revocation file. + #crlfile + + # To allow the use of ephemeral DH key exchange, which provides forward + # security, the listener must load DH parameters. This can be specified with + # the dhparamfile option. The dhparamfile can be generated with the command + # e.g. "openssl dhparam -out dhparam.pem 2048" + #dhparamfile + + # By default an TLS enabled listener will operate in a similar fashion to a + # https enabled web server, in that the server has a certificate signed by a CA + # and the client will verify that it is a trusted certificate. The overall aim + # is encryption of the network traffic. By setting require_certificate to true, + # the client must provide a valid certificate in order for the network + # connection to proceed. This allows access to the broker to be controlled + # outside of the mechanisms provided by MQTT. + #require_certificate false + + # If require_certificate is true, you may set use_identity_as_username to true + # to use the CN value from the client certificate as a username. If this is + # true, the password_file option will not be used for this listener. + #use_identity_as_username false + + # ----------------------------------------------------------------- + # Pre-shared-key based SSL/TLS support + # ----------------------------------------------------------------- + # The following options can be used to enable PSK based SSL/TLS support for + # this listener. Note that the recommended port for MQTT over TLS is 8883, but + # this must be set manually. + # + # See also the mosquitto-tls man page and the "Certificate based SSL/TLS + # support" section. Only one of certificate or PSK encryption support can be + # enabled for any listener. + + # The psk_hint option enables pre-shared-key support for this listener and also + # acts as an identifier for this listener. The hint is sent to clients and may + # be used locally to aid authentication. The hint is a free form string that + # doesn't have much meaning in itself, so feel free to be creative. + # If this option is provided, see psk_file to define the pre-shared keys to be + # used or create a security plugin to handle them. + #psk_hint + + # When using PSK, the encryption ciphers used will be chosen from the list of + # available PSK ciphers. If you want to control which ciphers are available, + # use the "ciphers" option. The list of available ciphers can be optained + # using the "openssl ciphers" command and should be provided in the same format + # as the output of that command. + #ciphers + + # Set use_identity_as_username to have the psk identity sent by the client used + # as its username. Authentication will be carried out using the PSK rather than + # the MQTT username/password and so password_file will not be used for this + # listener. + #use_identity_as_username false + + + # ================================================================= + # Persistence + # ================================================================= + + # If persistence is enabled, save the in-memory database to disk + # every autosave_interval seconds. If set to 0, the persistence + # database will only be written when mosquitto exits. See also + # autosave_on_changes. + # Note that writing of the persistence database can be forced by + # sending mosquitto a SIGUSR1 signal. + #autosave_interval 1800 + {{- if .Values.persistence.enabled }} + autosave_interval 1800 + {{- end }} + + # If true, mosquitto will count the number of subscription changes, retained + # messages received and queued messages and if the total exceeds + # autosave_interval then the in-memory database will be saved to disk. + # If false, mosquitto will save the in-memory database to disk by treating + # autosave_interval as a time in seconds. + #autosave_on_changes false + + # Save persistent message data to disk (true/false). + # This saves information about all messages, including + # subscriptions, currently in-flight messages and retained + # messages. + # retained_persistence is a synonym for this option. + #persistence false + {{- if .Values.persistence.enabled }} + persistence true + {{- end }} + + # The filename to use for the persistent database, not including + # the path. + #persistence_file mosquitto.db + + # Location for persistent database. Must include trailing / + # Default is an empty string (current directory). + # Set to e.g. /var/lib/mosquitto/ if running as a proper service on Linux or + # similar. + #persistence_location + {{- if .Values.persistence.enabled }} + persistence_location /mosquitto/data/ + {{- end }} + + + # ================================================================= + # Logging + # ================================================================= + + # Places to log to. Use multiple log_dest lines for multiple + # logging destinations. + # Possible destinations are: stdout stderr syslog topic file + # + # stdout and stderr log to the console on the named output. + # + # syslog uses the userspace syslog facility which usually ends up + # in /var/log/messages or similar. + # + # topic logs to the broker topic '$SYS/broker/log/', + # where severity is one of D, E, W, N, I, M which are debug, error, + # warning, notice, information and message. Message type severity is used by + # the subscribe/unsubscribe log_types and publishes log messages to + # $SYS/broker/log/M/susbcribe or $SYS/broker/log/M/unsubscribe. + # + # The file destination requires an additional parameter which is the file to be + # logged to, e.g. "log_dest file /var/log/mosquitto.log". The file will be + # closed and reopened when the broker receives a HUP signal. Only a single file + # destination may be configured. + # + # Note that if the broker is running as a Windows service it will default to + # "log_dest none" and neither stdout nor stderr logging is available. + # Use "log_dest none" if you wish to disable logging. + #log_dest stderr + + # Types of messages to log. Use multiple log_type lines for logging + # multiple types of messages. + # Possible types are: debug, error, warning, notice, information, + # none, subscribe, unsubscribe, websockets, all. + # Note that debug type messages are for decoding the incoming/outgoing + # network packets. They are not logged in "topics". + #log_type error + #log_type warning + #log_type notice + #log_type information + + + # If set to true, client connection and disconnection messages will be included + # in the log. + #connection_messages true + + # If using syslog logging (not on Windows), messages will be logged to the + # "daemon" facility by default. Use the log_facility option to choose which of + # local0 to local7 to log to instead. The option value should be an integer + # value, e.g. "log_facility 5" to use local5. + #log_facility + + # If set to true, add a timestamp value to each log message. + #log_timestamp true + + # Set the format of the log timestamp. If left unset, this is the number of + # seconds since the Unix epoch. + # This is a free text string which will be passed to the strftime function. To + # get an ISO 8601 datetime, for example: + # log_timestamp_format %Y-%m-%dT%H:%M:%S + #log_timestamp_format + + # Change the websockets logging level. This is a global option, it is not + # possible to set per listener. This is an integer that is interpreted by + # libwebsockets as a bit mask for its lws_log_levels enum. See the + # libwebsockets documentation for more details. "log_type websockets" must also + # be enabled. + #websockets_log_level 0 + + + # ================================================================= + # Security + # ================================================================= + + # If set, only clients that have a matching prefix on their + # clientid will be allowed to connect to the broker. By default, + # all clients may connect. + # For example, setting "secure-" here would mean a client "secure- + # client" could connect but another with clientid "mqtt" couldn't. + #clientid_prefixes + + # Boolean value that determines whether clients that connect + # without providing a username are allowed to connect. If set to + # false then a password file should be created (see the + # password_file option) to control authenticated client access. + # + # Defaults to true if no other security options are set. If `password_file` or + # `psk_file` is set, or if an authentication plugin is loaded which implements + # username/password or TLS-PSK checks, then `allow_anonymous` defaults to + # false. + # + #allow_anonymous true + + # ----------------------------------------------------------------- + # Default authentication and topic access control + # ----------------------------------------------------------------- + + # Control access to the broker using a password file. This file can be + # generated using the mosquitto_passwd utility. If TLS support is not compiled + # into mosquitto (it is recommended that TLS support should be included) then + # plain text passwords are used, in which case the file should be a text file + # with lines in the format: + # username:password + # The password (and colon) may be omitted if desired, although this + # offers very little in the way of security. + # + # See the TLS client require_certificate and use_identity_as_username options + # for alternative authentication options. If an auth_plugin is used as well as + # password_file, the auth_plugin check will be made first. + #password_file + + # Access may also be controlled using a pre-shared-key file. This requires + # TLS-PSK support and a listener configured to use it. The file should be text + # lines in the format: + # identity:key + # The key should be in hexadecimal format without a leading "0x". + # If an auth_plugin is used as well, the auth_plugin check will be made first. + #psk_file + + # Control access to topics on the broker using an access control list + # file. If this parameter is defined then only the topics listed will + # have access. + # If the first character of a line of the ACL file is a # it is treated as a + # comment. + # Topic access is added with lines of the format: + # + # topic [read|write|readwrite] + # + # The access type is controlled using "read", "write" or "readwrite". This + # parameter is optional (unless contains a space character) - if not + # given then the access is read/write. can contain the + or # + # wildcards as in subscriptions. + # + # The first set of topics are applied to anonymous clients, assuming + # allow_anonymous is true. User specific topic ACLs are added after a + # user line as follows: + # + # user + # + # The username referred to here is the same as in password_file. It is + # not the clientid. + # + # + # If is also possible to define ACLs based on pattern substitution within the + # topic. The patterns available for substition are: + # + # %c to match the client id of the client + # %u to match the username of the client + # + # The substitution pattern must be the only text for that level of hierarchy. + # + # The form is the same as for the topic keyword, but using pattern as the + # keyword. + # Pattern ACLs apply to all users even if the "user" keyword has previously + # been given. + # + # If using bridges with usernames and ACLs, connection messages can be allowed + # with the following pattern: + # pattern write $SYS/broker/connection/%c/state + # + # pattern [read|write|readwrite] + # + # Example: + # + # pattern write sensor/%u/data + # + # If an auth_plugin is used as well as acl_file, the auth_plugin check will be + # made first. + #acl_file + + # ----------------------------------------------------------------- + # External authentication and topic access plugin options + # ----------------------------------------------------------------- + + # External authentication and access control can be supported with the + # auth_plugin option. This is a path to a loadable plugin. See also the + # auth_opt_* options described below. + # + # The auth_plugin option can be specified multiple times to load multiple + # plugins. The plugins will be processed in the order that they are specified + # here. If the auth_plugin option is specified alongside either of + # password_file or acl_file then the plugin checks will be made first. + # + #auth_plugin + + # If the auth_plugin option above is used, define options to pass to the + # plugin here as described by the plugin instructions. All options named + # using the format auth_opt_* will be passed to the plugin, for example: + # + # auth_opt_db_host + # auth_opt_db_port + # auth_opt_db_username + # auth_opt_db_password + + + # ================================================================= + # Bridges + # ================================================================= + + # A bridge is a way of connecting multiple MQTT brokers together. + # Create a new bridge using the "connection" option as described below. Set + # options for the bridges using the remaining parameters. You must specify the + # address and at least one topic to subscribe to. + # + # Each connection must have a unique name. + # + # The address line may have multiple host address and ports specified. See + # below in the round_robin description for more details on bridge behaviour if + # multiple addresses are used. Note that if you use an IPv6 address, then you + # are required to specify a port. + # + # The direction that the topic will be shared can be chosen by + # specifying out, in or both, where the default value is out. + # The QoS level of the bridged communication can be specified with the next + # topic option. The default QoS level is 0, to change the QoS the topic + # direction must also be given. + # + # The local and remote prefix options allow a topic to be remapped when it is + # bridged to/from the remote broker. This provides the ability to place a topic + # tree in an appropriate location. + # + # For more details see the mosquitto.conf man page. + # + # Multiple topics can be specified per connection, but be careful + # not to create any loops. + # + # If you are using bridges with cleansession set to false (the default), then + # you may get unexpected behaviour from incoming topics if you change what + # topics you are subscribing to. This is because the remote broker keeps the + # subscription for the old topic. If you have this problem, connect your bridge + # with cleansession set to true, then reconnect with cleansession set to false + # as normal. + #connection + #address [:] [[:]] + #topic [[[out | in | both] qos-level] local-prefix remote-prefix] + + + # If a bridge has topics that have "out" direction, the default behaviour is to + # send an unsubscribe request to the remote broker on that topic. This means + # that changing a topic direction from "in" to "out" will not keep receiving + # incoming messages. Sending these unsubscribe requests is not always + # desirable, setting bridge_attempt_unsubscribe to false will disable sending + # the unsubscribe request. + #bridge_attempt_unsubscribe true + + # Set the version of the MQTT protocol to use with for this bridge. Can be one + # of mqttv311 or mqttv11. Defaults to mqttv311. + #bridge_protocol_version mqttv311 + + # Set the clean session variable for this bridge. + # When set to true, when the bridge disconnects for any reason, all + # messages and subscriptions will be cleaned up on the remote + # broker. Note that with cleansession set to true, there may be a + # significant amount of retained messages sent when the bridge + # reconnects after losing its connection. + # When set to false, the subscriptions and messages are kept on the + # remote broker, and delivered when the bridge reconnects. + #cleansession false + + # Set the amount of time a bridge using the lazy start type must be idle before + # it will be stopped. Defaults to 60 seconds. + #idle_timeout 60 + + # Set the keepalive interval for this bridge connection, in + # seconds. + #keepalive_interval 60 + + # Set the clientid to use on the local broker. If not defined, this defaults to + # 'local.'. If you are bridging a broker to itself, it is important + # that local_clientid and clientid do not match. + #local_clientid + + # If set to true, publish notification messages to the local and remote brokers + # giving information about the state of the bridge connection. Retained + # messages are published to the topic $SYS/broker/connection//state + # unless the notification_topic option is used. + # If the message is 1 then the connection is active, or 0 if the connection has + # failed. + # This uses the last will and testament feature. + #notifications true + + # Choose the topic on which notification messages for this bridge are + # published. If not set, messages are published on the topic + # $SYS/broker/connection//state + #notification_topic + + # Set the client id to use on the remote end of this bridge connection. If not + # defined, this defaults to 'name.hostname' where name is the connection name + # and hostname is the hostname of this computer. + # This replaces the old "clientid" option to avoid confusion. "clientid" + # remains valid for the time being. + #remote_clientid + + # Set the password to use when connecting to a broker that requires + # authentication. This option is only used if remote_username is also set. + # This replaces the old "password" option to avoid confusion. "password" + # remains valid for the time being. + #remote_password + + # Set the username to use when connecting to a broker that requires + # authentication. + # This replaces the old "username" option to avoid confusion. "username" + # remains valid for the time being. + #remote_username + + # Set the amount of time a bridge using the automatic start type will wait + # until attempting to reconnect. + # This option can be configured to use a constant delay time in seconds, or to + # use a backoff mechanism based on "Decorrelated Jitter", which adds a degree + # of randomness to when the restart occurs. + # + # Set a constant timeout of 20 seconds: + # restart_timeout 20 + # + # Set backoff with a base (start value) of 10 seconds and a cap (upper limit) of + # 60 seconds: + # restart_timeout 10 30 + # + # Defaults to jitter with a base of 5 and cap of 30 + #restart_timeout 5 30 + + # If the bridge has more than one address given in the address/addresses + # configuration, the round_robin option defines the behaviour of the bridge on + # a failure of the bridge connection. If round_robin is false, the default + # value, then the first address is treated as the main bridge connection. If + # the connection fails, the other secondary addresses will be attempted in + # turn. Whilst connected to a secondary bridge, the bridge will periodically + # attempt to reconnect to the main bridge until successful. + # If round_robin is true, then all addresses are treated as equals. If a + # connection fails, the next address will be tried and if successful will + # remain connected until it fails + #round_robin false + + # Set the start type of the bridge. This controls how the bridge starts and + # can be one of three types: automatic, lazy and once. Note that RSMB provides + # a fourth start type "manual" which isn't currently supported by mosquitto. + # + # "automatic" is the default start type and means that the bridge connection + # will be started automatically when the broker starts and also restarted + # after a short delay (30 seconds) if the connection fails. + # + # Bridges using the "lazy" start type will be started automatically when the + # number of queued messages exceeds the number set with the "threshold" + # parameter. It will be stopped automatically after the time set by the + # "idle_timeout" parameter. Use this start type if you wish the connection to + # only be active when it is needed. + # + # A bridge using the "once" start type will be started automatically when the + # broker starts but will not be restarted if the connection fails. + #start_type automatic + + # Set the number of messages that need to be queued for a bridge with lazy + # start type to be restarted. Defaults to 10 messages. + # Must be less than max_queued_messages. + #threshold 10 + + # If try_private is set to true, the bridge will attempt to indicate to the + # remote broker that it is a bridge not an ordinary client. If successful, this + # means that loop detection will be more effective and that retained messages + # will be propagated correctly. Not all brokers support this feature so it may + # be necessary to set try_private to false if your bridge does not connect + # properly. + #try_private true + + # ----------------------------------------------------------------- + # Certificate based SSL/TLS support + # ----------------------------------------------------------------- + # Either bridge_cafile or bridge_capath must be defined to enable TLS support + # for this bridge. + # bridge_cafile defines the path to a file containing the + # Certificate Authority certificates that have signed the remote broker + # certificate. + # bridge_capath defines a directory that will be searched for files containing + # the CA certificates. For bridge_capath to work correctly, the certificate + # files must have ".crt" as the file ending and you must run "openssl rehash + # " each time you add/remove a certificate. + #bridge_cafile + #bridge_capath + + + # If the remote broker has more than one protocol available on its port, e.g. + # MQTT and WebSockets, then use bridge_alpn to configure which protocol is + # requested. Note that WebSockets support for bridges is not yet available. + #bridge_alpn + + # When using certificate based encryption, bridge_insecure disables + # verification of the server hostname in the server certificate. This can be + # useful when testing initial server configurations, but makes it possible for + # a malicious third party to impersonate your server through DNS spoofing, for + # example. Use this option in testing only. If you need to resort to using this + # option in a production environment, your setup is at fault and there is no + # point using encryption. + #bridge_insecure false + + # Path to the PEM encoded client certificate, if required by the remote broker. + #bridge_certfile + + # Path to the PEM encoded client private key, if required by the remote broker. + #bridge_keyfile + + # ----------------------------------------------------------------- + # PSK based SSL/TLS support + # ----------------------------------------------------------------- + # Pre-shared-key encryption provides an alternative to certificate based + # encryption. A bridge can be configured to use PSK with the bridge_identity + # and bridge_psk options. These are the client PSK identity, and pre-shared-key + # in hexadecimal format with no "0x". Only one of certificate and PSK based + # encryption can be used on one + # bridge at once. + #bridge_identity + #bridge_psk + + + # ================================================================= + # External config files + # ================================================================= + + # External configuration files may be included by using the + # include_dir option. This defines a directory that will be searched + # for config files. All files that end in '.conf' will be loaded as + # a configuration file. It is best to have this as the last option + # in the main file. This option will only be processed from the main + # configuration file. The directory specified must not contain the + # main configuration file. + # Files within include_dir will be loaded sorted in case-sensitive + # alphabetical order, with capital letters ordered first. If this option is + # given multiple times, all of the files from the first instance will be + # processed before the next instance. See the man page for examples. + #include_dir +{{- else }} +{{ .Values.customConfig | indent 4 }} +{{- end }} diff --git a/charts/mosquitto/templates/service.yaml b/charts/mosquitto/templates/service.yaml new file mode 100644 index 00000000..e313fb6e --- /dev/null +++ b/charts/mosquitto/templates/service.yaml @@ -0,0 +1,30 @@ +apiVersion: v1 +kind: Service +metadata: + name: {{ include "mosquitto.fullname" . }} + labels: +{{ include "mosquitto.labels" . | indent 4 }} + {{- with .Values.service.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} +spec: + type: {{ .Values.service.type }} + {{- if .Values.service.externalTrafficPolicy }} + externalTrafficPolicy: {{ .Values.service.externalTrafficPolicy }} + {{- end }} + {{- if .Values.service.loadBalancerIP }} + loadBalancerIP: {{ .Values.service.loadBalancerIP }} + {{- end }} + ports: + - port: 1883 + targetPort: default + protocol: TCP + name: default + - port: 9001 + targetPort: websocket + protocol: TCP + name: websocket + selector: + app.kubernetes.io/name: {{ include "mosquitto.name" . }} + app.kubernetes.io/instance: {{ .Release.Name }} diff --git a/charts/mosquitto/templates/serviceaccount.yaml b/charts/mosquitto/templates/serviceaccount.yaml new file mode 100644 index 00000000..9cae0cfc --- /dev/null +++ b/charts/mosquitto/templates/serviceaccount.yaml @@ -0,0 +1,8 @@ +{{- if .Values.serviceAccount.create -}} +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ template "mosquitto.serviceAccountName" . }} + labels: +{{ include "mosquitto.labels" . | indent 4 }} +{{- end -}} diff --git a/charts/mosquitto/templates/statefullset.yaml b/charts/mosquitto/templates/statefullset.yaml new file mode 100644 index 00000000..c4c0a2ff --- /dev/null +++ b/charts/mosquitto/templates/statefullset.yaml @@ -0,0 +1,95 @@ +apiVersion: apps/v1 +kind: StatefulSet +metadata: + name: {{ include "mosquitto.fullname" . }} + labels: +{{ include "mosquitto.labels" . | indent 4 }} +spec: + replicas: 1 + selector: + matchLabels: + app.kubernetes.io/name: {{ include "mosquitto.name" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + serviceName: {{ include "mosquitto.name" . }} + template: + metadata: + labels: + app.kubernetes.io/name: {{ include "mosquitto.name" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + spec: + {{- with .Values.imagePullSecrets }} + imagePullSecrets: + {{- toYaml . | nindent 8 }} + {{- end }} + serviceAccountName: {{ template "mosquitto.serviceAccountName" . }} + securityContext: + {{- toYaml .Values.podSecurityContext | nindent 8 }} + containers: + - name: {{ .Chart.Name }} + securityContext: + {{- toYaml .Values.securityContext | nindent 12 }} + image: "{{ .Values.image.repository }}:{{ tpl .Values.image.tag . }}" + imagePullPolicy: {{ .Values.image.pullPolicy }} + ports: + - name: default + containerPort: 1883 + protocol: TCP + - name: websocket + containerPort: 9001 + protocol: TCP + resources: + {{- toYaml .Values.resources | nindent 12 }} + volumeMounts: + - name: configmap + mountPath: /mosquitto/config + - name: data + mountPath: /mosquitto/data + volumes: + - name: configmap + configMap: + name: {{ template "mosquitto.fullname" . }} + {{- if not .Values.persistence.enabled }} + - name: data + emptyDir: {} + {{- end }} + {{- if and .Values.persistence.enabled .Values.persistence.existingClaim }} + - name: data + persistentVolumeClaim: + claimName: {{ .Values.persistence.existingClaim }} + {{- end }} + {{- with .Values.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.affinity }} + affinity: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.tolerations }} + tolerations: + {{- toYaml . | nindent 8 }} + {{- end }} + volumeClaimTemplates: + {{- if and .Values.persistence.enabled (not .Values.persistence.existingClaim) }} + - metadata: + name: data + labels: + app.kubernetes.io/name: {{ include "mosquitto.name" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + {{- if .Values.persistence.annotations }} + annotations: + {{ toYaml .Values.persistence.annotations | indent 4 }} + {{- end }} + spec: + accessModes: [ {{ .Values.persistence.accessMode | quote }} ] + resources: + requests: + storage: {{ .Values.persistence.size | quote }} + {{- if .Values.persistence.storageClass }} + {{- if (eq "-" .Values.persistence.storageClass) }} + storageClassName: "" + {{- else }} + storageClassName: {{ .Values.persistence.storageClass | quote }} + {{- end }} + {{- end }} + {{- end }} diff --git a/charts/mosquitto/values.yaml b/charts/mosquitto/values.yaml new file mode 100644 index 00000000..1932ea5a --- /dev/null +++ b/charts/mosquitto/values.yaml @@ -0,0 +1,76 @@ +# Default values for mosquitto. +# This is a YAML-formatted file. +# Declare variables to be passed into your templates. + +replicaCount: 1 + +image: + repository: eclipse-mosquitto + tag: "{{ .Chart.AppVersion }}" + pullPolicy: IfNotPresent + +imagePullSecrets: [] +nameOverride: "" +fullnameOverride: "" + +serviceAccount: + # Specifies whether a service account should be created + create: true + # The name of the service account to use. + # If not set and create is true, a name is generated using the fullname template + name: + +podSecurityContext: {} + # fsGroup: 2000 + +securityContext: {} + # capabilities: + # drop: + # - ALL + # readOnlyRootFilesystem: true + # runAsNonRoot: true + # runAsUser: 1000 + +service: + annotations: {} + type: ClusterIP + # externalTrafficPolicy: + # loadBalancerIP: + +resources: {} + # We usually recommend not to specify default resources and to leave this as a conscious + # choice for the user. This also increases chances charts run on environments with little + # resources, such as Minikube. If you do want to specify resources, uncomment the following + # lines, adjust them as necessary, and remove the curly braces after 'resources:'. + # limits: + # cpu: 100m + # memory: 128Mi + # requests: + # cpu: 100m + # memory: 128Mi + +nodeSelector: {} + +tolerations: [] + +affinity: {} + +persistence: + enabled: False + annotations: {} + ## mosquitto data Persistent Volume Storage Class + ## If defined, storageClassName: + ## If set to "-", storageClassName: "", which disables dynamic provisioning + ## If undefined (the default) or set to null, no storageClassName spec is + ## set, choosing the default provisioner. (gp2 on AWS, standard on + ## GKE, AWS & OpenStack) + ## + # storageClass: "-" + ## + ## If you want to reuse an existing claim, you can pass the name of the PVC using + ## the existingClaim variable + # existingClaim: mosquitto-data + accessMode: ReadWriteOnce + size: 5Gi + +# customConfig: