mirror of
https://github.com/k8s-at-home/charts.git
synced 2025-01-23 15:39:02 +00:00
[Mosquitto] upgrade to 2.0.4 (#485)
This commit is contained in:
Ingvarr Zhmakin
GitHub
parent
adf03889a4
commit
f004996c56
@ -1,8 +1,8 @@
|
||||
apiVersion: v1
|
||||
appVersion: "1.6.12"
|
||||
appVersion: "2.0.4"
|
||||
description: Eclipse Mosquitto - An open source MQTT broker
|
||||
name: mosquitto
|
||||
version: 0.6.0
|
||||
version: 0.7.0
|
||||
keywords:
|
||||
- message queue
|
||||
- MQTT
|
||||
|
||||
@ -40,20 +40,6 @@ data:
|
||||
#per_listener_settings false
|
||||
|
||||
|
||||
# If a client is subscribed to multiple subscriptions that overlap, e.g. foo/#
|
||||
# and foo/+/baz , then MQTT expects that when the broker receives a message on
|
||||
# a topic that matches both subscriptions, such as foo/bar/baz, then the client
|
||||
# should only receive the message once.
|
||||
# Mosquitto keeps track of which clients a message has been sent to in order to
|
||||
# meet this requirement. The allow_duplicate_messages option allows this
|
||||
# behaviour to be disabled, which may be useful if you have a large number of
|
||||
# clients subscribed to the same set of topics and are very concerned about
|
||||
# minimising memory usage.
|
||||
# It can be safely set to true if you know in advance that your clients will
|
||||
# never have overlapping subscriptions, otherwise your clients must be able to
|
||||
# correctly deal with duplicate messages even when then have QoS=2.
|
||||
#allow_duplicate_messages false
|
||||
|
||||
# This option controls whether a client is allowed to connect with a zero
|
||||
# length client id or not. This option only affects clients using MQTT v3.1.1
|
||||
# and later. If set to false, clients connecting with a zero length client id
|
||||
@ -120,12 +106,16 @@ data:
|
||||
# be queued until the first limit is reached.
|
||||
#max_queued_bytes 0
|
||||
|
||||
# Set the maximum QoS supported. Clients publishing at a QoS higher than
|
||||
# specified here will be disconnected.
|
||||
#max_qos 2
|
||||
|
||||
# The maximum number of QoS 1 and 2 messages to hold in a queue per client
|
||||
# above those that are currently in-flight. Defaults to 100. Set
|
||||
# above those that are currently in-flight. Defaults to 1000. Set
|
||||
# to 0 for no maximum (not recommended).
|
||||
# See also queue_qos0_messages.
|
||||
# See also max_queued_bytes.
|
||||
#max_queued_messages 100
|
||||
#max_queued_messages 1000
|
||||
#
|
||||
# This option sets the maximum number of heap memory bytes that the broker will
|
||||
# allocate, and hence sets a hard limit on memory use by the broker. Memory
|
||||
@ -164,7 +154,7 @@ data:
|
||||
|
||||
# Write process id to a file. Default is a blank string which means
|
||||
# a pid file shouldn't be written.
|
||||
# This should be set to /var/run/mosquitto.pid if mosquitto is
|
||||
# This should be set to /var/run/mosquitto/mosquitto.pid if mosquitto is
|
||||
# being run automatically on boot with an init script and
|
||||
# start-stop-daemon or similar.
|
||||
#pid_file
|
||||
@ -201,171 +191,15 @@ data:
|
||||
# When run as root, drop privileges to this user and its primary
|
||||
# group.
|
||||
# Set to root to stay as root, but this is not recommended.
|
||||
# If set to "mosquitto", or left unset, and the "mosquitto" user does not exist
|
||||
# then it will drop privileges to the "nobody" user instead.
|
||||
# If run as a non-root user, this setting has no effect.
|
||||
# Note that on Windows this has no effect and so mosquitto should
|
||||
# be started by the user you wish it to run as.
|
||||
# Note that on Windows this has no effect and so mosquitto should be started by
|
||||
# the user you wish it to run as.
|
||||
#user mosquitto
|
||||
|
||||
# =================================================================
|
||||
# Default listener
|
||||
# =================================================================
|
||||
|
||||
# IP address/hostname to bind the default listener to. If not
|
||||
# given, the default listener will not be bound to a specific
|
||||
# address and so will be accessible to all network interfaces.
|
||||
# bind_address ip-address/host name
|
||||
#bind_address
|
||||
|
||||
# Port to use for the default listener.
|
||||
#port 1883
|
||||
|
||||
# Bind the listener to a specific interface. This is similar to
|
||||
# bind_address above but is useful when an interface has multiple addresses or
|
||||
# the address may change. It is valid to use this with the bind_address option,
|
||||
# but take care that the interface you are binding to contains the address you
|
||||
# are binding to, otherwise you will not be able to connect.
|
||||
# Example: bind_interface eth0
|
||||
#bind_interface
|
||||
|
||||
# When a listener is using the websockets protocol, it is possible to serve
|
||||
# http data as well. Set http_dir to a directory which contains the files you
|
||||
# wish to serve. If this option is not specified, then no normal http
|
||||
# connections will be possible.
|
||||
#http_dir
|
||||
|
||||
# The maximum number of client connections to allow. This is
|
||||
# a per listener setting.
|
||||
# Default is -1, which means unlimited connections.
|
||||
# Note that other process limits mean that unlimited connections
|
||||
# are not really possible. Typically the default maximum number of
|
||||
# connections possible is around 1024.
|
||||
#max_connections -1
|
||||
|
||||
# Choose the protocol to use when listening.
|
||||
# This can be either mqtt or websockets.
|
||||
# Websockets support is currently disabled by default at compile time.
|
||||
# Certificate based TLS may be used with websockets, except that
|
||||
# only the cafile, certfile, keyfile and ciphers options are supported.
|
||||
#protocol mqtt
|
||||
|
||||
# Set use_username_as_clientid to true to replace the clientid that a client
|
||||
# connected with with its username. This allows authentication to be tied to
|
||||
# the clientid, which means that it is possible to prevent one client
|
||||
# disconnecting another by using the same clientid.
|
||||
# If a client connects with no username it will be disconnected as not
|
||||
# authorised when this option is set to true.
|
||||
# Do not use in conjunction with clientid_prefixes.
|
||||
# See also use_identity_as_username.
|
||||
#use_username_as_clientid
|
||||
|
||||
# -----------------------------------------------------------------
|
||||
# Certificate based SSL/TLS support
|
||||
# -----------------------------------------------------------------
|
||||
# The following options can be used to enable SSL/TLS support for
|
||||
# this listener. Note that the recommended port for MQTT over TLS
|
||||
# is 8883, but this must be set manually.
|
||||
#
|
||||
# See also the mosquitto-tls man page.
|
||||
|
||||
# At least one of cafile or capath must be defined. They both
|
||||
# define methods of accessing the PEM encoded Certificate
|
||||
# Authority certificates that have signed your server certificate
|
||||
# and that you wish to trust.
|
||||
# cafile defines the path to a file containing the CA certificates.
|
||||
# capath defines a directory that will be searched for files
|
||||
# containing the CA certificates. For capath to work correctly, the
|
||||
# certificate files must have ".crt" as the file ending and you must run
|
||||
# "openssl rehash <path to capath>" each time you add/remove a certificate.
|
||||
#cafile
|
||||
#capath
|
||||
|
||||
# Path to the PEM encoded server certificate.
|
||||
#certfile
|
||||
|
||||
# Path to the PEM encoded keyfile.
|
||||
#keyfile
|
||||
|
||||
|
||||
# If you have require_certificate set to true, you can create a certificate
|
||||
# revocation list file to revoke access to particular client certificates. If
|
||||
# you have done this, use crlfile to point to the PEM encoded revocation file.
|
||||
#crlfile
|
||||
|
||||
# If you wish to control which encryption ciphers are used, use the ciphers
|
||||
# option. The list of available ciphers can be obtained using the "openssl
|
||||
# ciphers" command and should be provided in the same format as the output of
|
||||
# that command.
|
||||
# If unset defaults to DEFAULT:!aNULL:!eNULL:!LOW:!EXPORT:!SSLv2:@STRENGTH
|
||||
#ciphers DEFAULT:!aNULL:!eNULL:!LOW:!EXPORT:!SSLv2:@STRENGTH
|
||||
|
||||
# To allow the use of ephemeral DH key exchange, which provides forward
|
||||
# security, the listener must load DH parameters. This can be specified with
|
||||
# the dhparamfile option. The dhparamfile can be generated with the command
|
||||
# e.g. "openssl dhparam -out dhparam.pem 2048"
|
||||
#dhparamfile
|
||||
|
||||
# By default a TLS enabled listener will operate in a similar fashion to a
|
||||
# https enabled web server, in that the server has a certificate signed by a CA
|
||||
# and the client will verify that it is a trusted certificate. The overall aim
|
||||
# is encryption of the network traffic. By setting require_certificate to true,
|
||||
# the client must provide a valid certificate in order for the network
|
||||
# connection to proceed. This allows access to the broker to be controlled
|
||||
# outside of the mechanisms provided by MQTT.
|
||||
#require_certificate false
|
||||
|
||||
# This option defines the version of the TLS protocol to use for this listener.
|
||||
# The default value allows all of v1.3, v1.2 and v1.1. The valid values are
|
||||
# tlsv1.3 tlsv1.2 and tlsv1.1.
|
||||
#tls_version
|
||||
|
||||
# If require_certificate is true, you may set use_identity_as_username to true
|
||||
# to use the CN value from the client certificate as a username. If this is
|
||||
# true, the password_file option will not be used for this listener.
|
||||
# This takes priority over use_subject_as_username.
|
||||
# See also use_subject_as_username.
|
||||
#use_identity_as_username false
|
||||
|
||||
# If require_certificate is true, you may set use_subject_as_username to true
|
||||
# to use the complete subject value from the client certificate as a username.
|
||||
# If this is true, the password_file option will not be used for this listener.
|
||||
# See also use_identity_as_username
|
||||
#use_subject_as_username false
|
||||
|
||||
# -----------------------------------------------------------------
|
||||
# Pre-shared-key based SSL/TLS support
|
||||
# -----------------------------------------------------------------
|
||||
# The following options can be used to enable PSK based SSL/TLS support for
|
||||
# this listener. Note that the recommended port for MQTT over TLS is 8883, but
|
||||
# this must be set manually.
|
||||
#
|
||||
# See also the mosquitto-tls man page and the "Certificate based SSL/TLS
|
||||
# support" section. Only one of certificate or PSK encryption support can be
|
||||
# enabled for any listener.
|
||||
|
||||
# The psk_hint option enables pre-shared-key support for this listener and also
|
||||
# acts as an identifier for this listener. The hint is sent to clients and may
|
||||
# be used locally to aid authentication. The hint is a free form string that
|
||||
# doesn't have much meaning in itself, so feel free to be creative.
|
||||
# If this option is provided, see psk_file to define the pre-shared keys to be
|
||||
# used or create a security plugin to handle them.
|
||||
#psk_hint
|
||||
|
||||
# When using PSK, the encryption ciphers used will be chosen from the list of
|
||||
# available PSK ciphers. If you want to control which ciphers are available,
|
||||
# use the "ciphers" option. The list of available ciphers can be obtained
|
||||
# using the "openssl ciphers" command and should be provided in the same format
|
||||
# as the output of that command.
|
||||
#ciphers
|
||||
|
||||
# Set use_identity_as_username to have the psk identity sent by the client used
|
||||
# as its username. Authentication will be carried out using the PSK rather than
|
||||
# the MQTT username/password and so password_file will not be used for this
|
||||
# listener.
|
||||
#use_identity_as_username false
|
||||
|
||||
|
||||
# =================================================================
|
||||
# Extra listeners
|
||||
# Listeners
|
||||
# =================================================================
|
||||
|
||||
# Listen on a port/ip address combination. By using this variable
|
||||
@ -379,8 +213,28 @@ data:
|
||||
# interface. By default, mosquitto will listen on all interfaces.
|
||||
# Note that for a websockets listener it is not possible to bind to a host
|
||||
# name.
|
||||
# listener port-number [ip address/host name]
|
||||
#listener
|
||||
#
|
||||
# On systems that support Unix Domain Sockets, it is also possible
|
||||
# to create a # Unix socket rather than opening a TCP socket. In
|
||||
# this case, the port number should be set to 0 and a unix socket
|
||||
# path must be provided, e.g.
|
||||
# listener 0 /tmp/mosquitto.sock
|
||||
#
|
||||
# listener port-number [ip address/host name/unix socket path]
|
||||
listener {{ .Values.service.port }}
|
||||
|
||||
# By default, a listener will attempt to listen on all supported IP protocol
|
||||
# versions. If you do not have an IPv4 or IPv6 interface you may wish to
|
||||
# disable support for either of those protocol versions. In particular, note
|
||||
# that due to the limitations of the websockets library, it will only ever
|
||||
# attempt to open IPv6 sockets if IPv6 support is compiled in, and so will fail
|
||||
# if IPv6 is not available.
|
||||
#
|
||||
# Set to `ipv4` to force the listener to only use IPv4, or set to `ipv6` to
|
||||
# force the listener to only use IPv6. If you want support for both IPv4 and
|
||||
# IPv6, then do not use the socket_domain option.
|
||||
#
|
||||
#socket_domain
|
||||
|
||||
# Bind the listener to a specific interface. This is similar to
|
||||
# the [ip address/host name] part of the listener definition, but is useful
|
||||
@ -416,7 +270,7 @@ data:
|
||||
# Choose the protocol to use when listening.
|
||||
# This can be either mqtt or websockets.
|
||||
# Certificate based TLS may be used with websockets, except that only the
|
||||
# cafile, certfile, keyfile and ciphers options are supported.
|
||||
# cafile, certfile, keyfile, ciphers, and ciphers_tls13 options are supported.
|
||||
#protocol mqtt
|
||||
|
||||
# Set use_username_as_clientid to true to replace the clientid that a client
|
||||
@ -447,17 +301,8 @@ data:
|
||||
# support" section. Only one of certificate or PSK encryption support can be
|
||||
# enabled for any listener.
|
||||
|
||||
# At least one of cafile or capath must be defined to enable certificate based
|
||||
# TLS encryption. They both define methods of accessing the PEM encoded
|
||||
# Certificate Authority certificates that have signed your server certificate
|
||||
# and that you wish to trust.
|
||||
# cafile defines the path to a file containing the CA certificates.
|
||||
# capath defines a directory that will be searched for files
|
||||
# containing the CA certificates. For capath to work correctly, the
|
||||
# certificate files must have ".crt" as the file ending and you must run
|
||||
# "openssl rehash <path to capath>" each time you add/remove a certificate.
|
||||
#cafile
|
||||
#capath
|
||||
# Both of certfile and keyfile must be defined to enable certificate based
|
||||
# TLS encryption.
|
||||
|
||||
# Path to the PEM encoded server certificate.
|
||||
#certfile
|
||||
@ -465,13 +310,17 @@ data:
|
||||
# Path to the PEM encoded keyfile.
|
||||
#keyfile
|
||||
|
||||
|
||||
# If you wish to control which encryption ciphers are used, use the ciphers
|
||||
# option. The list of available ciphers can be optained using the "openssl
|
||||
# ciphers" command and should be provided in the same format as the output of
|
||||
# that command.
|
||||
# that command. This applies to TLS 1.2 and earlier versions only. Use
|
||||
# ciphers_tls1.3 for TLS v1.3.
|
||||
#ciphers
|
||||
|
||||
# Choose which TLS v1.3 ciphersuites are used for this listener.
|
||||
# Defaults to "TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256"
|
||||
#ciphers_tls1.3
|
||||
|
||||
# If you have require_certificate set to true, you can create a certificate
|
||||
# revocation list file to revoke access to particular client certificates. If
|
||||
# you have done this, use crlfile to point to the PEM encoded revocation file.
|
||||
@ -492,6 +341,18 @@ data:
|
||||
# outside of the mechanisms provided by MQTT.
|
||||
#require_certificate false
|
||||
|
||||
# cafile and capath define methods of accessing the PEM encoded
|
||||
# Certificate Authority certificates that will be considered trusted when
|
||||
# checking incoming client certificates.
|
||||
# cafile defines the path to a file containing the CA certificates.
|
||||
# capath defines a directory that will be searched for files
|
||||
# containing the CA certificates. For capath to work correctly, the
|
||||
# certificate files must have ".crt" as the file ending and you must run
|
||||
# "openssl rehash <path to capath>" each time you add/remove a certificate.
|
||||
#cafile
|
||||
#capath
|
||||
|
||||
|
||||
# If require_certificate is true, you may set use_identity_as_username to true
|
||||
# to use the CN value from the client certificate as a username. If this is
|
||||
# true, the password_file option will not be used for this listener.
|
||||
@ -566,9 +427,9 @@ data:
|
||||
# the path.
|
||||
#persistence_file mosquitto.db
|
||||
|
||||
# Location for persistent database. Must include trailing /
|
||||
# Location for persistent database.
|
||||
# Default is an empty string (current directory).
|
||||
# Set to e.g. /var/lib/mosquitto/ if running as a proper service on Linux or
|
||||
# Set to e.g. /var/lib/mosquitto if running as a proper service on Linux or
|
||||
# similar.
|
||||
#persistence_location
|
||||
{{- if .Values.persistence.enabled }}
|
||||
@ -582,7 +443,7 @@ data:
|
||||
|
||||
# Places to log to. Use multiple log_dest lines for multiple
|
||||
# logging destinations.
|
||||
# Possible destinations are: stdout stderr syslog topic file
|
||||
# Possible destinations are: stdout stderr syslog topic file dlt
|
||||
#
|
||||
# stdout and stderr log to the console on the named output.
|
||||
#
|
||||
@ -600,6 +461,9 @@ data:
|
||||
# closed and reopened when the broker receives a HUP signal. Only a single file
|
||||
# destination may be configured.
|
||||
#
|
||||
# The dlt destination is for the automotive `Diagnostic Log and Trace` tool.
|
||||
# This requires that Mosquitto has been compiled with DLT support.
|
||||
#
|
||||
# Note that if the broker is running as a Windows service it will default to
|
||||
# "log_dest none" and neither stdout nor stderr logging is available.
|
||||
# Use "log_dest none" if you wish to disable logging.
|
||||
@ -661,12 +525,11 @@ data:
|
||||
# false then a password file should be created (see the
|
||||
# password_file option) to control authenticated client access.
|
||||
#
|
||||
# Defaults to true if no other security options are set. If `password_file` or
|
||||
# `psk_file` is set, or if an authentication plugin is loaded which implements
|
||||
# username/password or TLS-PSK checks, then `allow_anonymous` defaults to
|
||||
# false.
|
||||
#
|
||||
#allow_anonymous true
|
||||
# Defaults to false, unless there are no listeners defined in the configuration
|
||||
# file, in which case it is set to true, but connections are only allowed from
|
||||
# the local machine.
|
||||
#allow_anonymous false
|
||||
allow_anonymous true
|
||||
|
||||
# -----------------------------------------------------------------
|
||||
# Default authentication and topic access control
|
||||
@ -701,13 +564,17 @@ data:
|
||||
# comment.
|
||||
# Topic access is added with lines of the format:
|
||||
#
|
||||
# topic [read|write|readwrite] <topic>
|
||||
# topic [read|write|readwrite|deny] <topic>
|
||||
#
|
||||
# The access type is controlled using "read", "write" or "readwrite". This
|
||||
# parameter is optional (unless <topic> contains a space character) - if not
|
||||
# given then the access is read/write. <topic> can contain the + or #
|
||||
# The access type is controlled using "read", "write", "readwrite" or "deny".
|
||||
# This parameter is optional (unless <topic> contains a space character) - if
|
||||
# not given then the access is read/write. <topic> can contain the + or #
|
||||
# wildcards as in subscriptions.
|
||||
#
|
||||
# The "deny" option can used to explicity deny access to a topic that would
|
||||
# otherwise be granted by a broader read/write/readwrite statement. Any "deny"
|
||||
# topics are handled before topics that grant read/write access.
|
||||
#
|
||||
# The first set of topics are applied to anonymous clients, assuming
|
||||
# allow_anonymous is true. User specific topic ACLs are added after a
|
||||
# user line as follows:
|
||||
@ -811,6 +678,10 @@ data:
|
||||
#address <host>[:<port>] [<host>[:<port>]]
|
||||
#topic <topic> [[[out | in | both] qos-level] local-prefix remote-prefix]
|
||||
|
||||
# If you need to have the bridge connect over a particular network interface,
|
||||
# use bridge_bind_address to tell the bridge which local IP address the socket
|
||||
# should bind to, e.g. `bridge_bind_address 192.168.1.10`
|
||||
#bridge_bind_address
|
||||
|
||||
# If a bridge has topics that have "out" direction, the default behaviour is to
|
||||
# send an unsubscribe request to the remote broker on that topic. This means
|
||||
@ -821,7 +692,7 @@ data:
|
||||
#bridge_attempt_unsubscribe true
|
||||
|
||||
# Set the version of the MQTT protocol to use with for this bridge. Can be one
|
||||
# of mqttv311 or mqttv11. Defaults to mqttv311.
|
||||
# of mqttv50, mqttv311 or mqttv31. Defaults to mqttv311.
|
||||
#bridge_protocol_version mqttv311
|
||||
|
||||
# Set the clean session variable for this bridge.
|
||||
@ -939,6 +810,23 @@ data:
|
||||
# properly.
|
||||
#try_private true
|
||||
|
||||
# Some MQTT brokers do not allow retained messages. MQTT v5 gives a mechanism
|
||||
# for brokers to tell clients that they do not support retained messages, but
|
||||
# this is not possible for MQTT v3.1.1 or v3.1. If you need to bridge to a
|
||||
# v3.1.1 or v3.1 broker that does not support retained messages, set the
|
||||
# bridge_outgoing_retain option to false. This will remove the retain bit on
|
||||
# all outgoing messages to that bridge, regardless of any other setting.
|
||||
#bridge_outgoing_retain true
|
||||
|
||||
# If you wish to restrict the size of messages sent to a remote bridge, use the
|
||||
# bridge_max_packet_size option. This sets the maximum number of bytes for
|
||||
# the total message, including headers and payload.
|
||||
# Note that MQTT v5 brokers may provide their own maximum-packet-size property.
|
||||
# In this case, the smaller of the two limits will be used.
|
||||
# Set to 0 for "unlimited".
|
||||
#bridge_max_packet_size 0
|
||||
|
||||
|
||||
# -----------------------------------------------------------------
|
||||
# Certificate based SSL/TLS support
|
||||
# -----------------------------------------------------------------
|
||||
|
||||
Loading…
Reference in New Issue
Block a user