kube-cascade/mosquitto/sts.yaml

apiVersion: apps/v1
kind: StatefulSet
metadata:
  labels:
    mosquitto: server
    app: mosquitto
  annotations:
    "reloader.stakater.com/auto": "true"
  name: mosquitto
  namespace: mosquitto
spec:
  podManagementPolicy: OrderedReady
  replicas: 1
  selector:
    matchLabels:
      mosquitto: server
      app: mosquitto
  serviceName: mosquitto
  updateStrategy:
    type: RollingUpdate
  template:
    metadata:
      labels:
        mosquitto: server
        app: mosquitto
    spec:
      initContainers:
      - name: populate-users
        image: eclipse-mosquitto
        command:
        - /bin/sh
        - -c
        args:
        - |
          cd /users || exit 0
          echo "creating users"
          touch /mosquitto/passwords/mosquitto.passwd
          for f in *;do
            echo "$f"
            mosquitto_passwd -b /mosquitto/passwords/mosquitto.passwd "$f" "$(cat "$f")"
          done
        volumeMounts:
        - mountPath: /mosquitto/passwords
          name: passwords
        - mountPath: /users
          name: users
      containers:
      - image: ginuerzh/gost:latest
        imagePullPolicy: IfNotPresent
        name: gost
        command:
        - gost
        - -L
        - tls://:1884/:1883?cert=/tls/tls.crt&key=/tls/tls.key
        ports:
        - containerPort: 1884
          protocol: TCP
          name: mqtts
        volumeMounts:
        - mountPath: /tls
          name: tls
      - name: mosquitto
        image: eclipse-mosquitto
        command:
        - /usr/sbin/mosquitto
        args:
        - -c
        - /mosquitto/config/mosquitto.conf
        livenessProbe:
          tcpSocket:
            port: 1883
        readinessProbe:
          tcpSocket:
            port: 1883
        ports:
        - containerPort: 1883
          protocol: TCP
          name: mqtt
        - containerPort: 8883
          protocol: TCP
          name: mqtts-mtls
        volumeMounts:
        - mountPath: /mosquitto/data
          name: mosquitto-data
        - mountPath: /mosquitto/config
          name: mosquitto-config
        - mountPath: /mosquitto/passwords
          name: passwords
        - mountPath: /mosquitto/mtls
          name: mtls-server-cert
        - mountPath: /mosquitto/ca
          name: ca
        - mountPath: /http
          name: mosquitto-http-dir
      dnsPolicy: ClusterFirst
      restartPolicy: Always
      volumes:
        - name: mosquitto-config
          configMap:
            name: mosquitto-config
        - name: mosquitto-http-dir
          configMap:
            name: mosquitto-http-dir
        - name: passwords
          emptyDir:
            sizeLimit: 50Mi
        - name: users
          secret:
            secretName: mosquitto-users
            optional: true
        - name: mtls-server-cert
          secret:
            secretName: mosquitto-mtls-server-cert
            optional: false
        - name: tls
          secret:
            secretName: wildcard-tls
            optional: false
        - name: ca
          secret:
            secretName: mosquitto-mtls-root-ca
            optional: false
  volumeClaimTemplates:
  - metadata:
      name: mosquitto-data
    spec:
      accessModes: [ "ReadWriteOnce" ]
      storageClassName: local-path
      resources:
        requests:
          storage: 5Gi
add mosquitto 2023-07-24 19:13:50 +00:00			`apiVersion: apps/v1`
			`kind: StatefulSet`
			`metadata:`
			`labels:`
			`mosquitto: server`
			`app: mosquitto`
			`annotations:`
			`"reloader.stakater.com/auto": "true"`
			`name: mosquitto`
			`namespace: mosquitto`
			`spec:`
			`podManagementPolicy: OrderedReady`
			`replicas: 1`
			`selector:`
			`matchLabels:`
			`mosquitto: server`
			`app: mosquitto`
			`serviceName: mosquitto`
			`updateStrategy:`
			`type: RollingUpdate`
			`template:`
			`metadata:`
			`labels:`
			`mosquitto: server`
			`app: mosquitto`
			`spec:`
			`initContainers:`
			`- name: populate-users`
			`image: eclipse-mosquitto`
			`command:`
			`- /bin/sh`
			`- -c`
			`args:`
			`- \|`
			`cd /users \|\| exit 0`
			`echo "creating users"`
			`touch /mosquitto/passwords/mosquitto.passwd`
			`for f in *;do`
			`echo "$f"`
			`mosquitto_passwd -b /mosquitto/passwords/mosquitto.passwd "$f" "$(cat "$f")"`
			`done`
			`volumeMounts:`
			`- mountPath: /mosquitto/passwords`
			`name: passwords`
			`- mountPath: /users`
			`name: users`
			`containers:`
fix multiple tls ingress on mosquitto * adds a server cert from the mtls CA for mtls clients * adds gost as a tls offload for non-mtls clients to work around https://github.com/eclipse/mosquitto/issues/1839 * adds wildcard-tls through external secrets and removes template operator version * removes non-working websockets listener * fixes tests to work with mtls and non-mtls 2023-12-22 22:36:41 +00:00			`- image: ginuerzh/gost:latest`
			`imagePullPolicy: IfNotPresent`
			`name: gost`
			`command:`
			`- gost`
			`- -L`
			`- tls://:1884/:1883?cert=/tls/tls.crt&key=/tls/tls.key`
			`ports:`
			`- containerPort: 1884`
			`protocol: TCP`
			`name: mqtts`
			`volumeMounts:`
			`- mountPath: /tls`
			`name: tls`
add mosquitto 2023-07-24 19:13:50 +00:00			`- name: mosquitto`
			`image: eclipse-mosquitto`
			`command:`
			`- /usr/sbin/mosquitto`
			`args:`
			`- -c`
			`- /mosquitto/config/mosquitto.conf`
			`livenessProbe:`
			`tcpSocket:`
			`port: 1883`
			`readinessProbe:`
			`tcpSocket:`
			`port: 1883`
			`ports:`
			`- containerPort: 1883`
			`protocol: TCP`
fix multiple tls ingress on mosquitto * adds a server cert from the mtls CA for mtls clients * adds gost as a tls offload for non-mtls clients to work around https://github.com/eclipse/mosquitto/issues/1839 * adds wildcard-tls through external secrets and removes template operator version * removes non-working websockets listener * fixes tests to work with mtls and non-mtls 2023-12-22 22:36:41 +00:00			`name: mqtt`
			`- containerPort: 8883`
add mosquitto 2023-07-24 19:13:50 +00:00			`protocol: TCP`
fix multiple tls ingress on mosquitto * adds a server cert from the mtls CA for mtls clients * adds gost as a tls offload for non-mtls clients to work around https://github.com/eclipse/mosquitto/issues/1839 * adds wildcard-tls through external secrets and removes template operator version * removes non-working websockets listener * fixes tests to work with mtls and non-mtls 2023-12-22 22:36:41 +00:00			`name: mqtts-mtls`
add mosquitto 2023-07-24 19:13:50 +00:00			`volumeMounts:`
			`- mountPath: /mosquitto/data`
			`name: mosquitto-data`
			`- mountPath: /mosquitto/config`
			`name: mosquitto-config`
			`- mountPath: /mosquitto/passwords`
			`name: passwords`
fix multiple tls ingress on mosquitto * adds a server cert from the mtls CA for mtls clients * adds gost as a tls offload for non-mtls clients to work around https://github.com/eclipse/mosquitto/issues/1839 * adds wildcard-tls through external secrets and removes template operator version * removes non-working websockets listener * fixes tests to work with mtls and non-mtls 2023-12-22 22:36:41 +00:00			`- mountPath: /mosquitto/mtls`
			`name: mtls-server-cert`
			`- mountPath: /mosquitto/ca`
			`name: ca`
add mosquitto 2023-07-24 19:13:50 +00:00			`- mountPath: /http`
			`name: mosquitto-http-dir`
			`dnsPolicy: ClusterFirst`
			`restartPolicy: Always`
			`volumes:`
			`- name: mosquitto-config`
			`configMap:`
			`name: mosquitto-config`
			`- name: mosquitto-http-dir`
			`configMap:`
			`name: mosquitto-http-dir`
			`- name: passwords`
			`emptyDir:`
			`sizeLimit: 50Mi`
			`- name: users`
			`secret:`
			`secretName: mosquitto-users`
			`optional: true`
fix multiple tls ingress on mosquitto * adds a server cert from the mtls CA for mtls clients * adds gost as a tls offload for non-mtls clients to work around https://github.com/eclipse/mosquitto/issues/1839 * adds wildcard-tls through external secrets and removes template operator version * removes non-working websockets listener * fixes tests to work with mtls and non-mtls 2023-12-22 22:36:41 +00:00			`- name: mtls-server-cert`
			`secret:`
			`secretName: mosquitto-mtls-server-cert`
			`optional: false`
add mosquitto 2023-07-24 19:13:50 +00:00			`- name: tls`
fix multiple tls ingress on mosquitto * adds a server cert from the mtls CA for mtls clients * adds gost as a tls offload for non-mtls clients to work around https://github.com/eclipse/mosquitto/issues/1839 * adds wildcard-tls through external secrets and removes template operator version * removes non-working websockets listener * fixes tests to work with mtls and non-mtls 2023-12-22 22:36:41 +00:00			`secret:`
			`secretName: wildcard-tls`
			`optional: false`
			`- name: ca`
add mosquitto 2023-07-24 19:13:50 +00:00			`secret:`
			`secretName: mosquitto-mtls-root-ca`
			`optional: false`
			`volumeClaimTemplates:`
			`- metadata:`
			`name: mosquitto-data`
			`spec:`
			`accessModes: [ "ReadWriteOnce" ]`
			`storageClassName: local-path`
			`resources:`
			`requests:`
			`storage: 5Gi`