diff --git a/charts/mosquitto/Chart.yaml b/charts/mosquitto/Chart.yaml new file mode 100644 index 00000000..a189c929 --- /dev/null +++ b/charts/mosquitto/Chart.yaml @@ -0,0 +1,10 @@ +apiVersion: v2 +appVersion: "1.0" +description: Helm chart for Eclipse Mosquitto MQTT Broker +name: mosquitto +version: 0.0.1 +maintainers: + - name: ZopDev + url: zop.dev +annotations: + type: datasource diff --git a/charts/mosquitto/README.md b/charts/mosquitto/README.md new file mode 100644 index 00000000..ad5a29e0 --- /dev/null +++ b/charts/mosquitto/README.md @@ -0,0 +1,163 @@ +# Mosquitto Helm Chart + +The Mosquitto Helm chart enables the deployment of Eclipse Mosquitto, a lightweight MQTT message broker, in a Kubernetes cluster. Mosquitto is designed for IoT messaging and supports MQTT protocol versions 5.0, 3.1.1, and 3.1. + +--- + +## Prerequisites + +- Kubernetes 1.19+ +- Helm 3+ + +--- + +## Add Helm Repository + +Add the Helm repository to your local setup: + +helm repo add zopdev https://helm.zop.dev +helm repo update + +Refer to the [Helm Repository Documentation](https://helm.sh/docs/helm/helm_repo/) for more information. + +--- + +## Install Helm Chart + +To install the Mosquitto Helm chart, use the following command: + +helm install [RELEASE_NAME] zopdev/mosquitto + +Replace `[RELEASE_NAME]` with your desired release name. For example: + +helm install my-mosquitto zopdev/mosquitto + +To customize configurations, provide a `values.yaml` file or override values via the command line. + +Refer to [Helm Install Documentation](https://helm.sh/docs/helm/helm_install/) for more details. + +--- + +## Uninstall Helm Chart + +To uninstall the Mosquitto Helm chart and remove all associated Kubernetes resources, use the command: + +helm uninstall [RELEASE_NAME] + +For example: + +helm uninstall my-mosquitto + +See [Helm Uninstall Documentation](https://helm.sh/docs/helm/helm_uninstall/) for additional details. + +--- + +## Configuration + +Below is a summary of configurable parameters for the Mosquitto Helm chart: + +| **Input** | **Type** | **Description** | **Default** | +|--------------------------|-----------|--------------------------------------------------------------------|-----------------------------------| +| `replicaCount` | `integer` | Number of replicas for the Mosquitto deployment. | `1` | +| `image.repository` | `string` | Docker image repository for the Mosquitto container. | `eclipse-mosquitto` | +| `image.tag` | `string` | Docker image tag for the Mosquitto container. | `2.0.18` | +| `image.pullPolicy` | `string` | Image pull policy for the Mosquitto container. | `IfNotPresent` | +| `resources.requests.cpu` | `string` | Minimum CPU resources required by the Mosquitto container. | `"250m"` | +| `resources.requests.memory` | `string` | Minimum memory resources required by the Mosquitto container. | `"500Mi"` | +| `resources.limits.cpu` | `string` | Maximum CPU resources the Mosquitto container can use. | `"500m"` | +| `resources.limits.memory`| `string` | Maximum memory resources the Mosquitto container can use. | `"1000Mi"` | +| `diskSize` | `string` | Size of the persistent volume for Mosquitto data storage. | `"10Gi"` | +| `service.port` | `integer` | Port on which Mosquitto listens for MQTT connections. | `1883` | +| `service.tlsPort` | `integer` | Port on which Mosquitto listens for MQTT over TLS connections. | `8883` | + +You can override these values in a `values.yaml` file or via the command line during installation. + +--- + +### Example `values.yaml` File + +diskSize : "10Gi" + +resources: + limits: + cpu: 100m + memory: 128Mi + requests: + cpu: 50m + memory: 64Mi + +version: "1.0" + +Apply the configuration file during installation: + +helm install my-mosquitto zopdev/mosquitto -f values.yaml + +--- + +## Features + +- **Lightweight MQTT Broker:** Supports MQTT protocol versions 5.0, 3.1.1, and 3.1 for IoT messaging. +- **Authentication & Authorization:** Optional user authentication via Kubernetes Secrets. +- **TLS Support:** Secure MQTT connections using TLS encryption. +- **Persistent Storage:** Ensure data persistence using configurable persistent volumes. +- **Custom Configuration:** Deploy custom `mosquitto.conf` via ConfigMap. +- **Health Probes:** Built-in liveness and readiness probes for reliability. + +--- + +## Advanced Usage + +### Persistent Volume Configuration + +Customize the persistent volume size and storage class for Mosquitto data: + +diskSize: "50Gi" +persistence: +storageClass: "high-performance" + +### Network Configuration + +Specify the MQTT ports and service type: + +service: +type: LoadBalancer +port: 1883 +tlsPort: 8883 + +### Authentication Setup + +Enable authentication and configure users: + +auth: +enabled: true +users: +- username: admin +- username: client1 + +--- + +## Contributing + +We welcome contributions to improve this Helm chart. Please refer to the [CONTRIBUTING.md](../../CONTRIBUTING.md) file for contribution guidelines. + +--- + +## Code of Conduct + +To maintain a healthy and collaborative community, please adhere to our [Code of Conduct](../../CODE_OF_CONDUCT.md). + +--- + +## License + +This project is licensed under the [LICENSE](../../LICENSE). Please review it for terms of use. + +--- + +## Connection Config + +- **MQTT_HOST** : Hostname or service name for the Mosquitto MQTT broker. +- **MQTT_PORT** : Port number to connect to Mosquitto MQTT. Defaults to 1883. +- **MQTT_TLS_PORT** : Port number for secure MQTT connections. Defaults to 8883. + +--- \ No newline at end of file diff --git a/charts/mosquitto/templates/NOTES.txt b/charts/mosquitto/templates/NOTES.txt new file mode 100644 index 00000000..1868a6eb --- /dev/null +++ b/charts/mosquitto/templates/NOTES.txt @@ -0,0 +1,38 @@ +{{- if contains "LoadBalancer" .Values.service.type }} +Your Mosquitto broker is exposed via LoadBalancer. + +To get the external IP: + kubectl get svc {{ include "mosquitto.fullname" . }} -o jsonpath='{.status.loadBalancer.ingress[0].ip}' + +Then connect your MQTT client to: + mqtt://:1883 + {{- if .Values.tls.enabled }} + mqtts://:8883 + {{- end }} +{{- else }} +Your Mosquitto broker is running inside the cluster. + +To access it, use port forwarding: + kubectl port-forward svc/{{ include "mosquitto.fullname" . }} 1883:1883 + +Then connect using: + mqtt://localhost:1883 + {{- if .Values.tls.enabled }} + mqtts://localhost:8883 + {{- end }} +{{- end }} + +{{- if .Values.auth.enabled }} +Authentication is enabled. + +User credentials are stored in a Kubernetes Secret: + - Secret Name: {{ include "mosquitto.fullname" . }}-auth + - You can extract with: + kubectl get secret {{ include "mosquitto.fullname" . }}-auth -o yaml + +Example decode command (for first user): + USER=$(kubectl get secret {{ include "mosquitto.fullname" . }}-auth -o jsonpath="{.data.username}" | base64 -d) + PASS=$(kubectl get secret {{ include "mosquitto.fullname" . }}-auth -o jsonpath="{.data.password}" | base64 -d) + echo "Username: $USER" + echo "Password: $PASS" +{{- end }} diff --git a/charts/mosquitto/templates/_helpers.tpl b/charts/mosquitto/templates/_helpers.tpl new file mode 100644 index 00000000..f60bc29c --- /dev/null +++ b/charts/mosquitto/templates/_helpers.tpl @@ -0,0 +1,7 @@ +{{- define "mosquitto.name" -}} +mosquitto +{{- end -}} + +{{- define "mosquitto.fullname" -}} +{{ include "mosquitto.name" . }}-{{ .Release.Name }} +{{- end -}} diff --git a/charts/mosquitto/templates/auth-secret.yaml b/charts/mosquitto/templates/auth-secret.yaml new file mode 100644 index 00000000..1035c7c0 --- /dev/null +++ b/charts/mosquitto/templates/auth-secret.yaml @@ -0,0 +1,20 @@ +{{- $existingSecret := lookup "v1" "Secret" .Release.Namespace (printf "%s-auth" (include "mosquitto.fullname" .)) -}} +apiVersion: v1 +kind: Secret +metadata: + name: {{ include "mosquitto.fullname" . }}-auth + labels: + app.kubernetes.io/name: {{ include "mosquitto.name" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + annotations: + helm.sh/resource-policy: keep +type: Opaque +stringData: + passwd: | + {{- if $existingSecret }} + {{ index $existingSecret.data "passwd" | b64dec }} + {{- else }} + {{- range .Values.auth.users }} + {{ .username }}:{{ randAlphaNum 32 }} + {{- end }} + {{- end }} diff --git a/charts/mosquitto/templates/configmap.yaml b/charts/mosquitto/templates/configmap.yaml new file mode 100644 index 00000000..1a7d801e --- /dev/null +++ b/charts/mosquitto/templates/configmap.yaml @@ -0,0 +1,19 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "mosquitto.fullname" . }} + labels: + app.kubernetes.io/name: {{ include "mosquitto.name" . }} + app.kubernetes.io/instance: {{ .Release.Name }} +data: + mosquitto.conf: | + persistence {{ .Values.persistence.enabled }} + allow_anonymous false + password_file /mosquitto/passwords/passwd + listener 1883 + {{- if .Values.tls.enabled }} + listener 8883 + cafile /mosquitto/certs/ca.crt + certfile /mosquitto/certs/tls.crt + keyfile /mosquitto/certs/tls.key + {{- end }} diff --git a/charts/mosquitto/templates/connection-configmap.yaml b/charts/mosquitto/templates/connection-configmap.yaml new file mode 100644 index 00000000..3a20cad8 --- /dev/null +++ b/charts/mosquitto/templates/connection-configmap.yaml @@ -0,0 +1,17 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "mosquitto.fullname" . }}-connection + labels: + app.kubernetes.io/name: {{ include "mosquitto.name" . }} + app.kubernetes.io/instance: {{ .Release.Name }} +data: + MQTT_HOST: "{{ include "mosquitto.fullname" . }}" + MQTT_PORT: "{{ .Values.service.port }}" + {{- if .Values.tls.enabled }} + MQTT_TLS_PORT: "{{ .Values.service.tlsPort }}" + MQTT_TLS_ENABLED: "true" + {{- else }} + MQTT_TLS_ENABLED: "false" + {{- end }} + MQTT_SERVICE_TYPE: "{{ .Values.service.type }}" diff --git a/charts/mosquitto/templates/connection-secret.yaml b/charts/mosquitto/templates/connection-secret.yaml new file mode 100644 index 00000000..4a8cc622 --- /dev/null +++ b/charts/mosquitto/templates/connection-secret.yaml @@ -0,0 +1,15 @@ +apiVersion: v1 +kind: Secret +metadata: + name: {{ include "mosquitto.fullname" . }}-connection + labels: + app.kubernetes.io/name: {{ include "mosquitto.name" . }} + app.kubernetes.io/instance: {{ .Release.Name }} +type: Opaque +stringData: + {{- range $index, $user := .Values.auth.users }} + MQTT_USERNAME_{{ $index }}: "{{ $user.username }}" + MQTT_PASSWORD_{{ $index }}: "{{ $user.password }}" + {{- end }} + MQTT_USERNAME: "{{ (index .Values.auth.users 0).username }}" + MQTT_PASSWORD: "{{ (index .Values.auth.users 0).password }}" diff --git a/charts/mosquitto/templates/deployment.yaml b/charts/mosquitto/templates/deployment.yaml new file mode 100644 index 00000000..bcc6e471 --- /dev/null +++ b/charts/mosquitto/templates/deployment.yaml @@ -0,0 +1,83 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ include "mosquitto.fullname" . }} + labels: + app.kubernetes.io/name: {{ include "mosquitto.name" . }} + app.kubernetes.io/instance: {{ .Release.Name }} +spec: + replicas: 1 + selector: + matchLabels: + app.kubernetes.io/name: {{ include "mosquitto.name" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + template: + metadata: + labels: + app.kubernetes.io/name: {{ include "mosquitto.name" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + spec: + containers: + - name: mosquitto + image: "eclipse-mosquitto:{{ .Values.version }}" + imagePullPolicy: Always + ports: + - containerPort: 1883 + name: mqtt + {{- if .Values.tls.enabled }} + - containerPort: 8883 + name: mqtts + {{- end }} + + volumeMounts: + - name: config-volume + mountPath: /mosquitto/config/mosquitto.conf + subPath: mosquitto.conf + {{- if .Values.persistence.enabled }} + - name: data + mountPath: /mosquitto/data + {{- end }} + {{- if .Values.auth.enabled }} + - name: auth-volume + mountPath: /mosquitto/passwords + readOnly: true + {{- end }} + {{- if .Values.tls.enabled }} + - name: tls-secret + mountPath: /mosquitto/certs + readOnly: true + {{- end }} + resources: + {{- toYaml .Values.resources | nindent 12 }} + livenessProbe: + tcpSocket: + port: 1883 + initialDelaySeconds: 10 + periodSeconds: 15 + readinessProbe: + tcpSocket: + port: 1883 + initialDelaySeconds: 5 + periodSeconds: 10 + volumes: + - name: config-volume + configMap: + name: {{ include "mosquitto.fullname" . }} + {{- if .Values.persistence.enabled }} + - name: data + persistentVolumeClaim: + claimName: {{ include "mosquitto.fullname" . }}-pvc + {{- end }} + {{- if .Values.auth.enabled }} + - name: auth-volume + secret: + secretName: {{ include "mosquitto.fullname" . }}-auth + items: + - key: passwd + path: passwd + {{- end }} + {{- if .Values.tls.enabled }} + - name: tls-secret + secret: + secretName: {{ .Values.tls.certSecret }} + {{- end }} diff --git a/charts/mosquitto/templates/pvc.yaml b/charts/mosquitto/templates/pvc.yaml new file mode 100644 index 00000000..228448fc --- /dev/null +++ b/charts/mosquitto/templates/pvc.yaml @@ -0,0 +1,16 @@ +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: {{ include "mosquitto.fullname" . }}-pvc + labels: + app.kubernetes.io/name: {{ include "mosquitto.name" . }} + app.kubernetes.io/instance: {{ .Release.Name }} +spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: {{ .Values.persistence.size }} + {{- if .Values.persistence.storageClass }} + storageClassName: {{ .Values.persistence.storageClass }} + {{- end }} diff --git a/charts/mosquitto/templates/service.yaml b/charts/mosquitto/templates/service.yaml new file mode 100644 index 00000000..1e51431b --- /dev/null +++ b/charts/mosquitto/templates/service.yaml @@ -0,0 +1,21 @@ +apiVersion: v1 +kind: Service +metadata: + name: {{ include "mosquitto.fullname" . }} + labels: + app.kubernetes.io/name: {{ include "mosquitto.name" . }} + app.kubernetes.io/instance: {{ .Release.Name }} +spec: + type: {{ .Values.service.type }} + ports: + - name: mqtt + port: 1883 + targetPort: mqtt + {{- if .Values.tls.enabled }} + - name: mqtts + port: 8883 + targetPort: mqtts + {{- end }} + selector: + app.kubernetes.io/name: {{ include "mosquitto.name" . }} + app.kubernetes.io/instance: {{ .Release.Name }} diff --git a/charts/mosquitto/values.schema.json b/charts/mosquitto/values.schema.json new file mode 100644 index 00000000..6dc2eade --- /dev/null +++ b/charts/mosquitto/values.schema.json @@ -0,0 +1,134 @@ +{ + "$schema": "http://json-schema.org/schema#", + "type": "object", + "properties": { + "version": { + "type": "string", + "mutable": true + }, + "diskSize": { + "type": "string", + "mutable": true + }, + "image": { + "type": "object", + "properties": { + "repository": { + "type": "string", + "mutable": true + }, + "tag": { + "type": "string", + "mutable": true + }, + "pullPolicy": { + "type": "string", + "mutable": true + } + } + }, + "persistence": { + "type": "object", + "properties": { + "enabled": { + "type": "boolean", + "mutable": true + }, + "size": { + "type": "string", + "mutable": true + }, + "storageClass": { + "type": "string", + "mutable": true + } + } + }, + "auth": { + "type": "object", + "properties": { + "enabled": { + "type": "boolean", + "mutable": true + }, + "users": { + "type": "array", + "items": { + "type": "object", + "properties": { + "username": { + "type": "string", + "mutable": true + }, + "password": { + "type": "string", + "mutable": true + } + } + } + } + } + }, + "tls": { + "type": "object", + "properties": { + "enabled": { + "type": "boolean", + "mutable": true + }, + "certSecret": { + "type": "string", + "mutable": true + } + } + }, + "service": { + "type": "object", + "properties": { + "type": { + "type": "string", + "mutable": true + }, + "port": { + "type": "integer", + "mutable": true + }, + "tlsPort": { + "type": "integer", + "mutable": true + } + } + }, + "resources": { + "type": "object", + "properties": { + "limits": { + "type": "object", + "properties": { + "cpu": { + "type": "string", + "mutable": true + }, + "memory": { + "type": "string", + "mutable": true + } + } + }, + "requests": { + "type": "object", + "properties": { + "cpu": { + "type": "string", + "mutable": true + }, + "memory": { + "type": "string", + "mutable": true + } + } + } + } + } + } +} \ No newline at end of file diff --git a/charts/mosquitto/values.yaml b/charts/mosquitto/values.yaml new file mode 100644 index 00000000..ae3309a3 --- /dev/null +++ b/charts/mosquitto/values.yaml @@ -0,0 +1,34 @@ +diskSize: "10Gi" +version: "1.0" + +image: + repository: "eclipse-mosquitto" + tag: "latest" + pullPolicy: "Always" + +resources: + limits: + cpu: 100m + memory: 128Mi + requests: + cpu: 50m + memory: 64Mi + +persistence: + enabled: true + size: "10Gi" + storageClass: "" + +auth: + enabled: true + users: + - username: "admin" + +tls: + enabled: false + certSecret: "mosquitto-tls-secret" + +service: + type: "ClusterIP" + port: 1883 + tlsPort: 8883