zopdev · Ashish-Kumar-Dash · Jul 31, 2025 · Jul 31, 2025 · Jul 31, 2025 · Jul 31, 2025
diff --git a/charts/mosquitto/Chart.yaml b/charts/mosquitto/Chart.yaml
@@ -0,0 +1,10 @@
+apiVersion: v2
+appVersion: "1.0"
+description: Helm chart for Eclipse Mosquitto MQTT Broker
+name: mosquitto
+version: 0.0.1
+maintainers:
+  - name: ZopDev
+    url: zop.dev
+annotations:
+  type: datasource
diff --git a/charts/mosquitto/README.md b/charts/mosquitto/README.md
@@ -0,0 +1,163 @@
+# Mosquitto Helm Chart
+
+The Mosquitto Helm chart enables the deployment of Eclipse Mosquitto, a lightweight MQTT message broker, in a Kubernetes cluster. Mosquitto is designed for IoT messaging and supports MQTT protocol versions 5.0, 3.1.1, and 3.1.
+
+---
+
+## Prerequisites
+
+- Kubernetes 1.19+  
+- Helm 3+  
+
+---
+
+## Add Helm Repository
+
+Add the Helm repository to your local setup:
+
+helm repo add zopdev https://helm.zop.dev
+helm repo update
+
+Refer to the [Helm Repository Documentation](https://helm.sh/docs/helm/helm_repo/) for more information.
+
+---
+
+## Install Helm Chart
+
+To install the Mosquitto Helm chart, use the following command:
+
+helm install [RELEASE_NAME] zopdev/mosquitto
+
+Replace `[RELEASE_NAME]` with your desired release name. For example:
+
+helm install my-mosquitto zopdev/mosquitto
+
+To customize configurations, provide a `values.yaml` file or override values via the command line.
+
+Refer to [Helm Install Documentation](https://helm.sh/docs/helm/helm_install/) for more details.
+
+---
+
+## Uninstall Helm Chart
+
+To uninstall the Mosquitto Helm chart and remove all associated Kubernetes resources, use the command:
+
+helm uninstall [RELEASE_NAME]
+
+For example:
+
+helm uninstall my-mosquitto
+
+See [Helm Uninstall Documentation](https://helm.sh/docs/helm/helm_uninstall/) for additional details.
+
+---
+
+## Configuration
+
+Below is a summary of configurable parameters for the Mosquitto Helm chart:
+
+| **Input**               | **Type**  | **Description**                                                    | **Default**                       |
+|--------------------------|-----------|--------------------------------------------------------------------|-----------------------------------|
+| `replicaCount`           | `integer` | Number of replicas for the Mosquitto deployment.                  | `1`                               |
+| `image.repository`       | `string`  | Docker image repository for the Mosquitto container.              | `eclipse-mosquitto`               |
+| `image.tag`              | `string`  | Docker image tag for the Mosquitto container.                     | `2.0.18`                          |
+| `image.pullPolicy`       | `string`  | Image pull policy for the Mosquitto container.                    | `IfNotPresent`                    |
+| `resources.requests.cpu` | `string`  | Minimum CPU resources required by the Mosquitto container.        | `"250m"`                          |
+| `resources.requests.memory` | `string` | Minimum memory resources required by the Mosquitto container.     | `"500Mi"`                         |
+| `resources.limits.cpu`   | `string`  | Maximum CPU resources the Mosquitto container can use.            | `"500m"`                          |
+| `resources.limits.memory`| `string`  | Maximum memory resources the Mosquitto container can use.         | `"1000Mi"`                        |
+| `diskSize`               | `string`  | Size of the persistent volume for Mosquitto data storage.         | `"10Gi"`                          |
+| `service.port`           | `integer` | Port on which Mosquitto listens for MQTT connections.             | `1883`                            |
+| `service.tlsPort`        | `integer` | Port on which Mosquitto listens for MQTT over TLS connections.    | `8883`                            |
+
+You can override these values in a `values.yaml` file or via the command line during installation.
+
+---
+
+### Example `values.yaml` File
+
+diskSize : "10Gi"
+
+resources:
+  limits:
+    cpu: 100m
+    memory: 128Mi
+  requests:
+    cpu: 50m
+    memory: 64Mi
+
+version: "1.0"
+
+Apply the configuration file during installation:
+
+helm install my-mosquitto zopdev/mosquitto -f values.yaml
+
+---
+
+## Features
+
+- **Lightweight MQTT Broker:** Supports MQTT protocol versions 5.0, 3.1.1, and 3.1 for IoT messaging.
+- **Authentication & Authorization:** Optional user authentication via Kubernetes Secrets.
+- **TLS Support:** Secure MQTT connections using TLS encryption.
+- **Persistent Storage:** Ensure data persistence using configurable persistent volumes.
+- **Custom Configuration:** Deploy custom `mosquitto.conf` via ConfigMap.
+- **Health Probes:** Built-in liveness and readiness probes for reliability.
+
+---
+
+## Advanced Usage
+
+### Persistent Volume Configuration
+
+Customize the persistent volume size and storage class for Mosquitto data:
+
+diskSize: "50Gi"
+persistence:
+storageClass: "high-performance"
+
+### Network Configuration
+
+Specify the MQTT ports and service type:
+
+service:
+type: LoadBalancer
+port: 1883
+tlsPort: 8883
+
+### Authentication Setup
+
+Enable authentication and configure users:
+
+auth:
+enabled: true
+users:
+- username: admin
+- username: client1
+
+---
+
+## Contributing
+
+We welcome contributions to improve this Helm chart. Please refer to the [CONTRIBUTING.md](../../CONTRIBUTING.md) file for contribution guidelines.
+
+---
+
+## Code of Conduct
+
+To maintain a healthy and collaborative community, please adhere to our [Code of Conduct](../../CODE_OF_CONDUCT.md).
+
+---
+
+## License
+
+This project is licensed under the [LICENSE](../../LICENSE). Please review it for terms of use.
+
+---
+
+## Connection Config
+
+- **MQTT_HOST** : Hostname or service name for the Mosquitto MQTT broker.
+- **MQTT_PORT** : Port number to connect to Mosquitto MQTT. Defaults to 1883.
+- **MQTT_TLS_PORT** : Port number for secure MQTT connections. Defaults to 8883.
+
+---
diff --git a/charts/mosquitto/templates/NOTES.txt b/charts/mosquitto/templates/NOTES.txt
@@ -0,0 +1,38 @@
+{{- if contains "LoadBalancer" .Values.service.type }}
+Your Mosquitto broker is exposed via LoadBalancer.
+
+To get the external IP:
+  kubectl get svc {{ include "mosquitto.fullname" . }} -o jsonpath='{.status.loadBalancer.ingress[0].ip}'
+
+Then connect your MQTT client to:
+  mqtt://<EXTERNAL-IP>:1883
+  {{- if .Values.tls.enabled }}
+  mqtts://<EXTERNAL-IP>:8883
+  {{- end }}
+{{- else }}
+Your Mosquitto broker is running inside the cluster.
+
+To access it, use port forwarding:
+  kubectl port-forward svc/{{ include "mosquitto.fullname" . }} 1883:1883
+
+Then connect using:
+  mqtt://localhost:1883
+  {{- if .Values.tls.enabled }}
+  mqtts://localhost:8883
+  {{- end }}
+{{- end }}
+
+{{- if .Values.auth.enabled }}
+Authentication is enabled.
+
+User credentials are stored in a Kubernetes Secret:
+  - Secret Name: {{ include "mosquitto.fullname" . }}-auth
+  - You can extract with:
+      kubectl get secret {{ include "mosquitto.fullname" . }}-auth -o yaml
+
+Example decode command (for first user):
+  USER=$(kubectl get secret {{ include "mosquitto.fullname" . }}-auth -o jsonpath="{.data.username}" | base64 -d)
+  PASS=$(kubectl get secret {{ include "mosquitto.fullname" . }}-auth -o jsonpath="{.data.password}" | base64 -d)
+  echo "Username: $USER"
+  echo "Password: $PASS"
+{{- end }}
diff --git a/charts/mosquitto/templates/_helpers.tpl b/charts/mosquitto/templates/_helpers.tpl
@@ -0,0 +1,7 @@
+{{- define "mosquitto.name" -}}
+mosquitto
+{{- end -}}
+
+{{- define "mosquitto.fullname" -}}
+{{ include "mosquitto.name" . }}-{{ .Release.Name }}
+{{- end -}}
diff --git a/charts/mosquitto/templates/auth-secret.yaml b/charts/mosquitto/templates/auth-secret.yaml
@@ -0,0 +1,20 @@
+{{- $existingSecret := lookup "v1" "Secret" .Release.Namespace (printf "%s-auth" (include "mosquitto.fullname" .)) -}}
+apiVersion: v1
+kind: Secret
+metadata:
+  name: {{ include "mosquitto.fullname" . }}-auth
+  labels:
+    app.kubernetes.io/name: {{ include "mosquitto.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+  annotations:
+    helm.sh/resource-policy: keep
+type: Opaque
+stringData:
+  passwd: |
+    {{- if $existingSecret }}
+    {{ index $existingSecret.data "passwd" | b64dec }}
+    {{- else }}
+    {{- range .Values.auth.users }}
+    {{ .username }}:{{ randAlphaNum 32 }}
+    {{- end }}
+    {{- end }}
diff --git a/charts/mosquitto/templates/configmap.yaml b/charts/mosquitto/templates/configmap.yaml
@@ -0,0 +1,19 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: {{ include "mosquitto.fullname" . }}
+  labels:
+    app.kubernetes.io/name: {{ include "mosquitto.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+data:
+  mosquitto.conf: |
+    persistence {{ .Values.persistence.enabled }}
+    allow_anonymous false
+    password_file /mosquitto/passwords/passwd
+    listener 1883
+    {{- if .Values.tls.enabled }}
+    listener 8883
+    cafile /mosquitto/certs/ca.crt
+    certfile /mosquitto/certs/tls.crt
+    keyfile /mosquitto/certs/tls.key
+    {{- end }}
diff --git a/charts/mosquitto/templates/connection-configmap.yaml b/charts/mosquitto/templates/connection-configmap.yaml
@@ -0,0 +1,17 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: {{ include "mosquitto.fullname" . }}-connection
+  labels:
+    app.kubernetes.io/name: {{ include "mosquitto.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+data:
+  MQTT_HOST: "{{ include "mosquitto.fullname" . }}"
+  MQTT_PORT: "{{ .Values.service.port }}"
+  {{- if .Values.tls.enabled }}
+  MQTT_TLS_PORT: "{{ .Values.service.tlsPort }}"
+  MQTT_TLS_ENABLED: "true"
+  {{- else }}
+  MQTT_TLS_ENABLED: "false"
+  {{- end }}
+  MQTT_SERVICE_TYPE: "{{ .Values.service.type }}"
diff --git a/charts/mosquitto/templates/connection-secret.yaml b/charts/mosquitto/templates/connection-secret.yaml
@@ -0,0 +1,15 @@
+apiVersion: v1
+kind: Secret
+metadata:
+  name: {{ include "mosquitto.fullname" . }}-connection
+  labels:
+    app.kubernetes.io/name: {{ include "mosquitto.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+type: Opaque
+stringData:
+  {{- range $index, $user := .Values.auth.users }}
+  MQTT_USERNAME_{{ $index }}: "{{ $user.username }}"
+  MQTT_PASSWORD_{{ $index }}: "{{ $user.password }}"
+  {{- end }}
+  MQTT_USERNAME: "{{ (index .Values.auth.users 0).username }}"
+  MQTT_PASSWORD: "{{ (index .Values.auth.users 0).password }}"
diff --git a/charts/mosquitto/templates/deployment.yaml b/charts/mosquitto/templates/deployment.yaml
@@ -0,0 +1,83 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: {{ include "mosquitto.fullname" . }}
+  labels:
+    app.kubernetes.io/name: {{ include "mosquitto.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ include "mosquitto.name" . }}
+      app.kubernetes.io/instance: {{ .Release.Name }}
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/name: {{ include "mosquitto.name" . }}
+        app.kubernetes.io/instance: {{ .Release.Name }}
+    spec:
+      containers:
+        - name: mosquitto
+          image: "eclipse-mosquitto:{{ .Values.version }}"
+          imagePullPolicy: Always
+          ports:
+           - containerPort: 1883
+             name: mqtt
+           {{- if .Values.tls.enabled }}
+           - containerPort: 8883
+             name: mqtts
+           {{- end }}
+
+          volumeMounts:
+            - name: config-volume
+              mountPath: /mosquitto/config/mosquitto.conf
+              subPath: mosquitto.conf
+            {{- if .Values.persistence.enabled }}
+            - name: data
+              mountPath: /mosquitto/data
+            {{- end }}
+            {{- if .Values.auth.enabled }}
+            - name: auth-volume
+              mountPath: /mosquitto/passwords
+              readOnly: true
+            {{- end }}
+            {{- if .Values.tls.enabled }}
+            - name: tls-secret
+              mountPath: /mosquitto/certs
+              readOnly: true
+            {{- end }}
+          resources:
+            {{- toYaml .Values.resources | nindent 12 }}
+          livenessProbe:
+            tcpSocket:
+              port: 1883
+            initialDelaySeconds: 10
+            periodSeconds: 15
+          readinessProbe:
+            tcpSocket:
+              port: 1883
+            initialDelaySeconds: 5
+            periodSeconds: 10
+      volumes:
+        - name: config-volume
+          configMap:
+            name: {{ include "mosquitto.fullname" . }}
+        {{- if .Values.persistence.enabled }}
+        - name: data
+          persistentVolumeClaim:
+            claimName: {{ include "mosquitto.fullname" . }}-pvc
+        {{- end }}
+        {{- if .Values.auth.enabled }}
+        - name: auth-volume
+          secret:
+            secretName: {{ include "mosquitto.fullname" . }}-auth
+            items:
+              - key: passwd
+                path: passwd
+        {{- end }}
+        {{- if .Values.tls.enabled }}
+        - name: tls-secret
+          secret:
+            secretName: {{ .Values.tls.certSecret }}
+        {{- end }}
diff --git a/charts/mosquitto/templates/pvc.yaml b/charts/mosquitto/templates/pvc.yaml
@@ -0,0 +1,16 @@
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: {{ include "mosquitto.fullname" . }}-pvc
+  labels:
+    app.kubernetes.io/name: {{ include "mosquitto.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+spec:
+  accessModes:
+    - ReadWriteOnce
+  resources:
+    requests:
+      storage: {{ .Values.persistence.size }}
+  {{- if .Values.persistence.storageClass }}
+  storageClassName: {{ .Values.persistence.storageClass }}
+  {{- end }}