-
Notifications
You must be signed in to change notification settings - Fork 0
/
helmrelease.yaml
147 lines (138 loc) · 3.98 KB
/
helmrelease.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
# yaml-language-server: $schema=https://raw.githubusercontent.com/bjw-s/helm-charts/app-template-3.6.0/charts/other/app-template/schemas/helmrelease-helm-v2.schema.json
apiVersion: helm.toolkit.fluxcd.io/v2
kind: HelmRelease
metadata:
name: mosquitto
namespace: mosquitto
spec:
chart:
spec:
chart: app-template
version: 3.6.0
reconcileStrategy: ChartVersion
sourceRef:
kind: HelmRepository
namespace: flux-system
name: bjw-s
interval: 1h
driftDetection:
mode: enabled
values:
controllers:
mosquitto:
annotations:
secret.reloader.stakater.com/reload: mosquitto-auth
initContainers:
split-ca-crt:
image:
repository: alpine
tag: 3.21.0@sha256:21dc6063fd678b478f57c0e13f47560d0ea4eeba26dfc947b2a4f81f686b9f45
pullPolicy: IfNotPresent
command:
- sh
- -c
- |
set -eux
apk add --no-cache coreutils
csplit -f /tls/ca/tls- -b "%1d.crt" -s -z /tls/tls.crt '/-----BEGIN CERTIFICATE-----/' '{1}'
containers:
app:
image:
repository: eclipse-mosquitto
tag: 2.0.20@sha256:8b396cec28cd5e8e1a3aba1d9abdbddd42c454c80f703e77c1bec56e152fa54e
pullPolicy: IfNotPresent
command: [mosquitto, -c, /mosquitto/config/mosquitto.conf]
env:
TZ: America/Chicago
probes:
liveness: &probe
enabled: true
port: 1883
readiness: *probe
startup:
<<: *probe
spec:
failureThreshold: 30
periodSeconds: 5
securityContext:
readOnlyRootFilesystem: true
pod:
labels:
policy.gabe565.com/egress-world: "true"
policy.gabe565.com/ingress-ingress: "true"
policy.gabe565.com/ingress-world: "true"
service:
mosquitto:
controller: mosquitto
type: LoadBalancer
loadBalancerIP: 192.168.1.226
externalTrafficPolicy: Local
annotations:
external-dns.alpha.kubernetes.io/hostname: ${app_url}
ports:
mqtt:
primary: true
port: 1883
mqtts:
port: 8883
persistence:
data:
enabled: true
storageClass: longhorn-ssd
accessMode: ReadWriteOnce
size: 64Mi
advancedMounts:
mosquitto:
app:
- path: /mosquitto/data
config:
enabled: true
type: configMap
name: mosquitto-config
advancedMounts:
mosquitto:
app:
- path: /mosquitto/config/mosquitto.conf
subPath: mosquitto.conf
auth:
enabled: true
type: secret
name: mosquitto-auth
advancedMounts:
mosquitto:
app:
- path: /mosquitto/config/passwd
subPath: passwd
- path: /mosquitto/config/acl
subPath: acl
tls:
enabled: true
type: secret
name: ${certificate_name}
globalMounts:
- path: /tls
ca:
enabled: true
type: emptyDir
globalMounts:
- path: /tls/ca
configMaps:
config:
enabled: true
data:
mosquitto.conf: |
per_listener_settings false
listener 1883
listener 8883
allow_anonymous false
persistence true
persistence_location /mosquitto/data
autosave_interval 1800
cafile /tls/ca/tls-1.crt
certfile /tls/ca/tls-0.crt
keyfile /tls/tls.key
log_dest stderr
log_type error
log_type warning
password_file /mosquitto/config/passwd
acl_file /mosquitto/config/acl