From 8411f0f0a21236d1eb5fdd2f54c75977dfd683f9 Mon Sep 17 00:00:00 2001 From: auricom <27022259+auricom@users.noreply.github.com> Date: Sat, 21 Jun 2025 14:51:13 +0200 Subject: [PATCH] feat: mosquitto --- kubernetes/apps/database/kustomization.yaml | 1 + .../database/mosquitto/app/helmrelease.yaml | 102 ++++++++++++++++++ .../database/mosquitto/app/kustomization.yaml | 6 ++ kubernetes/apps/database/mosquitto/ks.yaml | 27 +++++ .../apps/default/atuin/app/helmrelease.yaml | 43 +++++--- .../flux-system/vars/cluster-settings.yaml | 1 + 6 files changed, 164 insertions(+), 16 deletions(-) create mode 100644 kubernetes/apps/database/mosquitto/app/helmrelease.yaml create mode 100644 kubernetes/apps/database/mosquitto/app/kustomization.yaml create mode 100644 kubernetes/apps/database/mosquitto/ks.yaml diff --git a/kubernetes/apps/database/kustomization.yaml b/kubernetes/apps/database/kustomization.yaml index ca6bb0c12..361e73c58 100644 --- a/kubernetes/apps/database/kustomization.yaml +++ b/kubernetes/apps/database/kustomization.yaml @@ -10,3 +10,4 @@ resources: - ./dragonfly/ks.yaml - ./emqx/ks.yaml - ./influx/ks.yaml + - ./mosquitto/ks.yaml diff --git a/kubernetes/apps/database/mosquitto/app/helmrelease.yaml b/kubernetes/apps/database/mosquitto/app/helmrelease.yaml new file mode 100644 index 000000000..65218090d --- /dev/null +++ b/kubernetes/apps/database/mosquitto/app/helmrelease.yaml @@ -0,0 +1,102 @@ +--- +# yaml-language-server: $schema=https://raw.githubusercontent.com/bjw-s-labs/helm-charts/main/charts/other/app-template/schemas/helmrelease-helm-v2.schema.json +apiVersion: helm.toolkit.fluxcd.io/v2 +kind: HelmRelease +metadata: + name: &app mosquitto +spec: + chartRef: + kind: OCIRepository + name: app-template + namespace: flux-system + interval: 30m + values: + configMaps: + config: + data: + mosquitto-0.conf: | + listener 1883 + allow_anonymous true + log_type error + log_type warning + mosquitto-1.conf: | + listener 1883 + allow_anonymous true + log_type error + log_type warning + connection mosquitto-bridge + address mosquitto-0.mosquitto.database.svc.cluster.local:1883 + clientid mosquitto-bridge + topic # both 0 + + controllers: + mosquitto: + type: statefulset + replicas: 2 + pod: + securityContext: + runAsUser: 2000 + runAsGroup: 2000 + runAsNonRoot: true + fsGroup: 2000 + containers: + app: + image: + repository: public.ecr.aws/docker/library/eclipse-mosquitto + tag: 2.0.21 + command: + - sh + - -c + args: + - exec mosquitto -c "/config/$(hostname).conf" + probes: + liveness: + enabled: true + custom: true + spec: + exec: + command: + - /bin/sh + - -c + - >- + /usr/bin/mosquitto_pub -h localhost -p 1883 -t mosquitto/healthcheck/$(hostname)/liveness -m "ok $(date)" -r -q 0 + readiness: + enabled: true + resources: + limits: + memory: 256Mi + requests: + cpu: 2m + memory: 16Mi + securityContext: + allowPrivilegeEscalation: false + readOnlyRootFilesystem: true + capabilities: + drop: + - ALL + + persistence: + config: + type: configMap + identifier: config + globalMounts: + - path: /config + + service: + app: + controller: *app + type: LoadBalancer + loadBalancerIP: 192.168.169.123 + externalTrafficPolicy: Local + ports: + mqtt: + port: 1883 + mosquitto: + controller: *app + type: LoadBalancer + externalTrafficPolicy: Local + annotations: + external-dns.alpha.kubernetes.io/hostname: "mqtt.${SECRET_PUBLIC_DOMAIN}." + ports: + mqtt: + port: 1883 diff --git a/kubernetes/apps/database/mosquitto/app/kustomization.yaml b/kubernetes/apps/database/mosquitto/app/kustomization.yaml new file mode 100644 index 000000000..17cbc72b2 --- /dev/null +++ b/kubernetes/apps/database/mosquitto/app/kustomization.yaml @@ -0,0 +1,6 @@ +--- +# yaml-language-server: $schema=https://json.schemastore.org/kustomization +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: + - ./helmrelease.yaml diff --git a/kubernetes/apps/database/mosquitto/ks.yaml b/kubernetes/apps/database/mosquitto/ks.yaml new file mode 100644 index 000000000..81d08ee7f --- /dev/null +++ b/kubernetes/apps/database/mosquitto/ks.yaml @@ -0,0 +1,27 @@ +--- +# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json +apiVersion: kustomize.toolkit.fluxcd.io/v1 +kind: Kustomization +metadata: + name: &app mosquitto + namespace: &namespace database +spec: + commonMetadata: + labels: + app.kubernetes.io/name: *app + components: + - ../../../../components/gatus/guarded + interval: 1h + path: ./kubernetes/apps/database/mosquitto/app + postBuild: + substitute: + APP: *app + prune: true + retryInterval: 2m + sourceRef: + kind: GitRepository + name: home-ops-kubernetes + namespace: flux-system + targetNamespace: *namespace + timeout: 5m + wait: false diff --git a/kubernetes/apps/default/atuin/app/helmrelease.yaml b/kubernetes/apps/default/atuin/app/helmrelease.yaml index 30dca77b7..b7ad0de66 100644 --- a/kubernetes/apps/default/atuin/app/helmrelease.yaml +++ b/kubernetes/apps/default/atuin/app/helmrelease.yaml @@ -69,22 +69,33 @@ spec: ports: http: port: *port - ingress: - app: - enabled: true - className: internal - annotations: - hajimari.io/icon: mdi:powershell - hosts: - - host: &host "sh.${SECRET_EXTERNAL_DOMAIN}" - paths: - - path: / - service: - identifier: app - port: http - tls: - - hosts: - - *host + route: + main: + hostnames: ["sh.${SECRET_EXTERNAL_DOMAIN}"] + parentRefs: + - name: internal + namespace: network + port: 443 + rules: + - backendRefs: + - name: qbittorrent + port: *port + # ingress: + # app: + # enabled: true + # className: internal + # annotations: + # hajimari.io/icon: mdi:powershell + # hosts: + # - host: &host "sh.${SECRET_EXTERNAL_DOMAIN}" + # paths: + # - path: / + # service: + # identifier: app + # port: http + # tls: + # - hosts: + # - *host persistence: config: existingClaim: atuin diff --git a/kubernetes/apps/flux-system/vars/cluster-settings.yaml b/kubernetes/apps/flux-system/vars/cluster-settings.yaml index 7d85aec0b..134a49e5b 100644 --- a/kubernetes/apps/flux-system/vars/cluster-settings.yaml +++ b/kubernetes/apps/flux-system/vars/cluster-settings.yaml @@ -29,6 +29,7 @@ data: CLUSTER_LB_NGINX_EXTERNAL: 192.168.169.120 CLUSTER_LB_ENVOY_INTERNAL: 192.168.169.121 CLUSTER_LB_ENVOY_EXTERNAL: 192.168.169.122 + CLUSTER_LB_MOQUITTO: 192.168.169.123 LOCAL_LAN: 192.168.8.0/22 LOCAL_LAN_OPNSENSE: 192.168.8.1 LOCAL_LAN_TRUENAS: 192.168.9.10