feat: mosquitto

kubernetes/apps/database/kustomization.yaml

@@ -10,3 +10,4 @@ resources:
   - ./dragonfly/ks.yaml
   - ./emqx/ks.yaml
   - ./influx/ks.yaml
+  - ./mosquitto/ks.yaml

kubernetes/apps/database/mosquitto/app/helmrelease.yaml

@@ -0,0 +1,102 @@
+---
+# yaml-language-server: $schema=https://raw.githubusercontent.com/bjw-s-labs/helm-charts/main/charts/other/app-template/schemas/helmrelease-helm-v2.schema.json
+apiVersion: helm.toolkit.fluxcd.io/v2
+kind: HelmRelease
+metadata:
+  name: &app mosquitto
+spec:
+  chartRef:
+    kind: OCIRepository
+    name: app-template
+    namespace: flux-system
+  interval: 30m
+  values:
+    configMaps:
+      config:
+        data:
+          mosquitto-0.conf: |
+            listener 1883
+            allow_anonymous true
+            log_type error
+            log_type warning
+          mosquitto-1.conf: |
+            listener 1883
+            allow_anonymous true
+            log_type error
+            log_type warning
+            connection mosquitto-bridge
+            address mosquitto-0.mosquitto.database.svc.cluster.local:1883
+            clientid mosquitto-bridge
+            topic # both 0
+
+    controllers:
+      mosquitto:
+        type: statefulset
+        replicas: 2
+        pod:
+          securityContext:
+            runAsUser: 2000
+            runAsGroup: 2000
+            runAsNonRoot: true
+            fsGroup: 2000
+        containers:
+          app:
+            image:
+              repository: public.ecr.aws/docker/library/eclipse-mosquitto
+              tag: 2.0.21
+            command:
+              - sh
+              - -c
+            args:
+              - exec mosquitto -c "/config/$(hostname).conf"
+            probes:
+              liveness:
+                enabled: true
+                custom: true
+                spec:
+                  exec:
+                    command:
+                      - /bin/sh
+                      - -c
+                      - >-
+                        /usr/bin/mosquitto_pub -h localhost -p 1883 -t mosquitto/healthcheck/$(hostname)/liveness -m "ok $(date)" -r -q 0
+              readiness:
+                enabled: true
+            resources:
+              limits:
+                memory: 256Mi
+              requests:
+                cpu: 2m
+                memory: 16Mi
+            securityContext:
+              allowPrivilegeEscalation: false
+              readOnlyRootFilesystem: true
+              capabilities:
+                drop:
+                  - ALL
+
+    persistence:
+      config:
+        type: configMap
+        identifier: config
+        globalMounts:
+          - path: /config
+
+    service:
+      app:
+        controller: *app
+        type: LoadBalancer
+        loadBalancerIP: 192.168.169.123
+        externalTrafficPolicy: Local
+        ports:
+          mqtt:
+            port: 1883
+      mosquitto:
+        controller: *app
+        type: LoadBalancer
+        externalTrafficPolicy: Local
+        annotations:
+          external-dns.alpha.kubernetes.io/hostname: "mqtt.${SECRET_PUBLIC_DOMAIN}."
+        ports:
+          mqtt:
+            port: 1883

kubernetes/apps/database/mosquitto/app/kustomization.yaml

@@ -0,0 +1,6 @@
+---
+# yaml-language-server: $schema=https://json.schemastore.org/kustomization
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+resources:
+  - ./helmrelease.yaml

kubernetes/apps/database/mosquitto/ks.yaml

@@ -0,0 +1,27 @@
+---
+# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json
+apiVersion: kustomize.toolkit.fluxcd.io/v1
+kind: Kustomization
+metadata:
+  name: &app mosquitto
+  namespace: &namespace database
+spec:
+  commonMetadata:
+    labels:
+      app.kubernetes.io/name: *app
+  components:
+    - ../../../../components/gatus/guarded
+  interval: 1h
+  path: ./kubernetes/apps/database/mosquitto/app
+  postBuild:
+    substitute:
+      APP: *app
+  prune: true
+  retryInterval: 2m
+  sourceRef:
+    kind: GitRepository
+    name: home-ops-kubernetes
+    namespace: flux-system
+  targetNamespace: *namespace
+  timeout: 5m
+  wait: false

kubernetes/apps/default/atuin/app/helmrelease.yaml

@@ -69,22 +69,33 @@ spec:
         ports:
           http:
             port: *port
-    ingress:
-      app:
-        enabled: true
-        className: internal
-        annotations:
-          hajimari.io/icon: mdi:powershell
-        hosts:
-          - host: &host "sh.${SECRET_EXTERNAL_DOMAIN}"
-            paths:
-              - path: /
-                service:
-                  identifier: app
-                  port: http
-        tls:
-          - hosts:
-              - *host
+    route:
+      main:
+        hostnames: ["sh.${SECRET_EXTERNAL_DOMAIN}"]
+        parentRefs:
+          - name: internal
+            namespace: network
+            port: 443
+        rules:
+          - backendRefs:
+              - name: qbittorrent
+                port: *port
+    # ingress:
+    #   app:
+    #     enabled: true
+    #     className: internal
+    #     annotations:
+    #       hajimari.io/icon: mdi:powershell
+    #     hosts:
+    #       - host: &host "sh.${SECRET_EXTERNAL_DOMAIN}"
+    #         paths:
+    #           - path: /
+    #             service:
+    #               identifier: app
+    #               port: http
+    #     tls:
+    #       - hosts:
+    #           - *host
     persistence:
       config:
         existingClaim: atuin

kubernetes/apps/flux-system/vars/cluster-settings.yaml

@@ -29,6 +29,7 @@ data:
   CLUSTER_LB_NGINX_EXTERNAL: 192.168.169.120
   CLUSTER_LB_ENVOY_INTERNAL: 192.168.169.121
   CLUSTER_LB_ENVOY_EXTERNAL: 192.168.169.122
+  CLUSTER_LB_MOQUITTO: 192.168.169.123
   LOCAL_LAN: 192.168.8.0/22
   LOCAL_LAN_OPNSENSE: 192.168.8.1
   LOCAL_LAN_TRUENAS: 192.168.9.10