auricom-home-cluster/kubernetes/apps/database/mosquitto/app/helmrelease.yaml

---
# yaml-language-server: $schema=https://raw.githubusercontent.com/bjw-s-labs/helm-charts/main/charts/other/app-template/schemas/helmrelease-helm-v2.schema.json
apiVersion: helm.toolkit.fluxcd.io/v2
kind: HelmRelease
metadata:
  name: &app mosquitto
spec:
  chartRef:
    kind: OCIRepository
    name: app-template
  interval: 30m
  values:
    configMaps:
      config:
        data:
          mosquitto-0.conf: |
            listener 1883
            allow_anonymous true
            log_type error
            log_type warning
          mosquitto-1.conf: |
            listener 1883
            allow_anonymous true
            log_type error
            log_type warning
            connection mosquitto-bridge
            address mosquitto-0.mosquitto.database.svc.cluster.local:1883
            clientid mosquitto-bridge
            topic # both 0

    controllers:
      mosquitto:
        type: statefulset
        replicas: 2
        pod:
          securityContext:
            runAsUser: 2000
            runAsGroup: 2000
            runAsNonRoot: true
            fsGroup: 2000
        containers:
          app:
            image:
              repository: public.ecr.aws/docker/library/eclipse-mosquitto
              tag: 2.0.22
            command:
              - sh
              - -c
            args:
              - exec mosquitto -c "/config/$(hostname).conf"
            probes:
              liveness:
                enabled: true
                custom: true
                spec:
                  exec:
                    command:
                      - /bin/sh
                      - -c
                      - >-
                        /usr/bin/mosquitto_pub -h localhost -p 1883 -t mosquitto/healthcheck/$(hostname)/liveness -m "ok $(date)" -r -q 0
              readiness:
                enabled: true
            resources:
              limits:
                memory: 256Mi
              requests:
                cpu: 2m
                memory: 16Mi
            securityContext:
              allowPrivilegeEscalation: false
              readOnlyRootFilesystem: true
              capabilities:
                drop:
                  - ALL

    persistence:
      config:
        type: configMap
        identifier: config
        globalMounts:
          - path: /config

    service:
      app:
        controller: *app
        type: LoadBalancer
        loadBalancerIP: 192.168.169.123
        externalTrafficPolicy: Local
        ports:
          mqtt:
            port: 1883
      mosquitto:
        controller: *app
        type: LoadBalancer
        externalTrafficPolicy: Local
        ports:
          mqtt:
            port: 1883