From a7e3eac1c9396926f2895a4ceb6734bee4287efd Mon Sep 17 00:00:00 2001 From: Ashish Kumar Dash Date: Thu, 31 Jul 2025 19:14:27 +0530 Subject: [PATCH 01/11] feat/mosquitto --- .github/workflows/test-chart.yaml | 30 ++++++++ charts/mosquitto/Chart.yaml | 10 +++ charts/mosquitto/README.md | 21 ++++++ charts/mosquitto/templates/NOTES.txt | 32 +++++++++ charts/mosquitto/templates/_helpers.tpl | 7 ++ charts/mosquitto/templates/auth-secret.yaml | 15 ++++ charts/mosquitto/templates/configmap.yaml | 26 +++++++ charts/mosquitto/templates/deployment.yaml | 80 +++++++++++++++++++++ charts/mosquitto/templates/pvc.yaml | 18 +++++ charts/mosquitto/templates/service.yaml | 21 ++++++ charts/mosquitto/test-values.yaml | 16 +++++ charts/mosquitto/values.schema.json | 36 ++++++++++ charts/mosquitto/values.yaml | 59 +++++++++++++++ 13 files changed, 371 insertions(+) create mode 100644 .github/workflows/test-chart.yaml create mode 100644 charts/mosquitto/Chart.yaml create mode 100644 charts/mosquitto/README.md create mode 100644 charts/mosquitto/templates/NOTES.txt create mode 100644 charts/mosquitto/templates/_helpers.tpl create mode 100644 charts/mosquitto/templates/auth-secret.yaml create mode 100644 charts/mosquitto/templates/configmap.yaml create mode 100644 charts/mosquitto/templates/deployment.yaml create mode 100644 charts/mosquitto/templates/pvc.yaml create mode 100644 charts/mosquitto/templates/service.yaml create mode 100644 charts/mosquitto/test-values.yaml create mode 100644 charts/mosquitto/values.schema.json create mode 100644 charts/mosquitto/values.yaml diff --git a/.github/workflows/test-chart.yaml b/.github/workflows/test-chart.yaml new file mode 100644 index 00000000..6e720ef9 --- /dev/null +++ b/.github/workflows/test-chart.yaml @@ -0,0 +1,30 @@ +name: Test Helm Chart + +on: + push: + paths: + - "charts/**" + pull_request: + paths: + - "charts/**" + +jobs: + helm-lint-and-template: + runs-on: ubuntu-latest + steps: + - name: Checkout code + uses: actions/checkout@v3 + + - name: Set up Helm + uses: azure/setup-helm@v3 + with: + version: v3.13.3 + + - name: Lint the chart + run: helm lint charts/mosquitto + + - name: Template with default values + run: helm template test charts/mosquitto + + - name: Template with test-values + run: helm template test charts/mosquitto -f charts/mosquitto/test-values.yaml diff --git a/charts/mosquitto/Chart.yaml b/charts/mosquitto/Chart.yaml new file mode 100644 index 00000000..9cbf15d6 --- /dev/null +++ b/charts/mosquitto/Chart.yaml @@ -0,0 +1,10 @@ +apiVersion: v1 +appVersion: "1.0" +description: Helm chart for Eclipse Mosquitto MQTT Broker +name: mosquitto +version: 0.0.1 +maintainers: + - name: ZopDev + url: zop.dev +annotations: + type: datasource diff --git a/charts/mosquitto/README.md b/charts/mosquitto/README.md new file mode 100644 index 00000000..196cef6b --- /dev/null +++ b/charts/mosquitto/README.md @@ -0,0 +1,21 @@ +# Mosquitto Helm Chart + +A fully-templated, production-grade Helm chart for deploying the [Eclipse Mosquitto](https://mosquitto.org/) MQTT broker on Kubernetes. + +--- + +## ✨ Features + +- ✅ Lightweight MQTT 3.1/3.1.1/5.0 support +- 🔐 Optional authentication via Kubernetes Secrets +- 🔒 TLS support using pre-generated secrets +- 💾 Persistent volume support for data durability +- ⚙️ Custom `mosquitto.conf` via ConfigMap +- 📦 Resource limits and health probes + +--- + +## 🚀 Installation + +helm repo add my-repo https://your.repo.url/ +helm install mosquitto my-repo/mosquitto diff --git a/charts/mosquitto/templates/NOTES.txt b/charts/mosquitto/templates/NOTES.txt new file mode 100644 index 00000000..af2d46e0 --- /dev/null +++ b/charts/mosquitto/templates/NOTES.txt @@ -0,0 +1,32 @@ +{{- if contains "LoadBalancer" .Values.service.type }} +Your Mosquitto broker is exposed via LoadBalancer. + +To get the external IP: + kubectl get svc {{ include "mosquitto.fullname" . }} -o jsonpath='{.status.loadBalancer.ingress[0].ip}' + +Then connect your MQTT client to: + mqtt://:1883 + {{- if .Values.tls.enabled }} + mqtts://:8883 + {{- end }} +{{- else }} +Your Mosquitto broker is running inside the cluster. + +To access it, use port forwarding: + kubectl port-forward svc/{{ include "mosquitto.fullname" . }} 1883:1883 + +Then connect using: + mqtt://localhost:1883 + {{- if .Values.tls.enabled }} + mqtts://localhost:8883 + {{- end }} +{{- end }} + +{{- if .Values.auth.enabled }} +Authentication is enabled. + +Default username/password: + - Defined in Kubernetes secret: {{ include "mosquitto.fullname" . }}-auth + - You can extract with: + kubectl get secret {{ include "mosquitto.fullname" . }}-auth -o yaml +{{- end }} diff --git a/charts/mosquitto/templates/_helpers.tpl b/charts/mosquitto/templates/_helpers.tpl new file mode 100644 index 00000000..f60bc29c --- /dev/null +++ b/charts/mosquitto/templates/_helpers.tpl @@ -0,0 +1,7 @@ +{{- define "mosquitto.name" -}} +mosquitto +{{- end -}} + +{{- define "mosquitto.fullname" -}} +{{ include "mosquitto.name" . }}-{{ .Release.Name }} +{{- end -}} diff --git a/charts/mosquitto/templates/auth-secret.yaml b/charts/mosquitto/templates/auth-secret.yaml new file mode 100644 index 00000000..26ae514f --- /dev/null +++ b/charts/mosquitto/templates/auth-secret.yaml @@ -0,0 +1,15 @@ +{{- if .Values.auth.enabled }} +apiVersion: v1 +kind: Secret +metadata: + name: {{ include "mosquitto.fullname" . }}-auth + labels: + app.kubernetes.io/name: {{ include "mosquitto.name" . }} + app.kubernetes.io/instance: {{ .Release.Name }} +type: Opaque +stringData: + passwd: | + {{- range .Values.auth.users }} + {{ .username }}:{{ .password }} + {{- end }} +{{- end }} diff --git a/charts/mosquitto/templates/configmap.yaml b/charts/mosquitto/templates/configmap.yaml new file mode 100644 index 00000000..6d9ad2ba --- /dev/null +++ b/charts/mosquitto/templates/configmap.yaml @@ -0,0 +1,26 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: { { include "mosquitto.fullname" . } } + labels: + app.kubernetes.io/name: { { include "mosquitto.name" . } } + app.kubernetes.io/instance: { { .Release.Name } } +data: + mosquitto.conf: | + listener 1883 + allow_anonymous {{ not .Values.auth.enabled | ternary "true" "false" }} + + persistence {{ .Values.persistence.enabled | quote }} + persistence_location /mosquitto/data/ + log_dest stdout + + {{- if .Values.auth.enabled }} + password_file /mosquitto/passwords/passwd + {{- end }} + + {{- if .Values.tls.enabled }} + listener 8883 + cafile /mosquitto/certs/ca.crt + certfile /mosquitto/certs/tls.crt + keyfile /mosquitto/certs/tls.key + {{- end }} diff --git a/charts/mosquitto/templates/deployment.yaml b/charts/mosquitto/templates/deployment.yaml new file mode 100644 index 00000000..0608b6ba --- /dev/null +++ b/charts/mosquitto/templates/deployment.yaml @@ -0,0 +1,80 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ include "mosquitto.fullname" . }} + labels: + app.kubernetes.io/name: {{ include "mosquitto.name" . }} + app.kubernetes.io/instance: {{ .Release.Name }} +spec: + replicas: 1 + selector: + matchLabels: + app.kubernetes.io/name: {{ include "mosquitto.name" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + template: + metadata: + labels: + app.kubernetes.io/name: {{ include "mosquitto.name" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + spec: + containers: + - name: mosquitto + image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}" + imagePullPolicy: {{ .Values.image.pullPolicy }} + ports: + - containerPort: 1883 + name: mqtt + {{- if .Values.tls.enabled }} + - containerPort: 8883 + name: mqtts + {{- end }} + + volumeMounts: + - name: config-volume + mountPath: /mosquitto/config/mosquitto.conf + subPath: mosquitto.conf + {{- if .Values.persistence.enabled }} + - name: data + mountPath: /mosquitto/data + {{- end }} + {{- if .Values.auth.enabled }} + - name: auth-secret + mountPath: /mosquitto/passwords + readOnly: true + {{- end }} + {{- if .Values.tls.enabled }} + - name: tls-secret + mountPath: /mosquitto/certs + readOnly: true + {{- end }} + resources: + {{- toYaml .Values.resources | nindent 12 }} + livenessProbe: + tcpSocket: + port: 1883 + initialDelaySeconds: 10 + periodSeconds: 15 + readinessProbe: + tcpSocket: + port: 1883 + initialDelaySeconds: 5 + periodSeconds: 10 + volumes: + - name: config-volume + configMap: + name: {{ include "mosquitto.fullname" . }} + {{- if .Values.persistence.enabled }} + - name: data + persistentVolumeClaim: + claimName: {{ include "mosquitto.fullname" . }}-pvc + {{- end }} + {{- if .Values.auth.enabled }} + - name: auth-secret + secret: + secretName: {{ include "mosquitto.fullname" . }}-auth + {{- end }} + {{- if .Values.tls.enabled }} + - name: tls-secret + secret: + secretName: {{ .Values.tls.certSecret }} + {{- end }} diff --git a/charts/mosquitto/templates/pvc.yaml b/charts/mosquitto/templates/pvc.yaml new file mode 100644 index 00000000..b697379b --- /dev/null +++ b/charts/mosquitto/templates/pvc.yaml @@ -0,0 +1,18 @@ +{{- if .Values.persistence.enabled }} +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: {{ include "mosquitto.fullname" . }}-pvc + labels: + app.kubernetes.io/name: {{ include "mosquitto.name" . }} + app.kubernetes.io/instance: {{ .Release.Name }} +spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: {{ .Values.persistence.size }} + {{- if .Values.persistence.storageClass }} + storageClassName: {{ .Values.persistence.storageClass }} + {{- end }} +{{- end }} diff --git a/charts/mosquitto/templates/service.yaml b/charts/mosquitto/templates/service.yaml new file mode 100644 index 00000000..1e51431b --- /dev/null +++ b/charts/mosquitto/templates/service.yaml @@ -0,0 +1,21 @@ +apiVersion: v1 +kind: Service +metadata: + name: {{ include "mosquitto.fullname" . }} + labels: + app.kubernetes.io/name: {{ include "mosquitto.name" . }} + app.kubernetes.io/instance: {{ .Release.Name }} +spec: + type: {{ .Values.service.type }} + ports: + - name: mqtt + port: 1883 + targetPort: mqtt + {{- if .Values.tls.enabled }} + - name: mqtts + port: 8883 + targetPort: mqtts + {{- end }} + selector: + app.kubernetes.io/name: {{ include "mosquitto.name" . }} + app.kubernetes.io/instance: {{ .Release.Name }} diff --git a/charts/mosquitto/test-values.yaml b/charts/mosquitto/test-values.yaml new file mode 100644 index 00000000..938a8b7a --- /dev/null +++ b/charts/mosquitto/test-values.yaml @@ -0,0 +1,16 @@ +image: + repository: eclipse-mosquitto + tag: 2.0 + pullPolicy: IfNotPresent + +auth: + enabled: true + +tls: + enabled: true + certSecret: mosquitto-tls + +persistence: + enabled: true + +resources: {} diff --git a/charts/mosquitto/values.schema.json b/charts/mosquitto/values.schema.json new file mode 100644 index 00000000..60d9de7e --- /dev/null +++ b/charts/mosquitto/values.schema.json @@ -0,0 +1,36 @@ +{ + "$schema": "http://json-schema.org/schema#", + "type": "object", + "properties": { + "image": { + "type": "object", + "properties": { + "repository": { "type": "string", "mutable": true }, + "tag": { "type": "string", "mutable": true } + } + }, + "auth": { + "type": "object", + "properties": { + "enabled": { "type": "boolean", "mutable": true }, + "users": { + "type": "array", + "items": { + "type": "object", + "properties": { + "username": { "type": "string", "mutable": true }, + "password": { "type": "string", "mutable": true } + } + } + } + } + }, + "tls": { + "type": "object", + "properties": { + "enabled": { "type": "boolean", "mutable": true }, + "certSecret": { "type": "string", "mutable": true } + } + } + } +} diff --git a/charts/mosquitto/values.yaml b/charts/mosquitto/values.yaml new file mode 100644 index 00000000..b5d01c21 --- /dev/null +++ b/charts/mosquitto/values.yaml @@ -0,0 +1,59 @@ +# Mosquitto Image Configuration +image: + repository: eclipse-mosquitto + tag: 2.0.18 + pullPolicy: IfNotPresent + +# Broker Configuration +config: + # Optional custom config file (overrides default if provided) + customConfig: "" + +# Service Configuration +service: + type: ClusterIP # Use LoadBalancer for external access + port: 1883 + tlsPort: 8883 + +# Persistence +persistence: + enabled: true + storageClass: "" + accessMode: ReadWriteOnce + size: 1Gi + +# Authentication +auth: + enabled: false + username: user + password: password123 + +# TLS Configuration +tls: + enabled: false + certSecret: mosquitto-tls-secret # Must contain tls.crt and tls.key + +# Probes +livenessProbe: + enabled: true + initialDelaySeconds: 10 + periodSeconds: 15 + +readinessProbe: + enabled: true + initialDelaySeconds: 5 + periodSeconds: 10 + +# Resource Limits +resources: + limits: + cpu: 100m + memory: 128Mi + requests: + cpu: 50m + memory: 64Mi + +# Node selectors, tolerations, affinity (optional) +nodeSelector: {} +tolerations: [] +affinity: {} From b97e84537366a1c467c71ceaf6c2a3153a154add Mon Sep 17 00:00:00 2001 From: Ashish Kumar Dash Date: Thu, 31 Jul 2025 19:16:42 +0530 Subject: [PATCH 02/11] update configmap --- charts/mosquitto/templates/configmap.yaml | 13 +++---------- 1 file changed, 3 insertions(+), 10 deletions(-) diff --git a/charts/mosquitto/templates/configmap.yaml b/charts/mosquitto/templates/configmap.yaml index 6d9ad2ba..3cdca401 100644 --- a/charts/mosquitto/templates/configmap.yaml +++ b/charts/mosquitto/templates/configmap.yaml @@ -7,17 +7,10 @@ metadata: app.kubernetes.io/instance: { { .Release.Name } } data: mosquitto.conf: | - listener 1883 - allow_anonymous {{ not .Values.auth.enabled | ternary "true" "false" }} - - persistence {{ .Values.persistence.enabled | quote }} - persistence_location /mosquitto/data/ - log_dest stdout - - {{- if .Values.auth.enabled }} + persistence {{ .Values.persistence.enabled }} + allow_anonymous false password_file /mosquitto/passwords/passwd - {{- end }} - + listener 1883 {{- if .Values.tls.enabled }} listener 8883 cafile /mosquitto/certs/ca.crt From 4fda06c4b532c5cfa3cee36d3c883e9f3cb7223b Mon Sep 17 00:00:00 2001 From: Ashish Kumar Dash Date: Thu, 31 Jul 2025 19:21:47 +0530 Subject: [PATCH 03/11] update --- charts/mosquitto/templates/configmap.yaml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/charts/mosquitto/templates/configmap.yaml b/charts/mosquitto/templates/configmap.yaml index 3cdca401..1a7d801e 100644 --- a/charts/mosquitto/templates/configmap.yaml +++ b/charts/mosquitto/templates/configmap.yaml @@ -1,10 +1,10 @@ apiVersion: v1 kind: ConfigMap metadata: - name: { { include "mosquitto.fullname" . } } + name: {{ include "mosquitto.fullname" . }} labels: - app.kubernetes.io/name: { { include "mosquitto.name" . } } - app.kubernetes.io/instance: { { .Release.Name } } + app.kubernetes.io/name: {{ include "mosquitto.name" . }} + app.kubernetes.io/instance: {{ .Release.Name }} data: mosquitto.conf: | persistence {{ .Values.persistence.enabled }} From 18265f638e177251f4a37335206dab5b32e96353 Mon Sep 17 00:00:00 2001 From: Ashish Kumar Dash Date: Thu, 31 Jul 2025 19:23:41 +0530 Subject: [PATCH 04/11] update test --- charts/mosquitto/test-values.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/charts/mosquitto/test-values.yaml b/charts/mosquitto/test-values.yaml index 938a8b7a..1134255d 100644 --- a/charts/mosquitto/test-values.yaml +++ b/charts/mosquitto/test-values.yaml @@ -1,6 +1,6 @@ image: repository: eclipse-mosquitto - tag: 2.0 + tag: "2" pullPolicy: IfNotPresent auth: From fca9b00a3cbedfd284a29ebdbdbc226e85c889d7 Mon Sep 17 00:00:00 2001 From: Ashish Kumar Dash Date: Thu, 31 Jul 2025 19:30:39 +0530 Subject: [PATCH 05/11] update formatting --- charts/mosquitto/templates/deployment.yaml | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/charts/mosquitto/templates/deployment.yaml b/charts/mosquitto/templates/deployment.yaml index 0608b6ba..5650445a 100644 --- a/charts/mosquitto/templates/deployment.yaml +++ b/charts/mosquitto/templates/deployment.yaml @@ -22,12 +22,12 @@ spec: image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}" imagePullPolicy: {{ .Values.image.pullPolicy }} ports: - - containerPort: 1883 - name: mqtt - {{- if .Values.tls.enabled }} - - containerPort: 8883 - name: mqtts - {{- end }} + - containerPort: 1883 + name: mqtt + {{- if .Values.tls.enabled }} + - containerPort: 8883 + name: mqtts + {{- end }} volumeMounts: - name: config-volume From bd15f7137a1e5ba43c6237d765a5a5840d8e50ed Mon Sep 17 00:00:00 2001 From: Ashish Kumar Dash Date: Thu, 31 Jul 2025 19:45:06 +0530 Subject: [PATCH 06/11] update readme & deleting test --- .github/workflows/test-chart.yaml | 30 ------------------------------ charts/mosquitto/README.md | 7 +++++++ charts/mosquitto/test-values.yaml | 16 ---------------- 3 files changed, 7 insertions(+), 46 deletions(-) delete mode 100644 .github/workflows/test-chart.yaml delete mode 100644 charts/mosquitto/test-values.yaml diff --git a/.github/workflows/test-chart.yaml b/.github/workflows/test-chart.yaml deleted file mode 100644 index 6e720ef9..00000000 --- a/.github/workflows/test-chart.yaml +++ /dev/null @@ -1,30 +0,0 @@ -name: Test Helm Chart - -on: - push: - paths: - - "charts/**" - pull_request: - paths: - - "charts/**" - -jobs: - helm-lint-and-template: - runs-on: ubuntu-latest - steps: - - name: Checkout code - uses: actions/checkout@v3 - - - name: Set up Helm - uses: azure/setup-helm@v3 - with: - version: v3.13.3 - - - name: Lint the chart - run: helm lint charts/mosquitto - - - name: Template with default values - run: helm template test charts/mosquitto - - - name: Template with test-values - run: helm template test charts/mosquitto -f charts/mosquitto/test-values.yaml diff --git a/charts/mosquitto/README.md b/charts/mosquitto/README.md index 196cef6b..0b1cbf32 100644 --- a/charts/mosquitto/README.md +++ b/charts/mosquitto/README.md @@ -19,3 +19,10 @@ A fully-templated, production-grade Helm chart for deploying the [Eclipse Mosqui helm repo add my-repo https://your.repo.url/ helm install mosquitto my-repo/mosquitto + +### Testing + +This chart is validated using `helm lint` and `helm template` via GitHub Actions. +To run local rendering tests: + +helm template test charts/mosquitto -f charts/mosquitto/test-values.yaml diff --git a/charts/mosquitto/test-values.yaml b/charts/mosquitto/test-values.yaml deleted file mode 100644 index 1134255d..00000000 --- a/charts/mosquitto/test-values.yaml +++ /dev/null @@ -1,16 +0,0 @@ -image: - repository: eclipse-mosquitto - tag: "2" - pullPolicy: IfNotPresent - -auth: - enabled: true - -tls: - enabled: true - certSecret: mosquitto-tls - -persistence: - enabled: true - -resources: {} From cc8aab18cd58aa50fce40e455f5c454179ce043b Mon Sep 17 00:00:00 2001 From: Ashish Kumar Dash Date: Mon, 4 Aug 2025 17:58:25 +0530 Subject: [PATCH 07/11] changed user pwd and changed api v in chart.yaml --- charts/mosquitto/Chart.yaml | 2 +- charts/mosquitto/templates/NOTES.txt | 10 ++++++++-- charts/mosquitto/templates/auth-secret.yaml | 2 +- charts/mosquitto/templates/deployment.yaml | 7 +++++-- charts/mosquitto/values.yaml | 6 +++--- 5 files changed, 18 insertions(+), 9 deletions(-) diff --git a/charts/mosquitto/Chart.yaml b/charts/mosquitto/Chart.yaml index 9cbf15d6..a189c929 100644 --- a/charts/mosquitto/Chart.yaml +++ b/charts/mosquitto/Chart.yaml @@ -1,4 +1,4 @@ -apiVersion: v1 +apiVersion: v2 appVersion: "1.0" description: Helm chart for Eclipse Mosquitto MQTT Broker name: mosquitto diff --git a/charts/mosquitto/templates/NOTES.txt b/charts/mosquitto/templates/NOTES.txt index af2d46e0..1868a6eb 100644 --- a/charts/mosquitto/templates/NOTES.txt +++ b/charts/mosquitto/templates/NOTES.txt @@ -25,8 +25,14 @@ Then connect using: {{- if .Values.auth.enabled }} Authentication is enabled. -Default username/password: - - Defined in Kubernetes secret: {{ include "mosquitto.fullname" . }}-auth +User credentials are stored in a Kubernetes Secret: + - Secret Name: {{ include "mosquitto.fullname" . }}-auth - You can extract with: kubectl get secret {{ include "mosquitto.fullname" . }}-auth -o yaml + +Example decode command (for first user): + USER=$(kubectl get secret {{ include "mosquitto.fullname" . }}-auth -o jsonpath="{.data.username}" | base64 -d) + PASS=$(kubectl get secret {{ include "mosquitto.fullname" . }}-auth -o jsonpath="{.data.password}" | base64 -d) + echo "Username: $USER" + echo "Password: $PASS" {{- end }} diff --git a/charts/mosquitto/templates/auth-secret.yaml b/charts/mosquitto/templates/auth-secret.yaml index 26ae514f..03f61cca 100644 --- a/charts/mosquitto/templates/auth-secret.yaml +++ b/charts/mosquitto/templates/auth-secret.yaml @@ -10,6 +10,6 @@ type: Opaque stringData: passwd: | {{- range .Values.auth.users }} - {{ .username }}:{{ .password }} + {{ .username }}:{{ randAlphaNum 16 }} {{- end }} {{- end }} diff --git a/charts/mosquitto/templates/deployment.yaml b/charts/mosquitto/templates/deployment.yaml index 5650445a..a11caa02 100644 --- a/charts/mosquitto/templates/deployment.yaml +++ b/charts/mosquitto/templates/deployment.yaml @@ -38,7 +38,7 @@ spec: mountPath: /mosquitto/data {{- end }} {{- if .Values.auth.enabled }} - - name: auth-secret + - name: auth-volume mountPath: /mosquitto/passwords readOnly: true {{- end }} @@ -69,9 +69,12 @@ spec: claimName: {{ include "mosquitto.fullname" . }}-pvc {{- end }} {{- if .Values.auth.enabled }} - - name: auth-secret + - name: auth-volume secret: secretName: {{ include "mosquitto.fullname" . }}-auth + items: + - key: passwd + path: passwd {{- end }} {{- if .Values.tls.enabled }} - name: tls-secret diff --git a/charts/mosquitto/values.yaml b/charts/mosquitto/values.yaml index b5d01c21..a6916719 100644 --- a/charts/mosquitto/values.yaml +++ b/charts/mosquitto/values.yaml @@ -24,9 +24,9 @@ persistence: # Authentication auth: - enabled: false - username: user - password: password123 + enabled: true + users: + - username: user # TLS Configuration tls: From ffe0f988a2e0cdbe6f67365770fbb78f6afb4e95 Mon Sep 17 00:00:00 2001 From: Ashish Kumar Dash Date: Tue, 19 Aug 2025 23:50:12 +0530 Subject: [PATCH 08/11] update readne & values.yaml --- charts/mosquitto/README.md | 165 +++++++++++++++++++++++++++++++---- charts/mosquitto/values.yaml | 52 +---------- 2 files changed, 152 insertions(+), 65 deletions(-) diff --git a/charts/mosquitto/README.md b/charts/mosquitto/README.md index 0b1cbf32..ad5a29e0 100644 --- a/charts/mosquitto/README.md +++ b/charts/mosquitto/README.md @@ -1,28 +1,163 @@ # Mosquitto Helm Chart -A fully-templated, production-grade Helm chart for deploying the [Eclipse Mosquitto](https://mosquitto.org/) MQTT broker on Kubernetes. +The Mosquitto Helm chart enables the deployment of Eclipse Mosquitto, a lightweight MQTT message broker, in a Kubernetes cluster. Mosquitto is designed for IoT messaging and supports MQTT protocol versions 5.0, 3.1.1, and 3.1. --- -## ✨ Features +## Prerequisites -- ✅ Lightweight MQTT 3.1/3.1.1/5.0 support -- 🔐 Optional authentication via Kubernetes Secrets -- 🔒 TLS support using pre-generated secrets -- 💾 Persistent volume support for data durability -- ⚙️ Custom `mosquitto.conf` via ConfigMap -- 📦 Resource limits and health probes +- Kubernetes 1.19+ +- Helm 3+ --- -## 🚀 Installation +## Add Helm Repository -helm repo add my-repo https://your.repo.url/ -helm install mosquitto my-repo/mosquitto +Add the Helm repository to your local setup: -### Testing +helm repo add zopdev https://helm.zop.dev +helm repo update -This chart is validated using `helm lint` and `helm template` via GitHub Actions. -To run local rendering tests: +Refer to the [Helm Repository Documentation](https://helm.sh/docs/helm/helm_repo/) for more information. -helm template test charts/mosquitto -f charts/mosquitto/test-values.yaml +--- + +## Install Helm Chart + +To install the Mosquitto Helm chart, use the following command: + +helm install [RELEASE_NAME] zopdev/mosquitto + +Replace `[RELEASE_NAME]` with your desired release name. For example: + +helm install my-mosquitto zopdev/mosquitto + +To customize configurations, provide a `values.yaml` file or override values via the command line. + +Refer to [Helm Install Documentation](https://helm.sh/docs/helm/helm_install/) for more details. + +--- + +## Uninstall Helm Chart + +To uninstall the Mosquitto Helm chart and remove all associated Kubernetes resources, use the command: + +helm uninstall [RELEASE_NAME] + +For example: + +helm uninstall my-mosquitto + +See [Helm Uninstall Documentation](https://helm.sh/docs/helm/helm_uninstall/) for additional details. + +--- + +## Configuration + +Below is a summary of configurable parameters for the Mosquitto Helm chart: + +| **Input** | **Type** | **Description** | **Default** | +|--------------------------|-----------|--------------------------------------------------------------------|-----------------------------------| +| `replicaCount` | `integer` | Number of replicas for the Mosquitto deployment. | `1` | +| `image.repository` | `string` | Docker image repository for the Mosquitto container. | `eclipse-mosquitto` | +| `image.tag` | `string` | Docker image tag for the Mosquitto container. | `2.0.18` | +| `image.pullPolicy` | `string` | Image pull policy for the Mosquitto container. | `IfNotPresent` | +| `resources.requests.cpu` | `string` | Minimum CPU resources required by the Mosquitto container. | `"250m"` | +| `resources.requests.memory` | `string` | Minimum memory resources required by the Mosquitto container. | `"500Mi"` | +| `resources.limits.cpu` | `string` | Maximum CPU resources the Mosquitto container can use. | `"500m"` | +| `resources.limits.memory`| `string` | Maximum memory resources the Mosquitto container can use. | `"1000Mi"` | +| `diskSize` | `string` | Size of the persistent volume for Mosquitto data storage. | `"10Gi"` | +| `service.port` | `integer` | Port on which Mosquitto listens for MQTT connections. | `1883` | +| `service.tlsPort` | `integer` | Port on which Mosquitto listens for MQTT over TLS connections. | `8883` | + +You can override these values in a `values.yaml` file or via the command line during installation. + +--- + +### Example `values.yaml` File + +diskSize : "10Gi" + +resources: + limits: + cpu: 100m + memory: 128Mi + requests: + cpu: 50m + memory: 64Mi + +version: "1.0" + +Apply the configuration file during installation: + +helm install my-mosquitto zopdev/mosquitto -f values.yaml + +--- + +## Features + +- **Lightweight MQTT Broker:** Supports MQTT protocol versions 5.0, 3.1.1, and 3.1 for IoT messaging. +- **Authentication & Authorization:** Optional user authentication via Kubernetes Secrets. +- **TLS Support:** Secure MQTT connections using TLS encryption. +- **Persistent Storage:** Ensure data persistence using configurable persistent volumes. +- **Custom Configuration:** Deploy custom `mosquitto.conf` via ConfigMap. +- **Health Probes:** Built-in liveness and readiness probes for reliability. + +--- + +## Advanced Usage + +### Persistent Volume Configuration + +Customize the persistent volume size and storage class for Mosquitto data: + +diskSize: "50Gi" +persistence: +storageClass: "high-performance" + +### Network Configuration + +Specify the MQTT ports and service type: + +service: +type: LoadBalancer +port: 1883 +tlsPort: 8883 + +### Authentication Setup + +Enable authentication and configure users: + +auth: +enabled: true +users: +- username: admin +- username: client1 + +--- + +## Contributing + +We welcome contributions to improve this Helm chart. Please refer to the [CONTRIBUTING.md](../../CONTRIBUTING.md) file for contribution guidelines. + +--- + +## Code of Conduct + +To maintain a healthy and collaborative community, please adhere to our [Code of Conduct](../../CODE_OF_CONDUCT.md). + +--- + +## License + +This project is licensed under the [LICENSE](../../LICENSE). Please review it for terms of use. + +--- + +## Connection Config + +- **MQTT_HOST** : Hostname or service name for the Mosquitto MQTT broker. +- **MQTT_PORT** : Port number to connect to Mosquitto MQTT. Defaults to 1883. +- **MQTT_TLS_PORT** : Port number for secure MQTT connections. Defaults to 8883. + +--- \ No newline at end of file diff --git a/charts/mosquitto/values.yaml b/charts/mosquitto/values.yaml index a6916719..64133d06 100644 --- a/charts/mosquitto/values.yaml +++ b/charts/mosquitto/values.yaml @@ -1,50 +1,5 @@ -# Mosquitto Image Configuration -image: - repository: eclipse-mosquitto - tag: 2.0.18 - pullPolicy: IfNotPresent +diskSize : "10Gi" -# Broker Configuration -config: - # Optional custom config file (overrides default if provided) - customConfig: "" - -# Service Configuration -service: - type: ClusterIP # Use LoadBalancer for external access - port: 1883 - tlsPort: 8883 - -# Persistence -persistence: - enabled: true - storageClass: "" - accessMode: ReadWriteOnce - size: 1Gi - -# Authentication -auth: - enabled: true - users: - - username: user - -# TLS Configuration -tls: - enabled: false - certSecret: mosquitto-tls-secret # Must contain tls.crt and tls.key - -# Probes -livenessProbe: - enabled: true - initialDelaySeconds: 10 - periodSeconds: 15 - -readinessProbe: - enabled: true - initialDelaySeconds: 5 - periodSeconds: 10 - -# Resource Limits resources: limits: cpu: 100m @@ -53,7 +8,4 @@ resources: cpu: 50m memory: 64Mi -# Node selectors, tolerations, affinity (optional) -nodeSelector: {} -tolerations: [] -affinity: {} +version: "1.0" From 8e829478b478b5f8691fe37a0d2a115336a37272 Mon Sep 17 00:00:00 2001 From: Ashish Kumar Dash Date: Mon, 25 Aug 2025 19:15:56 +0530 Subject: [PATCH 09/11] update values.yaml --- charts/mosquitto/templates/deployment.yaml | 4 ++-- charts/mosquitto/values.yaml | 6 +++--- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/charts/mosquitto/templates/deployment.yaml b/charts/mosquitto/templates/deployment.yaml index a11caa02..bcc6e471 100644 --- a/charts/mosquitto/templates/deployment.yaml +++ b/charts/mosquitto/templates/deployment.yaml @@ -19,8 +19,8 @@ spec: spec: containers: - name: mosquitto - image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}" - imagePullPolicy: {{ .Values.image.pullPolicy }} + image: "eclipse-mosquitto:{{ .Values.version }}" + imagePullPolicy: Always ports: - containerPort: 1883 name: mqtt diff --git a/charts/mosquitto/values.yaml b/charts/mosquitto/values.yaml index 64133d06..0cf57c87 100644 --- a/charts/mosquitto/values.yaml +++ b/charts/mosquitto/values.yaml @@ -1,4 +1,6 @@ -diskSize : "10Gi" +diskSize: "10Gi" + +version: "1.0" resources: limits: @@ -7,5 +9,3 @@ resources: requests: cpu: 50m memory: 64Mi - -version: "1.0" From 7cf70bdd2097ed535a1011a279ca9fe1b38da1ce Mon Sep 17 00:00:00 2001 From: Ashish Kumar Dash Date: Mon, 1 Sep 2025 11:56:49 +0530 Subject: [PATCH 10/11] update --- charts/mosquitto/templates/auth-secret.yaml | 4 +- .../templates/connection-configmap.yaml | 17 +++ .../templates/connection-secret.yaml | 15 +++ charts/mosquitto/templates/pvc.yaml | 2 - charts/mosquitto/values.schema.json | 114 ++++++++++++++++-- charts/mosquitto/values.yaml | 28 ++++- 6 files changed, 166 insertions(+), 14 deletions(-) create mode 100644 charts/mosquitto/templates/connection-configmap.yaml create mode 100644 charts/mosquitto/templates/connection-secret.yaml diff --git a/charts/mosquitto/templates/auth-secret.yaml b/charts/mosquitto/templates/auth-secret.yaml index 03f61cca..43848e4c 100644 --- a/charts/mosquitto/templates/auth-secret.yaml +++ b/charts/mosquitto/templates/auth-secret.yaml @@ -1,4 +1,3 @@ -{{- if .Values.auth.enabled }} apiVersion: v1 kind: Secret metadata: @@ -10,6 +9,5 @@ type: Opaque stringData: passwd: | {{- range .Values.auth.users }} - {{ .username }}:{{ randAlphaNum 16 }} + {{ .username }}:{{ .password }} {{- end }} -{{- end }} diff --git a/charts/mosquitto/templates/connection-configmap.yaml b/charts/mosquitto/templates/connection-configmap.yaml new file mode 100644 index 00000000..3a20cad8 --- /dev/null +++ b/charts/mosquitto/templates/connection-configmap.yaml @@ -0,0 +1,17 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "mosquitto.fullname" . }}-connection + labels: + app.kubernetes.io/name: {{ include "mosquitto.name" . }} + app.kubernetes.io/instance: {{ .Release.Name }} +data: + MQTT_HOST: "{{ include "mosquitto.fullname" . }}" + MQTT_PORT: "{{ .Values.service.port }}" + {{- if .Values.tls.enabled }} + MQTT_TLS_PORT: "{{ .Values.service.tlsPort }}" + MQTT_TLS_ENABLED: "true" + {{- else }} + MQTT_TLS_ENABLED: "false" + {{- end }} + MQTT_SERVICE_TYPE: "{{ .Values.service.type }}" diff --git a/charts/mosquitto/templates/connection-secret.yaml b/charts/mosquitto/templates/connection-secret.yaml new file mode 100644 index 00000000..4a8cc622 --- /dev/null +++ b/charts/mosquitto/templates/connection-secret.yaml @@ -0,0 +1,15 @@ +apiVersion: v1 +kind: Secret +metadata: + name: {{ include "mosquitto.fullname" . }}-connection + labels: + app.kubernetes.io/name: {{ include "mosquitto.name" . }} + app.kubernetes.io/instance: {{ .Release.Name }} +type: Opaque +stringData: + {{- range $index, $user := .Values.auth.users }} + MQTT_USERNAME_{{ $index }}: "{{ $user.username }}" + MQTT_PASSWORD_{{ $index }}: "{{ $user.password }}" + {{- end }} + MQTT_USERNAME: "{{ (index .Values.auth.users 0).username }}" + MQTT_PASSWORD: "{{ (index .Values.auth.users 0).password }}" diff --git a/charts/mosquitto/templates/pvc.yaml b/charts/mosquitto/templates/pvc.yaml index b697379b..228448fc 100644 --- a/charts/mosquitto/templates/pvc.yaml +++ b/charts/mosquitto/templates/pvc.yaml @@ -1,4 +1,3 @@ -{{- if .Values.persistence.enabled }} apiVersion: v1 kind: PersistentVolumeClaim metadata: @@ -15,4 +14,3 @@ spec: {{- if .Values.persistence.storageClass }} storageClassName: {{ .Values.persistence.storageClass }} {{- end }} -{{- end }} diff --git a/charts/mosquitto/values.schema.json b/charts/mosquitto/values.schema.json index 60d9de7e..6dc2eade 100644 --- a/charts/mosquitto/values.schema.json +++ b/charts/mosquitto/values.schema.json @@ -2,24 +2,68 @@ "$schema": "http://json-schema.org/schema#", "type": "object", "properties": { + "version": { + "type": "string", + "mutable": true + }, + "diskSize": { + "type": "string", + "mutable": true + }, "image": { "type": "object", "properties": { - "repository": { "type": "string", "mutable": true }, - "tag": { "type": "string", "mutable": true } + "repository": { + "type": "string", + "mutable": true + }, + "tag": { + "type": "string", + "mutable": true + }, + "pullPolicy": { + "type": "string", + "mutable": true + } + } + }, + "persistence": { + "type": "object", + "properties": { + "enabled": { + "type": "boolean", + "mutable": true + }, + "size": { + "type": "string", + "mutable": true + }, + "storageClass": { + "type": "string", + "mutable": true + } } }, "auth": { "type": "object", "properties": { - "enabled": { "type": "boolean", "mutable": true }, + "enabled": { + "type": "boolean", + "mutable": true + }, "users": { "type": "array", "items": { "type": "object", "properties": { - "username": { "type": "string", "mutable": true }, - "password": { "type": "string", "mutable": true } + "username": { + "type": "string", + "mutable": true + }, + "password": { + "type": "string", + "mutable": true + } } } } @@ -28,9 +72,63 @@ "tls": { "type": "object", "properties": { - "enabled": { "type": "boolean", "mutable": true }, - "certSecret": { "type": "string", "mutable": true } + "enabled": { + "type": "boolean", + "mutable": true + }, + "certSecret": { + "type": "string", + "mutable": true + } + } + }, + "service": { + "type": "object", + "properties": { + "type": { + "type": "string", + "mutable": true + }, + "port": { + "type": "integer", + "mutable": true + }, + "tlsPort": { + "type": "integer", + "mutable": true + } + } + }, + "resources": { + "type": "object", + "properties": { + "limits": { + "type": "object", + "properties": { + "cpu": { + "type": "string", + "mutable": true + }, + "memory": { + "type": "string", + "mutable": true + } + } + }, + "requests": { + "type": "object", + "properties": { + "cpu": { + "type": "string", + "mutable": true + }, + "memory": { + "type": "string", + "mutable": true + } + } + } } } } -} +} \ No newline at end of file diff --git a/charts/mosquitto/values.yaml b/charts/mosquitto/values.yaml index 0cf57c87..b4d55548 100644 --- a/charts/mosquitto/values.yaml +++ b/charts/mosquitto/values.yaml @@ -1,7 +1,11 @@ diskSize: "10Gi" - version: "1.0" +image: + repository: "eclipse-mosquitto" + tag: "latest" + pullPolicy: "Always" + resources: limits: cpu: 100m @@ -9,3 +13,25 @@ resources: requests: cpu: 50m memory: 64Mi + +persistence: + enabled: true + size: "10Gi" + storageClass: "" + +auth: + enabled: true + users: + - username: "admin" + password: "admin123" + - username: "client" + password: "client123" + +tls: + enabled: false + certSecret: "mosquitto-tls-secret" + +service: + type: "ClusterIP" + port: 1883 + tlsPort: 8883 From 612f85274434b861fadebbf8043f758d943a1915 Mon Sep 17 00:00:00 2001 From: Ashish Kumar Dash Date: Tue, 11 Nov 2025 00:47:04 +0530 Subject: [PATCH 11/11] generate random pw --- charts/mosquitto/templates/auth-secret.yaml | 9 ++++++++- charts/mosquitto/values.yaml | 3 --- 2 files changed, 8 insertions(+), 4 deletions(-) diff --git a/charts/mosquitto/templates/auth-secret.yaml b/charts/mosquitto/templates/auth-secret.yaml index 43848e4c..1035c7c0 100644 --- a/charts/mosquitto/templates/auth-secret.yaml +++ b/charts/mosquitto/templates/auth-secret.yaml @@ -1,3 +1,4 @@ +{{- $existingSecret := lookup "v1" "Secret" .Release.Namespace (printf "%s-auth" (include "mosquitto.fullname" .)) -}} apiVersion: v1 kind: Secret metadata: @@ -5,9 +6,15 @@ metadata: labels: app.kubernetes.io/name: {{ include "mosquitto.name" . }} app.kubernetes.io/instance: {{ .Release.Name }} + annotations: + helm.sh/resource-policy: keep type: Opaque stringData: passwd: | + {{- if $existingSecret }} + {{ index $existingSecret.data "passwd" | b64dec }} + {{- else }} {{- range .Values.auth.users }} - {{ .username }}:{{ .password }} + {{ .username }}:{{ randAlphaNum 32 }} + {{- end }} {{- end }} diff --git a/charts/mosquitto/values.yaml b/charts/mosquitto/values.yaml index b4d55548..ae3309a3 100644 --- a/charts/mosquitto/values.yaml +++ b/charts/mosquitto/values.yaml @@ -23,9 +23,6 @@ auth: enabled: true users: - username: "admin" - password: "admin123" - - username: "client" - password: "client123" tls: enabled: false