Add Helm Chart for EclipseMosquitto – Track 2 (ZopDev SoC 2025)

charts/mosquitto/Chart.yaml

@@ -0,0 +1,10 @@
+apiVersion: v2
+appVersion: "1.0"
+description: Helm chart for Eclipse Mosquitto MQTT Broker
+name: mosquitto
+version: 0.0.1
+maintainers:
+  - name: ZopDev
+    url: zop.dev
+annotations:
+  type: datasource

charts/mosquitto/README.md

@@ -0,0 +1,28 @@
+# Mosquitto Helm Chart
+
+A fully-templated, production-grade Helm chart for deploying the [Eclipse Mosquitto](https://mosquitto.org/) MQTT broker on Kubernetes.
+
+---
+
+## ✨ Features
+
+- ✅ Lightweight MQTT 3.1/3.1.1/5.0 support
+- 🔐 Optional authentication via Kubernetes Secrets
+- 🔒 TLS support using pre-generated secrets
+- 💾 Persistent volume support for data durability
+- ⚙️ Custom `mosquitto.conf` via ConfigMap
+- 📦 Resource limits and health probes
+
+---
+
+## 🚀 Installation
+
+helm repo add my-repo https://your.repo.url/
+helm install mosquitto my-repo/mosquitto
+
+### Testing
+
+This chart is validated using `helm lint` and `helm template` via GitHub Actions.  
+To run local rendering tests:
+
+helm template test charts/mosquitto -f charts/mosquitto/test-values.yaml

charts/mosquitto/templates/NOTES.txt

@@ -0,0 +1,38 @@
+{{- if contains "LoadBalancer" .Values.service.type }}
+Your Mosquitto broker is exposed via LoadBalancer.
+
+To get the external IP:
+  kubectl get svc {{ include "mosquitto.fullname" . }} -o jsonpath='{.status.loadBalancer.ingress[0].ip}'
+
+Then connect your MQTT client to:
+  mqtt://<EXTERNAL-IP>:1883
+  {{- if .Values.tls.enabled }}
+  mqtts://<EXTERNAL-IP>:8883
+  {{- end }}
+{{- else }}
+Your Mosquitto broker is running inside the cluster.
+
+To access it, use port forwarding:
+  kubectl port-forward svc/{{ include "mosquitto.fullname" . }} 1883:1883
+
+Then connect using:
+  mqtt://localhost:1883
+  {{- if .Values.tls.enabled }}
+  mqtts://localhost:8883
+  {{- end }}
+{{- end }}
+
+{{- if .Values.auth.enabled }}
+Authentication is enabled.
+
+User credentials are stored in a Kubernetes Secret:
+  - Secret Name: {{ include "mosquitto.fullname" . }}-auth
+  - You can extract with:
+      kubectl get secret {{ include "mosquitto.fullname" . }}-auth -o yaml
+
+Example decode command (for first user):
+  USER=$(kubectl get secret {{ include "mosquitto.fullname" . }}-auth -o jsonpath="{.data.username}" | base64 -d)
+  PASS=$(kubectl get secret {{ include "mosquitto.fullname" . }}-auth -o jsonpath="{.data.password}" | base64 -d)
+  echo "Username: $USER"
+  echo "Password: $PASS"
+{{- end }}

charts/mosquitto/templates/_helpers.tpl

@@ -0,0 +1,7 @@
+{{- define "mosquitto.name" -}}
+mosquitto
+{{- end -}}
+
+{{- define "mosquitto.fullname" -}}
+{{ include "mosquitto.name" . }}-{{ .Release.Name }}
+{{- end -}}

charts/mosquitto/templates/auth-secret.yaml

@@ -0,0 +1,15 @@
+{{- if .Values.auth.enabled }}
+apiVersion: v1
+kind: Secret
+metadata:
+  name: {{ include "mosquitto.fullname" . }}-auth
+  labels:
+    app.kubernetes.io/name: {{ include "mosquitto.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+type: Opaque
+stringData:
+  passwd: |
+    {{- range .Values.auth.users }}
+    {{ .username }}:{{ randAlphaNum 16 }}
+    {{- end }}
+{{- end }}

charts/mosquitto/templates/configmap.yaml

@@ -0,0 +1,19 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: {{ include "mosquitto.fullname" . }}
+  labels:
+    app.kubernetes.io/name: {{ include "mosquitto.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+data:
+  mosquitto.conf: |
+    persistence {{ .Values.persistence.enabled }}
+    allow_anonymous false
+    password_file /mosquitto/passwords/passwd
+    listener 1883
+    {{- if .Values.tls.enabled }}
+    listener 8883
+    cafile /mosquitto/certs/ca.crt
+    certfile /mosquitto/certs/tls.crt
+    keyfile /mosquitto/certs/tls.key
+    {{- end }}

charts/mosquitto/templates/deployment.yaml

@@ -0,0 +1,83 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: {{ include "mosquitto.fullname" . }}
+  labels:
+    app.kubernetes.io/name: {{ include "mosquitto.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ include "mosquitto.name" . }}
+      app.kubernetes.io/instance: {{ .Release.Name }}
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/name: {{ include "mosquitto.name" . }}
+        app.kubernetes.io/instance: {{ .Release.Name }}
+    spec:
+      containers:
+        - name: mosquitto
+          image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}"
+          imagePullPolicy: {{ .Values.image.pullPolicy }}
+          ports:
+           - containerPort: 1883
+             name: mqtt
+           {{- if .Values.tls.enabled }}
+           - containerPort: 8883
+             name: mqtts
+           {{- end }}
+
+          volumeMounts:
+            - name: config-volume
+              mountPath: /mosquitto/config/mosquitto.conf
+              subPath: mosquitto.conf
+            {{- if .Values.persistence.enabled }}
+            - name: data
+              mountPath: /mosquitto/data
+            {{- end }}
+            {{- if .Values.auth.enabled }}
+            - name: auth-volume
+              mountPath: /mosquitto/passwords
+              readOnly: true
+            {{- end }}
+            {{- if .Values.tls.enabled }}
+            - name: tls-secret
+              mountPath: /mosquitto/certs
+              readOnly: true
+            {{- end }}
+          resources:
+            {{- toYaml .Values.resources | nindent 12 }}
+          livenessProbe:
+            tcpSocket:
+              port: 1883
+            initialDelaySeconds: 10
+            periodSeconds: 15
+          readinessProbe:
+            tcpSocket:
+              port: 1883
+            initialDelaySeconds: 5
+            periodSeconds: 10
+      volumes:
+        - name: config-volume
+          configMap:
+            name: {{ include "mosquitto.fullname" . }}
+        {{- if .Values.persistence.enabled }}
+        - name: data
+          persistentVolumeClaim:
+            claimName: {{ include "mosquitto.fullname" . }}-pvc
+        {{- end }}
+        {{- if .Values.auth.enabled }}
+        - name: auth-volume
+          secret:
+            secretName: {{ include "mosquitto.fullname" . }}-auth
+            items:
+              - key: passwd
+                path: passwd
+        {{- end }}
+        {{- if .Values.tls.enabled }}
+        - name: tls-secret
+          secret:
+            secretName: {{ .Values.tls.certSecret }}
+        {{- end }}

charts/mosquitto/templates/pvc.yaml

@@ -0,0 +1,18 @@
+{{- if .Values.persistence.enabled }}
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: {{ include "mosquitto.fullname" . }}-pvc
+  labels:
+    app.kubernetes.io/name: {{ include "mosquitto.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+spec:
+  accessModes:
+    - ReadWriteOnce
+  resources:
+    requests:
+      storage: {{ .Values.persistence.size }}
+  {{- if .Values.persistence.storageClass }}
+  storageClassName: {{ .Values.persistence.storageClass }}
+  {{- end }}
+{{- end }}

charts/mosquitto/templates/service.yaml

@@ -0,0 +1,21 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ include "mosquitto.fullname" . }}
+  labels:
+    app.kubernetes.io/name: {{ include "mosquitto.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+spec:
+  type: {{ .Values.service.type }}
+  ports:
+    - name: mqtt
+      port: 1883
+      targetPort: mqtt
+    {{- if .Values.tls.enabled }}
+    - name: mqtts
+      port: 8883
+      targetPort: mqtts
+    {{- end }}
+  selector:
+    app.kubernetes.io/name: {{ include "mosquitto.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}

charts/mosquitto/values.schema.json

@@ -0,0 +1,36 @@
+{
+  "$schema": "http://json-schema.org/schema#",
+  "type": "object",
+  "properties": {
+    "image": {
+      "type": "object",
+      "properties": {
+        "repository": { "type": "string", "mutable": true },
+        "tag": { "type": "string", "mutable": true }
+      }
+    },
+    "auth": {
+      "type": "object",
+      "properties": {
+        "enabled": { "type": "boolean", "mutable": true },
+        "users": {
+          "type": "array",
+          "items": {
+            "type": "object",
+            "properties": {
+              "username": { "type": "string", "mutable": true },
+              "password": { "type": "string", "mutable": true }
+            }
+          }
+        }
+      }
+    },
+    "tls": {
+      "type": "object",
+      "properties": {
+        "enabled": { "type": "boolean", "mutable": true },
+        "certSecret": { "type": "string", "mutable": true }
+      }
+    }
+  }
+}

charts/mosquitto/values.yaml

@@ -0,0 +1,59 @@
+# Mosquitto Image Configuration
+image:
+  repository: eclipse-mosquitto
+  tag: 2.0.18
+  pullPolicy: IfNotPresent
+
+# Broker Configuration
+config:
+  # Optional custom config file (overrides default if provided)
+  customConfig: ""
+
+# Service Configuration
+service:
+  type: ClusterIP # Use LoadBalancer for external access
+  port: 1883
+  tlsPort: 8883
+
+# Persistence
+persistence:
+  enabled: true
+  storageClass: ""
+  accessMode: ReadWriteOnce
+  size: 1Gi
+
+# Authentication
+auth:
+  enabled: true
+  users:
+    - username: user
+
+# TLS Configuration
+tls:
+  enabled: false
+  certSecret: mosquitto-tls-secret # Must contain tls.crt and tls.key
+
+# Probes
+livenessProbe:
+  enabled: true
+  initialDelaySeconds: 10
+  periodSeconds: 15
+
+readinessProbe:
+  enabled: true
+  initialDelaySeconds: 5
+  periodSeconds: 10
+
+# Resource Limits
+resources:
+  limits:
+    cpu: 100m
+    memory: 128Mi
+  requests:
+    cpu: 50m
+    memory: 64Mi
+
+# Node selectors, tolerations, affinity (optional)
+nodeSelector: {}
+tolerations: []
+affinity: {}