Eclipse Mosquitto is probably the most popular MQTT broker for IoT devices. Small, fast, reliable. But for unknown reason, a lot of tutorials on how to run Mosquitto in Kubernetes. They are either overcomplicated or happily ignore some aspects like load balancer or not that straight forward password generation.
This is why, without further ado, it’s my pleasure to present to you single file Helm chart that quickly allows you to run Mosquitto MQTT broken on your home (or not) Kubernetes cluster.
- Chart was tested on MicroK8S but after some teaks will work on any other K8S distribution. The thing to adjust is the storage class, which in this case is
microk8s-hostpath. Like you can guess, it’s MicroK8S native and not present in other distributions microk8s-hostpathuses host filesystem and as you can imagine, is not moved to different nodes in case of pod eviction. For non-test usage, I suggest switching to something more “network” or “cloud” oriented like microk8s-hostpath NFS or ceph- This setup uses standard, default, Mosquitto configuration with a few tweaks:
- Explicitly binds to port 1883 and allows external connections
- allows to use the broker without username and password. To change this, comment out the line
allow_anonymous true
- Mosquitto instance will be configured with one user and password. It’s
mqttwith passwordmqtt. To change it (and you really should) use this amazing online tool that will generate password hash for you: https://dmelo.eu/blog/mosquitto_passwd_gen/
apiVersion: v1
kind: ConfigMap
metadata:
name: mosquitto-config
data:
mosquitto.conf: |
listener 1883 0.0.0.0
allow_anonymous true
password_file /mosquitto/config/password.txt
---
apiVersion: v1
kind: ConfigMap
metadata:
name: mosquitto-password
data:
password.txt: |
mqtt:$7$100$hm3iRT+S+4UcqS2P$8b86/pOPPVYLFwJarGLuOs+QftCoTfSlMoIAH8MMDCa2SpPVJR/Cx913vAhLOYoX6rFIQ+rT4r59kzN3raHo1w==
---
apiVersion: v1
kind: Service
metadata:
name: mosquitto
labels:
app: mosquitto
spec:
ports:
- port: 1883
targetPort: 1883
name: mosquitto
selector:
app: mosquitto
type: LoadBalancer
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: mosquitto-persistent-storage
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 1Gi
storageClassName: microk8s-hostpath
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: mosquitto
labels:
app: mosquitto
spec:
replicas: 1
selector:
matchLabels:
app: mosquitto
template:
metadata:
labels:
app: mosquitto
spec:
securityContext:
fsGroup: 33
containers:
- image: eclipse-mosquitto:latest
name: mosquitto
resources:
requests:
memory: "64Mi"
cpu: "10m"
limits:
memory: "256Mi"
cpu: "250m"
ports:
- containerPort: 1883
name: mosquitto
volumeMounts:
- name: mosquitto-persistent-storage
mountPath: /mosquitto/data
- name: mosquitto-password
mountPath: /mosquitto/config/password.txt
subPath: password.txt
- name: mosquitto-config
mountPath: /mosquitto/config/mosquitto.conf
subPath: mosquitto.conf
volumes:
- name: mosquitto-persistent-storage
persistentVolumeClaim:
claimName: pvc-mosquitto
- name: mosquitto-password
configMap:
name: mosquitto-password
items:
- key: "password.txt"
path: "password.txt"
- name: mosquitto-config
configMap:
name: mosquitto-config
items:
- key: "mosquitto.conf"
path: "mosquitto.conf"
Leave a Reply