diff --git a/kubernetes/apps/home-automation/kustomization.yaml b/kubernetes/apps/home-automation/kustomization.yaml index 2e434ec..f63159c 100644 --- a/kubernetes/apps/home-automation/kustomization.yaml +++ b/kubernetes/apps/home-automation/kustomization.yaml @@ -6,4 +6,5 @@ resources: # Pre Flux-Kustomizations - ./namespace.yaml # Flux-Kustomizations - - ./home-assistant/ks.yaml \ No newline at end of file + - ./home-assistant/ks.yaml + - ./mosquitto/ks.yaml \ No newline at end of file diff --git a/kubernetes/apps/home-automation/mosquitto/app/config/mosquitto.conf b/kubernetes/apps/home-automation/mosquitto/app/config/mosquitto.conf new file mode 100644 index 0000000..278ccce --- /dev/null +++ b/kubernetes/apps/home-automation/mosquitto/app/config/mosquitto.conf @@ -0,0 +1,9 @@ +per_listener_settings false +listener 1883 +allow_anonymous false +persistence true +persistence_location /data +autosave_interval 1800 +connection_messages false +autosave_interval 60 +password_file /mosquitto/external_config/mosquitto_pwd \ No newline at end of file diff --git a/kubernetes/apps/home-automation/mosquitto/app/externalsecret.yaml b/kubernetes/apps/home-automation/mosquitto/app/externalsecret.yaml new file mode 100644 index 0000000..65e8448 --- /dev/null +++ b/kubernetes/apps/home-automation/mosquitto/app/externalsecret.yaml @@ -0,0 +1,27 @@ +--- +# yaml-language-server: $schema=https://ks.hsn.dev/external-secrets.io/externalsecret_v1beta1.json +apiVersion: external-secrets.io/v1beta1 +kind: ExternalSecret +metadata: + name: mosquitto +spec: + secretStoreRef: + kind: ClusterSecretStore + name: onepassword-connect + target: + name: mosquitto-secret + creationPolicy: Owner + template: + engineVersion: v2 + data: + mosquitto_pwd: | + {{ .mosquitto_username }}:{{ .mosquitto_password }} + {{ .mosquitto_zwave_username }}:{{ .mosquitto_zwave_password }} + {{ .mosquitto_home_assistant_username }}:{{ .mosquitto_home_assistant_password }} + dataFrom: + - extract: + key: mosquitto + rewrite: + - regexp: + source: "(.*)" + target: "mosquitto_$1" \ No newline at end of file diff --git a/kubernetes/apps/home-automation/mosquitto/app/helmrelease.yaml b/kubernetes/apps/home-automation/mosquitto/app/helmrelease.yaml new file mode 100644 index 0000000..826ad06 --- /dev/null +++ b/kubernetes/apps/home-automation/mosquitto/app/helmrelease.yaml @@ -0,0 +1,105 @@ +--- +# yaml-language-server: $schema=https://raw.githubusercontent.com/bjw-s/helm-charts/main/charts/other/app-template/schemas/helmrelease-helm-v2beta2.schema.json +apiVersion: helm.toolkit.fluxcd.io/v2beta2 +kind: HelmRelease +metadata: + name: mosquitto +spec: + interval: 30m + chart: + spec: + chart: app-template + version: 3.1.0 + interval: 30m + sourceRef: + kind: HelmRepository + name: bjw-s + namespace: flux-system + + values: + controllers: + mosquitto: + annotations: + reloader.stakater.com/auto: "true" + + pod: + securityContext: + runAsUser: 568 + runAsGroup: 568 + fsGroup: 568 + fsGroupChangePolicy: OnRootMismatch + + initContainers: + init-config: + image: + repository: public.ecr.aws/docker/library/eclipse-mosquitto + tag: 2.0.18 + command: + - "/bin/sh" + - "-c" + args: + - cp /tmp/secret/* /mosquitto/external_config/; + mosquitto_passwd -U /mosquitto/external_config/mosquitto_pwd; + chmod 0600 /mosquitto/external_config/mosquitto_pwd; + + containers: + app: + image: + repository: public.ecr.aws/docker/library/eclipse-mosquitto + tag: 2.0.18 + probes: + liveness: + enabled: true + readiness: + enabled: true + startup: + enabled: true + spec: + failureThreshold: 30 + periodSeconds: 5 + resources: + requests: + cpu: 5m + memory: 10M + limits: + memory: 10M + + service: + app: + controller: mosquitto + type: LoadBalancer + annotations: + external-dns.alpha.kubernetes.io/hostname: "mqtt.jahanson.tech" + io.cilium/lb-ipam-ips: "10.45.0.10" + externalTrafficPolicy: Local + ports: + mqtt: + enabled: true + port: 1883 + + persistence: + data: + existingClaim: mosquitto-data + advancedMounts: + mosquitto: + app: + - path: /data + mosquitto-configfile: + type: configMap + name: mosquitto-configmap + advancedMounts: + mosquitto: + app: + - path: /mosquitto/config/mosquitto.conf + subPath: mosquitto.conf + mosquitto-secret: + type: secret + name: mosquitto-secret + advancedMounts: + mosquitto: + init-config: + - path: /tmp/secret + mosquitto-externalconfig: + type: emptyDir + globalMounts: + - path: /mosquitto/external_config \ No newline at end of file diff --git a/kubernetes/apps/home-automation/mosquitto/app/kustomization.yaml b/kubernetes/apps/home-automation/mosquitto/app/kustomization.yaml new file mode 100644 index 0000000..3ebb1e4 --- /dev/null +++ b/kubernetes/apps/home-automation/mosquitto/app/kustomization.yaml @@ -0,0 +1,14 @@ +--- +# yaml-language-server: $schema=https://json.schemastore.org/kustomization +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: + - ./helmrelease.yaml + - ./externalsecret.yaml + - ../../../../templates/volsync +configMapGenerator: + - name: mosquitto-configmap + files: + - config/mosquitto.conf +generatorOptions: + disableNameSuffixHash: true \ No newline at end of file diff --git a/kubernetes/apps/home-automation/mosquitto/ks.yaml b/kubernetes/apps/home-automation/mosquitto/ks.yaml new file mode 100644 index 0000000..f122ab0 --- /dev/null +++ b/kubernetes/apps/home-automation/mosquitto/ks.yaml @@ -0,0 +1,28 @@ +--- +# yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/kustomization-kustomize-v1.json +apiVersion: kustomize.toolkit.fluxcd.io/v1 +kind: Kustomization +metadata: + name: &appname mosquitto + namespace: flux-system +spec: + targetNamespace: home-automation + commonMetadata: + labels: + app.kubernetes.io/name: *appname + interval: 10m + path: "./kubernetes/apps/home-automation/mosquitto/app" + prune: true + sourceRef: + kind: GitRepository + name: homelab + wait: true + dependsOn: + - name: rook-ceph-cluster + - name: volsync + - name: external-secrets-stores + postBuild: + substitute: + APP: *appname + VOLSYNC_CLAIM: mosquitto-data + VOLSYNC_CAPACITY: 512Mi \ No newline at end of file