Adding Mosquitto.

kubernetes/apps/home-automation/kustomization.yaml

@@ -7,3 +7,4 @@ resources:
   - ./namespace.yaml
   # Flux-Kustomizations
   - ./home-assistant/ks.yaml
+  - ./mosquitto/ks.yaml

kubernetes/apps/home-automation/mosquitto/app/config/mosquitto.conf

@@ -0,0 +1,9 @@
+per_listener_settings false
+listener 1883
+allow_anonymous false
+persistence true
+persistence_location /data
+autosave_interval 1800
+connection_messages false
+autosave_interval 60
+password_file /mosquitto/external_config/mosquitto_pwd

kubernetes/apps/home-automation/mosquitto/app/externalsecret.yaml

@@ -0,0 +1,27 @@
+---
+# yaml-language-server: $schema=https://ks.hsn.dev/external-secrets.io/externalsecret_v1beta1.json
+apiVersion: external-secrets.io/v1beta1
+kind: ExternalSecret
+metadata:
+  name: mosquitto
+spec:
+  secretStoreRef:
+    kind: ClusterSecretStore
+    name: onepassword-connect
+  target:
+    name: mosquitto-secret
+    creationPolicy: Owner
+    template:
+      engineVersion: v2
+      data:
+        mosquitto_pwd: |
+          {{ .mosquitto_username }}:{{ .mosquitto_password }}
+          {{ .mosquitto_zwave_username }}:{{ .mosquitto_zwave_password }}
+          {{ .mosquitto_home_assistant_username }}:{{ .mosquitto_home_assistant_password }}
+  dataFrom:
+    - extract:
+        key: mosquitto
+      rewrite:
+        - regexp:
+            source: "(.*)"
+            target: "mosquitto_$1"

kubernetes/apps/home-automation/mosquitto/app/helmrelease.yaml

@@ -0,0 +1,105 @@
+---
+# yaml-language-server: $schema=https://raw.githubusercontent.com/bjw-s/helm-charts/main/charts/other/app-template/schemas/helmrelease-helm-v2beta2.schema.json
+apiVersion: helm.toolkit.fluxcd.io/v2beta2
+kind: HelmRelease
+metadata:
+  name: mosquitto
+spec:
+  interval: 30m
+  chart:
+    spec:
+      chart: app-template
+      version: 3.1.0
+      interval: 30m
+      sourceRef:
+        kind: HelmRepository
+        name: bjw-s
+        namespace: flux-system
+
+  values:
+    controllers:
+      mosquitto:
+        annotations:
+          reloader.stakater.com/auto: "true"
+
+        pod:
+          securityContext:
+            runAsUser: 568
+            runAsGroup: 568
+            fsGroup: 568
+            fsGroupChangePolicy: OnRootMismatch
+
+        initContainers:
+          init-config:
+            image:
+              repository: public.ecr.aws/docker/library/eclipse-mosquitto
+              tag: 2.0.18
+            command:
+              - "/bin/sh"
+              - "-c"
+            args:
+              - cp /tmp/secret/* /mosquitto/external_config/;
+                mosquitto_passwd -U /mosquitto/external_config/mosquitto_pwd;
+                chmod 0600 /mosquitto/external_config/mosquitto_pwd;
+
+        containers:
+          app:
+            image:
+              repository: public.ecr.aws/docker/library/eclipse-mosquitto
+              tag: 2.0.18
+            probes:
+              liveness:
+                enabled: true
+              readiness:
+                enabled: true
+              startup:
+                enabled: true
+                spec:
+                  failureThreshold: 30
+                  periodSeconds: 5
+            resources:
+              requests:
+                cpu: 5m
+                memory: 10M
+              limits:
+                memory: 10M
+
+    service:
+      app:
+        controller: mosquitto
+        type: LoadBalancer
+        annotations:
+          external-dns.alpha.kubernetes.io/hostname: "mqtt.jahanson.tech"
+          io.cilium/lb-ipam-ips: "10.45.0.10"
+        externalTrafficPolicy: Local
+        ports:
+          mqtt:
+            enabled: true
+            port: 1883
+
+    persistence:
+      data:
+        existingClaim: mosquitto-data
+        advancedMounts:
+          mosquitto:
+            app:
+              - path: /data
+      mosquitto-configfile:
+        type: configMap
+        name: mosquitto-configmap
+        advancedMounts:
+          mosquitto:
+            app:
+              - path: /mosquitto/config/mosquitto.conf
+                subPath: mosquitto.conf
+      mosquitto-secret:
+        type: secret
+        name: mosquitto-secret
+        advancedMounts:
+          mosquitto:
+            init-config:
+              - path: /tmp/secret
+      mosquitto-externalconfig:
+        type: emptyDir
+        globalMounts:
+          - path: /mosquitto/external_config

kubernetes/apps/home-automation/mosquitto/app/kustomization.yaml

@@ -0,0 +1,14 @@
+---
+# yaml-language-server: $schema=https://json.schemastore.org/kustomization
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+resources:
+  - ./helmrelease.yaml
+  - ./externalsecret.yaml
+  - ../../../../templates/volsync
+configMapGenerator:
+  - name: mosquitto-configmap
+    files:
+      - config/mosquitto.conf
+generatorOptions:
+  disableNameSuffixHash: true

kubernetes/apps/home-automation/mosquitto/ks.yaml

@@ -0,0 +1,28 @@
+---
+# yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/kustomization-kustomize-v1.json
+apiVersion: kustomize.toolkit.fluxcd.io/v1
+kind: Kustomization
+metadata:
+  name: &appname mosquitto
+  namespace: flux-system
+spec:
+  targetNamespace: home-automation
+  commonMetadata:
+    labels:
+      app.kubernetes.io/name: *appname
+  interval: 10m
+  path: "./kubernetes/apps/home-automation/mosquitto/app"
+  prune: true
+  sourceRef:
+    kind: GitRepository
+    name: homelab
+  wait: true
+  dependsOn:
+    - name: rook-ceph-cluster
+    - name: volsync
+    - name: external-secrets-stores
+  postBuild:
+    substitute:
+      APP: *appname
+      VOLSYNC_CLAIM: mosquitto-data
+      VOLSYNC_CAPACITY: 512Mi