apiVersion: v1 kind: PersistentVolumeClaim metadata: name: mosquitto-data spec: accessModes: - ReadWriteOnce resources: requests: storage: 1Gi volumeMode: Filesystem --- apiVersion: apps/v1 kind: StatefulSet metadata: name: mosquitto spec: replicas: 1 serviceName: mosquitto selector: matchLabels: name: mosquitto template: metadata: labels: name: mosquitto spec: containers: - name: mosquitto image: docker.io/library/eclipse-mosquitto:latest imagePullPolicy: IfNotPresent ports: - containerPort: 8883 livenessProbe: tcpSocket: port: 1883 failureThreshold: 1 initialDelaySeconds: 5 periodSeconds: 30 successThreshold: 1 timeoutSeconds: 5 readinessProbe: exec: command: - mosquitto_pub - -t - _ping - -m - ping failureThreshold: 1 initialDelaySeconds: 5 periodSeconds: 30 successThreshold: 1 timeoutSeconds: 5 volumeMounts: - name: data mountPath: /mosquitto/data subPath: data - name: data mountPath: /mosquitto/log subPath: log - name: config mountPath: /mosquitto/config - name: tls mountPath: /mosquitto/tls readOnly: true - name: ca mountPath: /mosquitto/ca readOnly: true - name: mosquitto-subscriber image: docker.io/library/eclipse-mosquitto:latest imagePullPolicy: IfNotPresent command: - mosquitto_sub args: - -v - -t - '#' volumeMounts: - name: tls mountPath: /mosquitto/tls readOnly: true - name: ca mountPath: /mosquitto/ca readOnly: true terminationGracePeriodSeconds: 30 volumes: - name: data persistentVolumeClaim: claimName: mosquitto-data - name: config configMap: name: mosquitto-config defaultMode: 0640 - name: ca configMap: name: openshift-service-ca.crt - name: tls secret: secretName: mosquitto-tls --- apiVersion: v1 kind: Service metadata: name: mosquitto annotations: service.beta.openshift.io/serving-cert-secret-name: mosquitto-tls spec: type: ClusterIP ipFamilies: - IPv4 ipFamilyPolicy: SingleStack ports: - name: mqtt port: 1883 protocol: TCP targetPort: 1883 - name: tls port: 8883 protocol: TCP targetPort: 8883 selector: name: mosquitto sessionAffinity: None --- apiVersion: v1 kind: ConfigMap metadata: name: mosquitto-config data: mosquitto.conf: | autosave_interval 60 persistence true persistence_file mosquitto.db persistence_location /mosquitto/data allow_anonymous true password_file /mosquitto/config/pwfile acl_file /mosquitto/config/aclfile listener 1883 0.0.0.0 protocol mqtt listener 8883 0.0.0.0 protocol mqtt cafile /mosquitto/ca/service-ca.crt certfile /mosquitto/tls/tls.crt keyfile /mosquitto/tls/tls.key aclfile: | # This affects access control for clients with no username. topic read $SYS/# # Allow anonymous users to read all updates. topic read # # Allow the tekton user to write updates. user tekton topic readwrite # # This affects all clients. pattern write /broker/connection/%c/state # pwfile is generated using "mosquitto_passwd -c /tmp/pwfile $username" pwfile: | tekton:REDACTED --- apiVersion: route.openshift.io/v1 kind: Route metadata: name: mosquitto spec: to: kind: Service name: mosquitto port: targetPort: 8883 tls: termination: passthrough insecureEdgeTerminationPolicy: None