diff --git a/.github/workflows/CI.yml b/.github/workflows/CI.yml index c2179f57..3ed98d14 100644 --- a/.github/workflows/CI.yml +++ b/.github/workflows/CI.yml @@ -3,8 +3,9 @@ on: push: branches: - main - paths-ignore: - - 'deployment/**' + paths: + - 'iotedge/Distributed.IoT.Edge' + - 'lib/Industrial-IoT' env: REGISTRY: ghcr.io IMAGE_NAME: ${{ github.repository }} diff --git a/.github/workflows/Release-L2.yml b/.github/workflows/Release-L2.yml new file mode 100644 index 00000000..b9092f4f --- /dev/null +++ b/.github/workflows/Release-L2.yml @@ -0,0 +1,36 @@ +name: Main - Release Helm Chart IoT Edge Accelerator L2 +on: + push: + branches: + - main + paths: + # Only run this when chart file is updated. + - 'deployment/helm/iot-edge-l2/Chart.yaml' + +jobs: + Release-Artifacts: + runs-on: ubuntu-latest + steps: + - name: Checkout + uses: actions/checkout@v2 + with: + fetch-depth: 0 + + - name: Configure Git + run: | + git config user.name "$GITHUB_ACTOR" + git config user.email "$GITHUB_ACTOR@users.noreply.github.com" + + - name: Get the version + id: vars + run: echo ::set-output name=tag::$(echo main-${GITHUB_SHA}) + + - name: Echo Docker images tag + run: echo ${{steps.vars.outputs.tag}} + + - name: Run chart-releaser + uses: helm/chart-releaser-action@v1.1.0 + env: + CR_TOKEN: "${{ secrets.GITHUB_TOKEN }}" + with: + charts_dir: deployment/helm diff --git a/.github/workflows/Release-L4.yml b/.github/workflows/Release-L4.yml new file mode 100644 index 00000000..4970d977 --- /dev/null +++ b/.github/workflows/Release-L4.yml @@ -0,0 +1,36 @@ +name: Main - Release Helm Chart IoT Edge Accelerator L4 +on: + push: + branches: + - main + paths: + # Only run this when chart file is updated. + - 'deployment/helm/iot-edge-l4/Chart.yaml' + +jobs: + Release-Artifacts: + runs-on: ubuntu-latest + steps: + - name: Checkout + uses: actions/checkout@v2 + with: + fetch-depth: 0 + + - name: Configure Git + run: | + git config user.name "$GITHUB_ACTOR" + git config user.email "$GITHUB_ACTOR@users.noreply.github.com" + + - name: Get the version + id: vars + run: echo ::set-output name=tag::$(echo main-${GITHUB_SHA}) + + - name: Echo Docker images tag + run: echo ${{steps.vars.outputs.tag}} + + - name: Run chart-releaser + uses: helm/chart-releaser-action@v1.1.0 + env: + CR_TOKEN: "${{ secrets.GITHUB_TOKEN }}" + with: + charts_dir: deployment/helm diff --git a/.github/workflows/Release-mosquitto.yml b/.github/workflows/Release-mosquitto.yml new file mode 100644 index 00000000..0b1cb92e --- /dev/null +++ b/.github/workflows/Release-mosquitto.yml @@ -0,0 +1,36 @@ +name: Main - Release Helm Chart Mosquitto Broker +on: + push: + branches: + - main + paths: + # Only run this when chart file is updated. + - 'deployment/helm/mosquitto/Chart.yaml' + +jobs: + Release-Artifacts: + runs-on: ubuntu-latest + steps: + - name: Checkout + uses: actions/checkout@v2 + with: + fetch-depth: 0 + + - name: Configure Git + run: | + git config user.name "$GITHUB_ACTOR" + git config user.email "$GITHUB_ACTOR@users.noreply.github.com" + + - name: Get the version + id: vars + run: echo ::set-output name=tag::$(echo main-${GITHUB_SHA}) + + - name: Echo Docker images tag + run: echo ${{steps.vars.outputs.tag}} + + - name: Run chart-releaser + uses: helm/chart-releaser-action@v1.1.0 + env: + CR_TOKEN: "${{ secrets.GITHUB_TOKEN }}" + with: + charts_dir: deployment/helm diff --git a/.github/workflows/Release.yml b/.github/workflows/Release-squid-proxy.yml similarity index 88% rename from .github/workflows/Release.yml rename to .github/workflows/Release-squid-proxy.yml index a2b7fdc9..33cc7191 100644 --- a/.github/workflows/Release.yml +++ b/.github/workflows/Release-squid-proxy.yml @@ -1,11 +1,12 @@ -name: Main Branch Release +name: Main - Release Helm Chart Squid Proxy on: push: branches: - main paths: # Only run this when chart file is updated. - - 'deployment/helm/iot-edge-accelerator/Chart.yaml' + - 'deployment/helm/squid-proxy/Chart.yaml' + jobs: Release-Artifacts: runs-on: ubuntu-latest diff --git a/deployment/helm/iot-edge-accelerator/templates/dapr/redis-pub-sub.yaml b/deployment/helm/iot-edge-accelerator/templates/dapr/redis-pub-sub.yaml deleted file mode 100644 index 9ae94b6b..00000000 --- a/deployment/helm/iot-edge-accelerator/templates/dapr/redis-pub-sub.yaml +++ /dev/null @@ -1,33 +0,0 @@ -# TODO: Add overarching component configuration. -apiVersion: dapr.io/v1alpha1 -kind: Component -metadata: - name: local-pub-sub -spec: - type: pubsub.redis - version: v1 - metadata: - - name: redisHost - value: {{ .Values.localPubSubModule.redisUri }} - #value: localhost:6379 - - name: redisPassword - # value: "" - secretKeyRef: - name: redis - key: redis-password - # Lock down type of access for each service. - - name: publishingScopes - value: "simulated-temperature-sensor-module=telemetry;data-gateway-module=;opc-publisher-module=telemetry" - - name: subscriptionScopes - value: "simulated-temperature-sensor-module=;data-gateway-module=telemetry;opc-publisher-module=" - # Lock down the topics on this pubsub component. - - name: allowedTopics - value: "telemetry" - - # uncomment below for connecting to redis cache instances over TLS (ex - Azure Redis Cache) - # - name: enableTLS - # value: true -scopes: -- data-gateway-module -- simulated-temperature-sensor-module -- opc-publisher-module \ No newline at end of file diff --git a/deployment/helm/iot-edge-accelerator/.helmignore b/deployment/helm/iot-edge-l2/.helmignore similarity index 100% rename from deployment/helm/iot-edge-accelerator/.helmignore rename to deployment/helm/iot-edge-l2/.helmignore diff --git a/deployment/helm/iot-edge-accelerator/Chart.yaml b/deployment/helm/iot-edge-l2/Chart.yaml similarity index 86% rename from deployment/helm/iot-edge-accelerator/Chart.yaml rename to deployment/helm/iot-edge-l2/Chart.yaml index d9132974..d1b69962 100644 --- a/deployment/helm/iot-edge-accelerator/Chart.yaml +++ b/deployment/helm/iot-edge-l2/Chart.yaml @@ -1,6 +1,6 @@ apiVersion: v2 -name: iot-edge-accelerator -description: A Helm chart for deploying IoT edge accelerator on K8s, pre-release version. +name: iot-edge-l2 +description: A Helm chart for deploying IoT Edge Accelerator L2 (layer 2) on K8s, pre-release version. keywords: - azure - iot @@ -17,7 +17,7 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. -version: 0.26.0 +version: 0.1.0 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. diff --git a/deployment/helm/iot-edge-accelerator/pn.json b/deployment/helm/iot-edge-l2/pn.json similarity index 100% rename from deployment/helm/iot-edge-accelerator/pn.json rename to deployment/helm/iot-edge-l2/pn.json diff --git a/deployment/helm/iot-edge-accelerator/templates/NOTES.txt b/deployment/helm/iot-edge-l2/templates/NOTES.txt similarity index 100% rename from deployment/helm/iot-edge-accelerator/templates/NOTES.txt rename to deployment/helm/iot-edge-l2/templates/NOTES.txt diff --git a/deployment/helm/iot-edge-l2/templates/dapr/mqtt-pub-sub.yaml b/deployment/helm/iot-edge-l2/templates/dapr/mqtt-pub-sub.yaml new file mode 100644 index 00000000..bf7be963 --- /dev/null +++ b/deployment/helm/iot-edge-l2/templates/dapr/mqtt-pub-sub.yaml @@ -0,0 +1,30 @@ +apiVersion: dapr.io/v1alpha1 +kind: Component +metadata: + name: {{ .Values.opcPublisherModule.pubsub }} +spec: + type: pubsub.mqtt3 + version: v1 + metadata: + - name: url + value: {{ .Values.localPubSubModule.mqttUri }} + - name: retain + value: "false" + - name: cleanSession + value: "false" + - name: qos + value: "1" + - name: consumerID + value: "{podName}" + # Lock down type of access for each service. + - name: publishingScopes + value: "simulated-temperature-sensor-module=telemetry;opc-publisher-module=telemetry" + - name: subscriptionScopes + value: "simulated-temperature-sensor-module=;opc-publisher-module=" + # Lock down the topics on this pubsub component. + - name: allowedTopics + value: "telemetry" + +scopes: +- simulated-temperature-sensor-module +- opc-publisher-module \ No newline at end of file diff --git a/deployment/helm/iot-edge-accelerator/templates/system-modules/opc-plc-module.yaml b/deployment/helm/iot-edge-l2/templates/system-modules/opc-plc-module.yaml similarity index 100% rename from deployment/helm/iot-edge-accelerator/templates/system-modules/opc-plc-module.yaml rename to deployment/helm/iot-edge-l2/templates/system-modules/opc-plc-module.yaml diff --git a/deployment/helm/iot-edge-accelerator/templates/system-modules/opc-publisher-module.yaml b/deployment/helm/iot-edge-l2/templates/system-modules/opc-publisher-module.yaml similarity index 100% rename from deployment/helm/iot-edge-accelerator/templates/system-modules/opc-publisher-module.yaml rename to deployment/helm/iot-edge-l2/templates/system-modules/opc-publisher-module.yaml diff --git a/deployment/helm/iot-edge-accelerator/templates/system-modules/simulated-temperature-sensor-module.yaml b/deployment/helm/iot-edge-l2/templates/system-modules/simulated-temperature-sensor-module.yaml similarity index 100% rename from deployment/helm/iot-edge-accelerator/templates/system-modules/simulated-temperature-sensor-module.yaml rename to deployment/helm/iot-edge-l2/templates/system-modules/simulated-temperature-sensor-module.yaml diff --git a/deployment/helm/iot-edge-accelerator/values.yaml b/deployment/helm/iot-edge-l2/values.yaml similarity index 57% rename from deployment/helm/iot-edge-accelerator/values.yaml rename to deployment/helm/iot-edge-l2/values.yaml index a019cbe7..502c81e4 100644 --- a/deployment/helm/iot-edge-accelerator/values.yaml +++ b/deployment/helm/iot-edge-l2/values.yaml @@ -1,15 +1,9 @@ # Simulated Temperature Sensor module settings simulatedTemperatureSensorFeedIntervalInMilliseconds: 1000 -# Data Gateway module settings -dataGatewayModule: - eventHubConnectionString: "replace_with_real_key_at_deploy_time" - storageAccountName: "replace_with_storage_account_name_at_deploy_time" - storageAccountKey: "replace_with_storage_account_key_at_deploy_time" - # Local Pub Sub module settings localPubSubModule: - redisUri: "redis-master.edge-core.svc.cluster.local:6379" + mqttUri: "tcp://mosquittocluster.edge-core.svc.cluster.local:1883" # OPC Publisher module settings opcPublisherModule: @@ -19,7 +13,6 @@ opcPublisherModule: # Docker images images: - datagatewaymodule: ghcr.io/azure-samples/distributed-az-iot-edge/datagatewaymodule:main-78b133d simulatedtemperaturesensormodule: ghcr.io/azure-samples/distributed-az-iot-edge/simulatedtemperaturesensormodule:main-78b133d opcplcmodule: mcr.microsoft.com/iotedge/opc-plc:2.2.0 opcpublishermodule: ghcr.io/azure-samples/distributed-az-iot-edge/opcuapublisher:main-78b133d diff --git a/deployment/helm/iot-edge-l4/.helmignore b/deployment/helm/iot-edge-l4/.helmignore new file mode 100644 index 00000000..bad0bbb3 --- /dev/null +++ b/deployment/helm/iot-edge-l4/.helmignore @@ -0,0 +1,25 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*.orig +*~ +# Various IDEs +.project +.idea/ +*.tmproj +.vscode/ +.tgz +index.yaml \ No newline at end of file diff --git a/deployment/helm/iot-edge-l4/Chart.yaml b/deployment/helm/iot-edge-l4/Chart.yaml new file mode 100644 index 00000000..f902c224 --- /dev/null +++ b/deployment/helm/iot-edge-l4/Chart.yaml @@ -0,0 +1,24 @@ +apiVersion: v2 +name: iot-edge-l4 +description: A Helm chart for deploying IoT Edge Accelerator L4 (layer 4) on K8s, pre-release version. +keywords: + - azure + - iot + - edge +# A chart can be either an 'application' or a 'library' chart. +# +# Application charts are a collection of templates that can be packaged into versioned archives +# to be deployed. +# +# Library charts provide useful utilities or functions for the chart developer. They're included as +# a dependency of application charts to inject those utilities and functions into the rendering +# pipeline. Library charts do not define any templates and therefore cannot be deployed. +type: application + +# This is the chart version. This version number should be incremented each time you make changes +# to the chart and its templates, including the app version. +version: 0.1.0 + +# This is the version number of the application being deployed. This version number should be +# incremented each time you make changes to the application. +appVersion: 0.4.0 diff --git a/deployment/helm/iot-edge-l4/templates/NOTES.txt b/deployment/helm/iot-edge-l4/templates/NOTES.txt new file mode 100644 index 00000000..bbeb4c45 --- /dev/null +++ b/deployment/helm/iot-edge-l4/templates/NOTES.txt @@ -0,0 +1,6 @@ +You have installed release {{ .Chart.Version}} of {{ .Chart.Name }} of IoT Edge K8s Accelerator, pre-release version. + +To learn more about the release, try: + + $ helm status {{ .Release.Name }} + $ helm get all {{ .Release.Name }} diff --git a/deployment/helm/iot-edge-accelerator/templates/dapr/event-hub-pub-sub.yaml b/deployment/helm/iot-edge-l4/templates/dapr/event-hub-pub-sub.yaml similarity index 79% rename from deployment/helm/iot-edge-accelerator/templates/dapr/event-hub-pub-sub.yaml rename to deployment/helm/iot-edge-l4/templates/dapr/event-hub-pub-sub.yaml index 159deede..5ad413b4 100644 --- a/deployment/helm/iot-edge-accelerator/templates/dapr/event-hub-pub-sub.yaml +++ b/deployment/helm/iot-edge-l4/templates/dapr/event-hub-pub-sub.yaml @@ -19,13 +19,12 @@ spec: # value: 0 # Lock down type of access for each service. - name: publishingScopes - value: "simulated-temperature-sensor-module=;data-gateway-module=telemetry;opc-publisher-module=telemetry" + value: "data-gateway-module=telemetry" - name: subscriptionScopes - value: "simulated-temperature-sensor-module=;data-gateway-module=;opc-publisher-module=" + value: "data-gateway-module=" # Lock down the topics on this pubsub component. - name: allowedTopics value: "telemetry" scopes: - data-gateway-module -- opc-publisher-module {{ end }} \ No newline at end of file diff --git a/deployment/helm/iot-edge-l4/templates/dapr/gateway-pub-sub.yaml b/deployment/helm/iot-edge-l4/templates/dapr/gateway-pub-sub.yaml new file mode 100644 index 00000000..f701e69b --- /dev/null +++ b/deployment/helm/iot-edge-l4/templates/dapr/gateway-pub-sub.yaml @@ -0,0 +1,29 @@ +apiVersion: dapr.io/v1alpha1 +kind: Component +metadata: + name: gateway-pub-sub +spec: + type: pubsub.mqtt3 + version: v1 + metadata: + - name: url + value: {{ .Values.gatewayPubSubModule.mqttUri }} + - name: retain + value: "false" + - name: cleanSession + value: "false" + - name: qos + value: "1" + - name: consumerID + value: "{podName}" + # Lock down type of access for each service. + - name: publishingScopes + value: "data-gateway-module=" + - name: subscriptionScopes + value: "data-gateway-module=telemetry;" + # Lock down the topics on this pubsub component. + - name: allowedTopics + value: "telemetry" + +scopes: +- data-gateway-module \ No newline at end of file diff --git a/deployment/helm/iot-edge-accelerator/templates/system-modules/data-gateway-module.yaml b/deployment/helm/iot-edge-l4/templates/system-modules/data-gateway-module.yaml similarity index 88% rename from deployment/helm/iot-edge-accelerator/templates/system-modules/data-gateway-module.yaml rename to deployment/helm/iot-edge-l4/templates/system-modules/data-gateway-module.yaml index ac67c15a..18a61911 100644 --- a/deployment/helm/iot-edge-accelerator/templates/system-modules/data-gateway-module.yaml +++ b/deployment/helm/iot-edge-l4/templates/system-modules/data-gateway-module.yaml @@ -24,4 +24,5 @@ spec: - name: data-gateway-module image: {{ .Values.images.datagatewaymodule }} imagePullPolicy: Always + args: ["--receiverPubSubName", "{{ .Values.gatewayPubSubModule.name }}"] restartPolicy: Always diff --git a/deployment/helm/iot-edge-l4/values.yaml b/deployment/helm/iot-edge-l4/values.yaml new file mode 100644 index 00000000..5092cd42 --- /dev/null +++ b/deployment/helm/iot-edge-l4/values.yaml @@ -0,0 +1,14 @@ +# Data Gateway module settings +dataGatewayModule: + eventHubConnectionString: "replace_with_real_key_at_deploy_time" + storageAccountName: "replace_with_storage_account_name_at_deploy_time" + storageAccountKey: "replace_with_storage_account_key_at_deploy_time" + +# Local Pub Sub module settings +gatewayPubSubModule: + mqttUri: "tcp://mosquittocluster.edge-core.svc.cluster.local:1883" + name: gateway-pub-sub + +# Docker images +images: + datagatewaymodule: ghcr.io/azure-samples/distributed-az-iot-edge/datagatewaymodule:main-78b133d \ No newline at end of file diff --git a/deployment/helm/mosquitto/.helmignore b/deployment/helm/mosquitto/.helmignore new file mode 100644 index 00000000..bad0bbb3 --- /dev/null +++ b/deployment/helm/mosquitto/.helmignore @@ -0,0 +1,25 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*.orig +*~ +# Various IDEs +.project +.idea/ +*.tmproj +.vscode/ +.tgz +index.yaml \ No newline at end of file diff --git a/deployment/helm/mosquitto/Chart.yaml b/deployment/helm/mosquitto/Chart.yaml new file mode 100644 index 00000000..b867d4aa --- /dev/null +++ b/deployment/helm/mosquitto/Chart.yaml @@ -0,0 +1,21 @@ +apiVersion: v2 +name: mosquitto +description: A Helm chart for deploying Mosquitto broker with bridging functionality. +keywords: + - mqtt +# A chart can be either an 'application' or a 'library' chart. +# +# Application charts are a collection of templates that can be packaged into versioned archives +# to be deployed. +# +# Library charts provide useful utilities or functions for the chart developer. They're included as +# a dependency of application charts to inject those utilities and functions into the rendering +# pipeline. Library charts do not define any templates and therefore cannot be deployed. +type: application + +# This is the chart version. This version number should be incremented each time you make changes +# to the chart and its templates, including the app version. +version: 0.2.0 + +# Eclipse mosquitto +appVersion: 2.0.15 diff --git a/deployment/helm/mosquitto/templates/_helpers.tpl b/deployment/helm/mosquitto/templates/_helpers.tpl new file mode 100644 index 00000000..0bb1bc41 --- /dev/null +++ b/deployment/helm/mosquitto/templates/_helpers.tpl @@ -0,0 +1,36 @@ +{{/* vim: set filetype=mustache: */}} +{{/* +Expand the name of the chart. +*/}} +{{- define "mosquitto.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "mosquitto.fullname" -}} +{{- if .Values.fullnameOverride -}} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- $name := default .Chart.Name .Values.nameOverride -}} +{{- if contains $name .Release.Name -}} +{{- .Release.Name | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} +{{- end -}} +{{- end -}} +{{- end -}} + +{{/* +Create the name of the service account to use +*/}} +{{- define "mosquitto.serviceAccountName" -}} +{{- if .Values.serviceAccount.create -}} + {{ default (include "mosquitto.fullname" .) .Values.serviceAccount.name }} +{{- else -}} + {{ default "default" .Values.serviceAccount.name }} +{{- end -}} +{{- end -}} diff --git a/deployment/helm/mosquitto/templates/mosquitto/clusterservice.yaml b/deployment/helm/mosquitto/templates/mosquitto/clusterservice.yaml new file mode 100644 index 00000000..bdf835a3 --- /dev/null +++ b/deployment/helm/mosquitto/templates/mosquitto/clusterservice.yaml @@ -0,0 +1,13 @@ +apiVersion: v1 +kind: Service +metadata: + name: mosquittocluster +spec: + type: ClusterIP + ports: + - port: {{ .Values.defaultPort }} + targetPort: {{ .Values.defaultPort }} + name: default + protocol: TCP + selector: + app: {{ include "mosquitto.name" . }} \ No newline at end of file diff --git a/deployment/helm/mosquitto/templates/mosquitto/deployment.yaml b/deployment/helm/mosquitto/templates/mosquitto/deployment.yaml new file mode 100644 index 00000000..8b4238f2 --- /dev/null +++ b/deployment/helm/mosquitto/templates/mosquitto/deployment.yaml @@ -0,0 +1,127 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ template "mosquitto.name" . }} +spec: + replicas: {{ .Values.replicaCount }} + selector: + matchLabels: + app: {{ template "mosquitto.name" . }} + template: + metadata: + labels: + app: {{ template "mosquitto.name" . }} + spec: + containers: + - name: {{ .Chart.Name }} + image: "{{ .Values.image.repository }}:{{ tpl .Values.image.tag . }}" + imagePullPolicy: {{ .Values.image.pullPolicy }} + ports: + - name: default + containerPort: {{ .Values.defaultPort }} + protocol: TCP + - name: tls + containerPort: {{ .Values.tlsPort }} + protocol: TCP + livenessProbe: + tcpSocket: + port: {{ .Values.defaultPort }} + initialDelaySeconds: 5 + periodSeconds: 15 + readinessProbe: + tcpSocket: + port: {{ .Values.defaultPort }} + initialDelaySeconds: 5 + periodSeconds: 10 + resources: + {{- toYaml .Values.resources | nindent 10 }} + volumeMounts: + - name: mosquitto-config + mountPath: /mosquitto/config/mosquitto.conf + subPath: mosquitto.conf + - name: mosquitto-data + mountPath: /mosquitto/data + subPath: mosquitto/data + - name: mosquitto-ca-cert + mountPath: /mosquitto/config/certs/ca.crt + subPath: ca.crt + readOnly: true + - name: mosquitto-server-cert + mountPath: /mosquitto/config/certs/server.crt + subPath: server.crt + readOnly: true + - name: mosquitto-server-key + mountPath: /mosquitto/config/certs/server.key + subPath: server.key + readOnly: true + - name: mosquitto-bridgeclient-key + mountPath: /mosquitto/config/bridge/bridgeclient.key + subPath: bridgeclient.key + readOnly: true + - name: mosquitto-bridgeca-cert + mountPath: /mosquitto/config/bridge/bridgeca.crt + subPath: bridgeca.crt + readOnly: true + - name: mosquitto-bridgeclient-cert + mountPath: /mosquitto/config/bridge/bridgeclient.crt + subPath: bridgeclient.crt + readOnly: true + volumes: + - name: mosquitto-config + configMap: + name: mosquitto-config + - name: mosquitto-data + {{- if .Values.persistence.enabled }} + persistentVolumeClaim: + claimName: mosquitto-pvc + {{- else }} + emptyDir: {} + {{- end }} + - name: mosquitto-ca-cert + configMap: + name: mosquitto-certs + items: + - key: ca.crt + path: ca.crt + - name: mosquitto-server-cert + configMap: + name: mosquitto-certs + items: + - key: server.crt + path: server.crt + - name: mosquitto-server-key + configMap: + name: mosquitto-certs + items: + - key: server.key + path: server.key + - name: mosquitto-bridgeca-cert + configMap: + name: mosquitto-certs + items: + - key: bridgeca.crt + path: bridgeca.crt + - name: mosquitto-bridgeclient-cert + configMap: + name: mosquitto-certs + items: + - key: bridgeclient.crt + path: bridgeclient.crt + - name: mosquitto-bridgeclient-key + configMap: + name: mosquitto-certs + items: + - key: bridgeclient.key + path: bridgeclient.key + {{- with .Values.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.affinity }} + affinity: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.tolerations }} + tolerations: + {{- toYaml . | nindent 8 }} + {{- end }} \ No newline at end of file diff --git a/deployment/helm/mosquitto/templates/mosquitto/mosquittocerts.yaml b/deployment/helm/mosquitto/templates/mosquitto/mosquittocerts.yaml new file mode 100644 index 00000000..85b1a496 --- /dev/null +++ b/deployment/helm/mosquitto/templates/mosquitto/mosquittocerts.yaml @@ -0,0 +1,17 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: mosquitto-certs +data: + ca.crt: |- + {{- .Values.certs.ca.crt | nindent 4 }} + server.crt: |- + {{- .Values.certs.server.crt | nindent 4 }} + server.key: |- + {{- .Values.certs.server.key | nindent 4 }} + bridgeca.crt: |- + {{- .Values.certs.bridgeca.crt | nindent 4 }} + bridgeclient.crt: |- + {{- .Values.certs.bridgeclient.crt | nindent 4 }} + bridgeclient.key: |- + {{- .Values.certs.bridgeclient.key | nindent 4 }} diff --git a/deployment/helm/mosquitto/templates/mosquitto/mosquittoconfig.yaml b/deployment/helm/mosquitto/templates/mosquitto/mosquittoconfig.yaml new file mode 100644 index 00000000..e31966d9 --- /dev/null +++ b/deployment/helm/mosquitto/templates/mosquitto/mosquittoconfig.yaml @@ -0,0 +1,51 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: mosquitto-config +data: + mosquitto.conf: |- + persistence true + persistence_location /mosquitto/data/ + log_dest stdout + # Possible types are: debug, error, warning, notice, information, subscribe, unsubscribe, websockets, none, all. + # log_type all + per_listener_settings true + + listener {{ .Values.defaultPort }} + allow_anonymous true + protocol mqtt + + listener {{ .Values.tlsPort }} + allow_anonymous true + tls_version tlsv1.2 + protocol mqtt + cafile /mosquitto/config/certs/ca.crt + certfile /mosquitto/config/certs/server.crt + keyfile /mosquitto/config/certs/server.key + require_certificate false + # use_subject_as_username true + + {{- if .Values.bridge.enabled }} + + # Bridging --------------------------------------- + connection {{ .Values.bridge.connectionName }} + # Bridge connection + address {{ .Values.bridge.hostname }}:{{ .Values.bridge.tlsPort }} + cleansession false + # allow for self-signed certs, skip cert chain & hostname validation + bridge_tls_version tlsv1.2 + bridge_cafile /mosquitto/config/bridge/bridgeca.crt + bridge_insecure false + # bridge_certfile /mosquitto/config/bridge/bridgeclient.crt + # bridge_keyfile /mosquitto/config/bridge/bridgeclient.key + + # Client input + clientid lowerbroker + start_type automatic + notifications false + try_private false + + # Topic subscriptions: TODO evaluate if useful make a dynamic set of values + topic telemetry/# out + + {{- end }} \ No newline at end of file diff --git a/deployment/helm/mosquitto/templates/mosquitto/pvc.yaml b/deployment/helm/mosquitto/templates/mosquitto/pvc.yaml new file mode 100644 index 00000000..43078db3 --- /dev/null +++ b/deployment/helm/mosquitto/templates/mosquitto/pvc.yaml @@ -0,0 +1,12 @@ +kind: PersistentVolumeClaim +apiVersion: v1 +metadata: + name: mosquitto-pvc + namespace: {{ .Release.Namespace }} +spec: + accessModes: + - {{ .Values.persistence.accessMode | quote }} + resources: + requests: + storage: {{ .Values.persistence.size | quote }} + storageClassName: "{{ .Values.persistence.storageClass }}" \ No newline at end of file diff --git a/deployment/helm/mosquitto/templates/mosquitto/remotesvc.yaml b/deployment/helm/mosquitto/templates/mosquitto/remotesvc.yaml new file mode 100644 index 00000000..df4ff1fd --- /dev/null +++ b/deployment/helm/mosquitto/templates/mosquitto/remotesvc.yaml @@ -0,0 +1,20 @@ +{{- if .Values.bridge.enabled }} +apiVersion: v1 +kind: Service +metadata: + name: {{ .Values.bridge.remotename }} +spec: + ports: + - protocol: TCP + port: {{ .Values.bridge.tlsPort }} +--- +apiVersion: v1 +kind: Endpoints +metadata: + name: {{ .Values.bridge.remotename }} +subsets: +- addresses: + - ip: {{ .Values.bridge.ipaddress }} + ports: + - port: {{ .Values.bridge.tlsPort }} +{{- end }} \ No newline at end of file diff --git a/deployment/helm/mosquitto/templates/mosquitto/tlsservice.yaml b/deployment/helm/mosquitto/templates/mosquitto/tlsservice.yaml new file mode 100644 index 00000000..f416eb03 --- /dev/null +++ b/deployment/helm/mosquitto/templates/mosquitto/tlsservice.yaml @@ -0,0 +1,15 @@ +apiVersion: v1 +kind: Service +metadata: + name: mosquitto + annotations: + service.beta.kubernetes.io/azure-load-balancer-internal: "true" +spec: + type: {{ .Values.tlsService.type }} + ports: + - port: {{ .Values.tlsPort }} + targetPort: {{ .Values.tlsPort }} + name: tls + protocol: TCP + selector: + app: {{ include "mosquitto.name" . }} \ No newline at end of file diff --git a/deployment/helm/mosquitto/values.yaml b/deployment/helm/mosquitto/values.yaml new file mode 100644 index 00000000..023a996a --- /dev/null +++ b/deployment/helm/mosquitto/values.yaml @@ -0,0 +1,108 @@ +nameOverride: "mosquitto" +fullnameOverride: "" + +# mosquitto image repo, tag and pull policy +image: + repository: eclipse-mosquitto + tag: 2.0.15 + pullPolicy: IfNotPresent + +# mosquitto default MQTT port +defaultPort: 1883 +tlsPort: 8883 + +# deployment replica count +replicaCount: 1 + +# mosquitto pod resources collection +resources: +# We usually recommend not to specify default resources and to leave this as a conscious +# choice for the user. This also increases chances charts run on environments with little +# resources, such as Minikube. If you do want to specify resources, uncomment the following +# lines, adjust them as necessary, and remove the curly braces after 'resources:'. + requests: + cpu: "50m" + limits: + memory: "128Mi" + cpu: "500m" + +# mosquitto deployment nodeSelectors{ +nodeSelector: {} + +# mosquitto pod tolerations +tolerations: [] + +# mosquitto pod affinity +affinity: {} + +# mosquitto service type +tlsService: + type: LoadBalancer + +# mosquitto persistence options for deployment +persistence: + enabled: true + accessMode: ReadWriteOnce + size: 8Gi + annotations: {} + storageClass: managed-csi + +bridge: + enabled: false + remotename: change_at_deploy + connectionName: change_at_deploy + ipaddress: change_at_deploy + hostname: remotename.edge-core.svc.cluster.local + tlsPort: 8883 + + +# contents of mosquitto.conf file +# mosquittoConfig: |- +# persistence true +# persistence_location /mosquitto/data/ +# log_dest stdout +# allow_anonymous true + +# #listener 1883 is non TLS and only exposed as ClusterIP on local cluster +# listener 1883 +# protocol mqtt + +# #listener TLS on port 8883 for secure bridging +# listener 8883 +# tls_version tlsv1.2 +# protocol mqtt +# cafile /mosquitto/config/certs/ca.crt +# certfile /mosquitto/config/certs/server.crt +# keyfile /mosquitto/config/certs/server.key +# require_certificate true +# use_subject_as_username true + +certs: + ca: + crt: |- + -----BEGIN CERTIFICATE----- + CA_CERT + -----END CERTIFICATE----- + server: + crt: |- + -----BEGIN CERTIFICATE----- + SERVER_CERT + -----END CERTIFICATE----- + key: |- + -----BEGIN PRIVATE KEY----- + SERVER_KEY + -----END PRIVATE KEY----- + bridgeca: + crt: |- + -----BEGIN CERTIFICATE----- + BRIDGECA_CERT + -----END CERTIFICATE----- + bridgeclient: + crt: |- + -----BEGIN CERTIFICATE----- + BRIDGECLIENT_CERT + -----END CERTIFICATE----- + key: |- + -----BEGIN PRIVATE KEY----- + BRIDGECLIENT_KEY + -----END PRIVATE KEY----- \ No newline at end of file