mosquitto chart supplies type: ClusterIP and externalTrafficPolicy: Cluster

[brianmay]

Details

Helm chart name and version: mosquitto version 2.4.1

Error: UPGRADE FAILED: cannot patch "mqtt-mosquitto" with kind Service: Service "mqtt-mosquitto" is invalid: spec.externalTrafficPolicy: Invalid value: "Cluster": ExternalTrafficPolicy can only be set on NodePort and LoadBalancer service

Relevant Helm values:

service is not supplied.

What did you expect to happen:

Chart should not supply externalTrafficPolicy by default. Or the very list this value should be optional.

[onedr0p]

The mosquitto chart doesn't provide that by default.

See the values https://github.com/k8s-at-home/charts/blob/master/charts/stable/mosquitto/values.yaml

[brianmay]

Sorry, my bad. Using chart from https://storage.googleapis.com/t3n-helm-charts, and can't even find where to place bug reports right now.

If only documentation for this chart wasn't so terrible, I might consider using it instead. But with this chart I can't work out the basics, such as how to configure a list of usernames/passwords or setup a kubernetes secret as a certificate.

[onedr0p]

Unfortunately Mosquitto isn't a Kubernetes native app, and with most applications like this you need to do the research on how to install it in docker-compose and translate those concepts over to k8s-speak.

I followed a guide from here on how to do auth. I went with the first method.

[brianmay]

No, I think you misunderstood. Configuring mosquitto by itself it easy. But how do you configure those values in the chart?

With the other chart you can set authentication.passwordEntries to the password entries, and set config to the extra required config. But I don't see anything like that for this chart. Nor is there any documentation to say how to set the required values.

This is something that is easy if you wrote the chart, not so easy for somebody else.

[onedr0p]

I hear ya, we are always looking to people to help out here. We're a responsive group but also do this in our free time.

To help you out I will share what I did.

For persistence:

    persistence:
      data:
        enabled: true
        existingClaim: mosquitto-config-v1
      configinc:
        enabled: true
        type: custom
        volumeSpec:
          secret:
            secretName: mosquitto-config

You can read more about how to implement persistence here

That secret looks like this:

kind: Secret
apiVersion: v1
type: Opaque
metadata:
    name: mosquitto-config
    namespace: home
stringData:
    mqtt.conf: |-
        connection_messages false
        password_file /mosquitto/configinc/mosquitto_pwd
        autosave_interval 60
    mosquitto_pwd: username:$7$101$3ijkNxJHuOLArret$oQ3GHNPeK/xRElBZ6ZBX7WjMrN1Vl3abMjePhxFTH

My entire cluster is available to read at https://github.com/onedr0p/home-cluster, for example mosquitto is deployed here

[onedr0p]

Feel free to also join our discord, we try to help out people as much as we can with our projects.

https://discord.gg/sTMX7Vh

[brianmay]

Thanks for your help. Will add trying that to my TODO list :-)

[brianmay]

Hmmm. Unfortunately, it looks like from your example the helm chart by itself is not sufficient. Will need to add the secret by hand.

[onedr0p]

Correct, honestly this issue stems from mosquitto not being driven by environment variables which would make things sooo much easier here.

eclipse/mosquitto#2203

[brianmay]

Thanks for the bug reference.