---
apiVersion: apps/v1
kind: Deployment
metadata:
  name: mosquitto-deployment
  labels:
    app: mosquitto
spec:
  replicas: 1
  selector:
    matchLabels:
      app: mosquitto
  template:
    metadata:
      labels:
        app: mosquitto
    spec:
      containers:
      - name: mosquitto
        image: 192.168.1.149:8443/mosquitto:0.0.7
        args: ["-v", "-c", "/opt/mqtt/mosquitto.conf"]
        volumeMounts:
          - mountPath: /opt/mqtt
            name: mosquitto-conf
        ports:
          - containerPort: 9000
            name: websockets-port
          - containerPort: 9001
            name: mqtt-port
      volumes:
      - name: mosquitto-conf
        configMap:
          name: mosquitto-conf
---
apiVersion: v1
kind: Service
metadata:
  name: mosquitto-service
spec:
  selector:
    app: mosquitto
  type: LoadBalancer
  ports:
    - protocol: TCP
      port: 9000
      name: websockets-port
    - protocol: TCP
      port: 9001
      name: mqtt-port
---
apiVersion: v1
kind: ConfigMap
metadata:
  name: mosquitto-conf
data:
  acl.yaml: |
    default:
        can_read: true
        can_write: false
    jimmy:
        can_read: true
        can_write: true
  keys.yaml: |
    default:
    - /opt/mqtt/jpace121-key.pem
    - /opt/mqtt/service-key.pem
  mosquitto.conf: |
    per_listener_settings false
    allow_anonymous false
    log_type all

    auth_plugin /usr/lib/libj7s-plugin.so
    auth_opt_key_file /opt/mqtt/keys.yaml
    auth_opt_acl_file /opt/mqtt/acl.yaml

    listener 9000
    protocol websockets

    listener 9001
    protocol mqtt
  service-key.pem: |
    -----BEGIN PUBLIC KEY-----
    MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE9DBwMe+eHkYLfq076sFq75gepyaL4LQtX8qVlGjJCtLxV308L2d8XGC35VBxrIbx8Bs5sKT4e5s9suzO8FhGMQ==
    -----END PUBLIC KEY-----
  jpace121-key.pem: |
    -----BEGIN PUBLIC KEY-----
    MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEqdtuaoyDj8jCtgB9qfUMwDe//VLAF1HTXHTQ7OS8i/S3wjOC4YOHxRy9kYQ3LdE44r7kIX6DR8VLJ3srctQ0xw==
    -----END PUBLIC KEY-----