Start of adding the broker

build-containers.sh

@@ -1,11 +1,13 @@
 #!/bin/bash
 
+TAG=0.7.1
+
 REGISTRY=$1
 
 if [ ! -z "$REGISTRY" ]; then
 
-  docker build flowforge-container -t $REGISTRY/flowforge/forge-k8s
-  docker build node-red-container -t $REGISTRY/flowforge/node-red
+  docker build flowforge-container -t $REGISTRY/flowforge/forge-k8s:$TAG
+  docker build node-red-container -t $REGISTRY/flowforge/node-red:$TAG
 
 else
   echo "Usage: $0 [container registry]"

helm/flowforge/Chart.yaml

@@ -1,6 +1,6 @@
 apiVersion: "v2"
 name: "flowforge"
-version: "0.3.3"
+version: "0.7.1"
 description: "FlowForge"
 type: "application"
 home: "https://flowforge.com"
@@ -16,4 +16,4 @@ dependencies:
 maintainers:
   - name: "FlowForge Inc"
     url: "https://flowforge.com"
-appVersion: "v0.3.3"
+appVersion: "0.7.1"

helm/flowforge/templates/broker.yaml

@@ -0,0 +1,142 @@
+{{- if .Values.forge.broker -}}
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: flowforge-broker-config
+data:
+  mosquitto.conf: |
+    per_listener_settings false
+    allow_anonymous false
+
+    listener 1883 0.0.0.0
+    listener 1884 0.0.0.0
+    protocol websockets
+
+    auth_plugin /mosquitto/go-auth.so
+    auth_opt_backends http
+    auth_opt_hasher bcrypt
+    auth_opt_cache true
+    auth_opt_auth_cache_seconds 30
+    auth_opt_acl_cache_seconds 90
+    auth_opt_auth_jitter_second 3
+    auth_opt_acl_jitter_seconds 5
+
+    auth_opt_http_host forge.default
+    auth_opt_http_port 80
+    auth_opt_http_getuser_uri /api/broker/auth-client
+    auth_opt_http_aclcheck_uri /api/broker/auth-acl
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata: 
+  name: flowforge-broker
+  labels:
+    app: flowforge-broker
+spec:
+  selector:
+    matchLabels:
+      app: flowforge-broker
+  replicas: 1
+  template:
+    metadata:
+      labels:
+        app: flowforge-broker
+    spec:
+      containers:
+      - name: broker
+        image: iegomez/mosquitto-go-auth
+        imagePullPolicy: IfNotPresent
+        volumeMounts:
+        - name: config
+          mountPath: /etc/mosquitto
+        ports:
+        - containerPort: 1883
+          name: mqtt-native
+        - containerPort: 1884
+          name: mqtt-ws
+        # livenessProbe:
+        #   httpGet:
+        #     path: /
+        #     port: 1884
+        # readinessProbe:
+        #   httpGet:
+        #     path: /
+        #     port: 1884
+      {{- if .Values.forge.registrySecrets }}
+      imagePullSecrets:
+      {{- range .Values.forge.registrySecrets }}
+      - name: {{ . }}
+      {{- end }}
+      {{- end }}
+      volumes:
+      - name: config
+        configMap:
+          name: flowforge-broker-config
+      {{- if .Values.forge.managementSelector }}
+      nodeSelector:
+        {{- range $key, $value := .Values.forge.managementSelector }}
+        {{ $key }}: {{ $value }}
+        {{- end }}
+      {{- end }}
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: flowforge-broker
+spec:
+  ports:
+  - port: 1883
+    targetPort: 1883
+    protocol: TCP
+    name: mqtt-native
+  - port: 1884
+    targetPort: 1884
+    protocol: TCP
+    name: mqtt-ws
+  selector:
+    app: flowforge-broker
+---
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: flowforge-broker
+  labels:
+    app: flowforge-broker
+  annotations:
+    {{- if .Values.forge.cloudProvider }}
+    {{- if eq .Values.forge.cloudProvider "aws" }}
+    kubernetes.io/ingress.class: alb
+    alb.ingress.kubernetes.io/scheme: internet-facing
+    alb.ingress.kubernetes.io/target-type: ip
+    alb.ingress.kubernetes.io/group.name: flowforge
+    alb.ingress.kubernetes.io/listen-ports: '[{"HTTPS":443}, {"HTTP":80}]'
+    alb.ingress.kubernetes.io/ssl-redirect: '443'
+    {{- end }}
+    {{- end }}
+spec:
+  rules:
+    - host: mqtt.{{ .Values.forge.domain }}
+      http:
+        paths:
+          - pathType: Prefix
+            path: /
+            backend:
+              service:
+                name: flowforge-broker
+                port:
+                  number: 1884
+# ---
+# apiVersion: v1
+# kind: Service
+# metadata:
+#   name: flowforge-broker-native
+# spec:
+#   type: LoadBalancer
+#   ports:
+#   - port: 1883
+#     targetPort: mqtt-native
+#     protocol: TCP
+#     name: mqtt-native
+#   selector:
+#     app: flowforge-broker
+{{- end -}}

helm/flowforge/templates/configmap.yaml

@@ -80,4 +80,19 @@ data:
       {{- end }}
     {{- end }}
     {{- end }}
-
+    {{- if .Values.forge.broker }}
+    broker:
+      {{ if .Values.forge.broker.url -}}
+      url: {{ .Values.forge.broker.url }}
+      {{ else -}}
+      url: mqtt://forge-broker.{{ .Release.Namespace }}:1883
+      {{- end -}}
+      {{ if .Values.forge.broker.public_url -}}
+      public_url: {{ .Values.forge.broker.public_url }}
+      {{ else -}}
+      public_url: ws{{- if .Values.forge.https -}}s{{- end -}}://mqtt.{{ .Values.forge.domain }}
+      {{- end -}}
+    {{- end }}
+    logging:
+      level: info
+      http: info

helm/flowforge/templates/deployment.yaml

@@ -17,7 +17,7 @@ spec:
       serviceAccountName: flowforge
       containers:
       - name: forge
-        image: {{ default "docker-pi.local:5000" .Values.forge.registry }}/flowforge/forge-k8s
+        image: {{ default "docker-pi.local:5000" .Values.forge.registry }}/flowforge/forge-k8s:{{ .Chart.AppVersion }}
         imagePullPolicy: Always
         {{- if .Values.forge.cloudProvider }}
         env:

helm/flowforge/values.schema.json

@@ -153,6 +153,20 @@
                     "required": [
                         "billing"
                     ]
+                },
+                "broker": {
+                    "type": "object",
+                    "properties": {
+                        "url": {
+                            "type" : "string"
+                        },
+                        "public_url": {
+                            "type": "string"
+                        }
+                    },
+                    "required": [
+                        "url"
+                    ]
                 }
             },
             "required": [