From 5af88188b266c77f5ad75b409d187a6e4ac92775 Mon Sep 17 00:00:00 2001
From: ppawlowski <piotr@devopswizards.com>
Date: Tue, 2 Jun 2026 18:38:47 +0200
Subject: [PATCH 1/7] Remove mosquitto broker

---
 helm/flowfuse/templates/NOTES.txt           |   9 +-
 helm/flowfuse/templates/_helpers.tpl        |   6 +-
 helm/flowfuse/templates/broker-config.yaml  |  95 -----------
 helm/flowfuse/templates/broker-ingress.yaml |  38 -----
 helm/flowfuse/templates/broker.yaml         | 172 --------------------
 helm/flowfuse/templates/configmap.yaml      |   4 -
 helm/flowfuse/templates/emqx.yaml           |  14 +-
 helm/flowfuse/values.schema.json            | 125 --------------
 helm/flowfuse/values.yaml                   |  27 ---
 9 files changed, 9 insertions(+), 481 deletions(-)
 delete mode 100644 helm/flowfuse/templates/broker-config.yaml
 delete mode 100644 helm/flowfuse/templates/broker-ingress.yaml
 delete mode 100644 helm/flowfuse/templates/broker.yaml

diff --git a/helm/flowfuse/templates/NOTES.txt b/helm/flowfuse/templates/NOTES.txt
index 6aa99c65..ad6cf2fd 100644
--- a/helm/flowfuse/templates/NOTES.txt
+++ b/helm/flowfuse/templates/NOTES.txt
@@ -1,10 +1,3 @@
 Thank you for installing {{ .Chart.Name }} v{{ .Chart.AppVersion }}
 
-You can complete the setup wizard at {{ if .Values.forge.entryPoint }}http{{- if .Values.forge.https -}}s{{- end -}}://{{ .Values.forge.entryPoint }}{{- else }}http{{- if .Values.forge.https -}}s{{- end -}}://forge.{{ .Values.forge.domain }}{{- end }}
-
-{{- if .Values.forge.broker.createMetricsUser }}
-You configured the installation to create a dedicated MQTT user for collecting broker's metrics. 
-You can access the generated values by executing:
-kubectl -n {{ .Release.Namespace }} get secret flowfuse-broker-secrets -o jsonpath='{.data.metrics_password}' | base64 -d
-kubectl -n {{ .Release.Namespace }} get secret flowfuse-broker-secrets -o jsonpath='{.data.metrics_user}' | base64 -d
-{{- end }}
\ No newline at end of file
+You can complete the setup wizard at {{ if .Values.forge.entryPoint }}http{{- if .Values.forge.https -}}s{{- end -}}://{{ .Values.forge.entryPoint }}{{- else }}http{{- if .Values.forge.https -}}s{{- end -}}://forge.{{ .Values.forge.domain }}{{- end }}
\ No newline at end of file
diff --git a/helm/flowfuse/templates/_helpers.tpl b/helm/flowfuse/templates/_helpers.tpl
index b57ce1af..f4202d66 100644
--- a/helm/flowfuse/templates/_helpers.tpl
+++ b/helm/flowfuse/templates/_helpers.tpl
@@ -39,17 +39,13 @@ Broker Selector labels
 */}}
 
 {{- define "forge.brokerSelectorLabels" -}}
-{{/* 
+{{/*
 {{ include "forge.commonSelectorLabels" . }}
 app.kubernetes.io/component: "broker"
 */}}
-{{- if and ( eq .Values.forge.broker.enabled true) ( eq .Values.forge.broker.teamBroker.enabled false ) -}}
-app: flowforge-broker
-{{- else -}}
 apps.emqx.io/db-role: core
 apps.emqx.io/instance: emqx
 apps.emqx.io/managed-by: emqx-operator
-{{- end -}}
 {{- end }}
 
 {{/*
diff --git a/helm/flowfuse/templates/broker-config.yaml b/helm/flowfuse/templates/broker-config.yaml
deleted file mode 100644
index e9871870..00000000
--- a/helm/flowfuse/templates/broker-config.yaml
+++ /dev/null
@@ -1,95 +0,0 @@
-{{- if and ( eq .Values.forge.broker.enabled true) ( eq .Values.forge.broker.teamBroker.enabled false ) -}}
-{{- $metricsUser := "metrics_reader" }}
-apiVersion: v1
-kind: ConfigMap
-metadata:
-  name: flowforge-broker-config
-  labels:
-    {{- include "forge.labels" . | nindent 4 }}
-data:
-  mosquitto.conf: |
-    per_listener_settings false
-    allow_anonymous false
-
-    listener 1883 0.0.0.0
-    listener 1884 0.0.0.0
-    protocol websockets
-    http_dir /http
-
-    auth_plugin /mosquitto/go-auth.so
-    auth_opt_hasher bcrypt
-    auth_opt_cache true
-    auth_opt_auth_cache_seconds 120
-    auth_opt_acl_cache_seconds 300
-    auth_opt_auth_jitter_second 3
-    auth_opt_acl_jitter_seconds 5
-    auth_opt_check_prefix true
-    {{- if .Values.forge.broker.createMetricsUser }}
-    auth_opt_backends files, http
-    auth_opt_prefixes metrics, forge
-
-    auth_opt_files_password_path /etc/mosquitto/password_file
-    auth_opt_files_acl_path /etc/mosquitto/acl_file
-    {{- else }}
-    auth_opt_backends http
-    auth_opt_prefixes forge
-    {{- end }}
-
-    auth_opt_http_host forge.{{ .Release.Namespace }}
-    auth_opt_http_port 80
-    auth_opt_http_getuser_uri /api/comms/auth/client
-    auth_opt_http_aclcheck_uri /api/comms/auth/acl
-
-  {{- if .Values.forge.broker.createMetricsUser }}
-  mqtt_acl_file: |
-    user {{ $metricsUser }}
-    topic read $SYS/#
-  {{- end }}
----
-apiVersion: v1
-kind: ConfigMap
-metadata:
-  name: flowforge-broker-ping
-  labels:
-    {{- include "forge.labels" . | nindent 4 }}
-data:
-  ping.html: |
-    <html>
-      <head>
-        <title>Mosquitto Liveness Check</title>
-        <body>
-          <h1>HelloWorld</h1>
-        </body>
-      </head>
-    </html>
-{{- if .Values.forge.broker.createMetricsUser }}
-{{- $secretName := "flowfuse-broker-secrets" }}
-{{- $existingSecret := (lookup "v1" "Secret" .Release.Namespace $secretName) | default dict }}
-{{- $metricsPassword := "" }}
-{{- $metricsPassword := "" }}
-{{- $mqttPasswordFile := "" }}
-{{- if and $existingSecret.data (hasKey $existingSecret.data "metrics_password") }}
-{{- $metricsPassword = $existingSecret.data.metrics_password | b64dec }}
-{{- else }}
-{{- $metricsPassword = randAlphaNum 32 }}
-{{- end }}
-{{- if and $existingSecret.data (hasKey $existingSecret.data "mqtt_password_file") }}
-{{- $mqttPasswordFile = $existingSecret.data.mqtt_password_file | b64dec }}
-{{- else }}
-{{- $mqttPasswordFile = htpasswd $metricsUser $metricsPassword }}
-{{- end }}
----
-apiVersion: v1
-kind: Secret
-type: Opaque
-metadata:
-  name: {{ $secretName }}
-  labels:
-    {{- include "forge.labels" . | nindent 4 }}
-data:
-  metrics_user: {{ $metricsUser | b64enc | quote }}
-  metrics_password: {{ $metricsPassword | b64enc | quote }}
-  mqtt_password_file: {{ $mqttPasswordFile | b64enc | quote }}
-
-{{- end }}
-{{- end }}
diff --git a/helm/flowfuse/templates/broker-ingress.yaml b/helm/flowfuse/templates/broker-ingress.yaml
deleted file mode 100644
index 5015871e..00000000
--- a/helm/flowfuse/templates/broker-ingress.yaml
+++ /dev/null
@@ -1,38 +0,0 @@
-{{- if and ( eq .Values.forge.broker.enabled true) ( eq .Values.forge.broker.teamBroker.enabled false ) -}}
-{{- $brokerHostname := (printf "%s%s" "mqtt." .Values.forge.domain) -}}
-apiVersion: networking.k8s.io/v1
-kind: Ingress
-metadata:
-  name: flowforge-broker
-  labels:
-    {{- include "forge.brokerSelectorLabels" . | nindent 4 }}
-  annotations:
-  {{- if .Values.ingress.certManagerIssuer }}
-    cert-manager.io/cluster-issuer: {{ .Values.ingress.certManagerIssuer }}
-  {{- end }}
-  {{- $filteredAnnotations := include "forge.filteredBrokerIngressAnnotations" . | replace "{{ instanceHost }}" "{{ include forge.brokerDomain . }}" | replace "{{ serviceName }}" "flowforge-broker" }}
-  {{- if $filteredAnnotations }}
-{{ $filteredAnnotations | indent 4 }}
-  {{- end }}
-spec:
-  {{- if $.Values.ingress.className }}
-  ingressClassName: {{ $.Values.ingress.className }}
-  {{- end }}
-  rules:
-    - host: {{ include "forge.brokerDomain" . }}
-      http:
-        paths:
-          - pathType: Prefix
-            path: /
-            backend:
-              service:
-                name: flowforge-broker
-                port:
-                  number: 1884
-  {{- if include "forge.brokerCertManagerEnabled" . }}
-  tls:
-  - hosts:
-    - {{ include "forge.brokerDomain" . }}
-    secretName: {{ include "forge.brokerDomain" . }}
-  {{- end }}
-{{- end }}
diff --git a/helm/flowfuse/templates/broker.yaml b/helm/flowfuse/templates/broker.yaml
deleted file mode 100644
index 0bc84d19..00000000
--- a/helm/flowfuse/templates/broker.yaml
+++ /dev/null
@@ -1,172 +0,0 @@
-{{- if and ( eq .Values.forge.broker.enabled true) ( eq .Values.forge.broker.teamBroker.enabled false ) -}}
-apiVersion: apps/v1
-kind: Deployment
-metadata: 
-  name: flowforge-broker
-  labels:
-    {{- include "forge.labels" . | nindent 4 }}
-    {{- with .Values.forge.broker.labels }}
-    {{- toYaml . | nindent 4 }}
-    {{- end }}
-  annotations:
-    checkov.io/skip1: CKV_K8S_10=We do not force default resources constraints
-    checkov.io/skip2: CKV_K8S_11=We do not force default resources constraints
-    checkov.io/skip3: CKV_K8S_12=We do not force default resources constraints
-    checkov.io/skip4: CKV_K8S_13=We do not force default resources constraints
-spec:
-  revisionHistoryLimit: {{ .Values.forge.broker.revisionHistoryLimit | default .Values.forge.revisionHistoryLimit }}
-  selector:
-    matchLabels:
-     {{- include "forge.brokerSelectorLabels" . | nindent 6 }}
-  replicas: 1
-  template:
-    metadata:
-      annotations:
-        checksum/config: {{ include (print $.Template.BasePath "/broker-config.yaml") . | sha256sum }}
-      labels:
-        {{- include "forge.brokerSelectorLabels" . | nindent 8 }}
-        {{- with .Values.forge.broker.podLabels }}
-        {{- toYaml . | nindent 8 }}
-        {{- end }}
-    spec:
-      {{- if .Values.forge.priorityClassName }}
-      priorityClassName: "{{ .Values.forge.priorityClassName}}"
-      {{- end }}
-      automountServiceAccountToken: false
-      {{- if .Values.forge.broker.podSecurityContext }}
-      securityContext:
-        {{- toYaml .Values.forge.broker.podSecurityContext | nindent 8 }}
-      {{- end }}
-      containers:
-      - name: broker
-        image: {{ .Values.forge.broker.image }}
-        imagePullPolicy: Always
-        volumeMounts:
-        - name: config
-          mountPath: /etc/mosquitto/mosquitto.conf
-          subPath: mosquitto.conf
-        - name: ping
-          mountPath: /http
-        {{- if .Values.forge.broker.createMetricsUser }}
-        - name: config
-          mountPath: /etc/mosquitto/acl_file
-          subPath: mqtt_acl_file
-        - name: secrets
-          mountPath: /etc/mosquitto/password_file
-          subPath: mqtt_password_file
-          readOnly: true
-        {{- end }}
-        ports:
-        - containerPort: 1883
-          name: mqtt-native
-        - containerPort: 1884
-          name: mqtt-ws
-        securityContext: {{- toYaml .Values.forge.broker.containerSecurityContext | nindent 10 }}
-        {{- if .Values.forge.broker.livenessProbe }}
-        livenessProbe:
-          httpGet:
-            path: /ping.html
-            port: 1884
-          initialDelaySeconds: {{ .Values.forge.broker.livenessProbe.initialDelaySeconds }}
-          periodSeconds: {{ .Values.forge.broker.livenessProbe.periodSeconds }}
-          timeoutSeconds: {{ .Values.forge.broker.livenessProbe.timeoutSeconds }}
-          successThreshold: {{ .Values.forge.broker.livenessProbe.successThreshold }}
-          failureThreshold: {{ .Values.forge.broker.livenessProbe.failureThreshold }}
-        {{- end }}
-        {{- if .Values.forge.broker.readinessProbe }}
-        readinessProbe:
-          httpGet:
-            path: /ping.html
-            port: 1884
-          initialDelaySeconds: {{ .Values.forge.broker.readinessProbe.initialDelaySeconds }}
-          periodSeconds: {{ .Values.forge.broker.readinessProbe.periodSeconds }}
-          timeoutSeconds: {{ .Values.forge.broker.readinessProbe.timeoutSeconds }}
-          successThreshold: {{ .Values.forge.broker.readinessProbe.successThreshold }}
-          failureThreshold: {{ .Values.forge.broker.readinessProbe.failureThreshold }}
-        {{- end }}
-        {{- if .Values.forge.broker.startupProbe }}
-        startupProbe:
-          httpGet:
-            path: /ping.html
-            port: 1884
-          initialDelaySeconds: {{ .Values.forge.broker.startupProbe.initialDelaySeconds }}
-          periodSeconds: {{ .Values.forge.broker.startupProbe.periodSeconds }}
-          timeoutSeconds: {{ .Values.forge.broker.startupProbe.timeoutSeconds }}
-          successThreshold: {{ .Values.forge.broker.startupProbe.successThreshold }}
-          failureThreshold: {{ .Values.forge.broker.startupProbe.failureThreshold }}
-        {{- end }}
-        {{- if .Values.forge.broker.resources }}
-        resources: {{- toYaml .Values.forge.broker.resources | nindent 12 }}
-        {{- end }}
-      {{- if .Values.forge.broker.tolerations}}
-      tolerations:
-      {{ toYaml .Values.forge.broker.tolerations | nindent 8 }}
-      {{- end }}
-      {{- if .Values.forge.registrySecrets }}
-      imagePullSecrets:
-      {{- range .Values.forge.registrySecrets }}
-      - name: {{ . }}
-      {{- end }}
-      {{- end }}
-      volumes:
-      - name: config
-        configMap:
-          name: flowforge-broker-config
-      - name: ping
-        configMap:
-          name: flowforge-broker-ping
-      {{- if .Values.forge.broker.createMetricsUser }}
-      - name: secrets
-        secret:
-          secretName: flowfuse-broker-secrets
-      {{- end }}
-      {{- if .Values.forge.managementSelector }}
-      nodeSelector:
-        {{- range $key, $value := .Values.forge.managementSelector }}
-        {{ $key }}: {{ $value }}
-        {{- end }}
-      {{- end }}
-      {{- if .Values.forge.broker.affinity }}
-      affinity: {{ toYaml .Values.forge.broker.affinity | nindent 8 }}
-      {{- end }}
-{{- end }}
-{{- if .Values.forge.broker.enabled }}
----
-apiVersion: v1
-kind: Service
-metadata:
-  name: flowforge-broker
-  labels:
-  {{- include "forge.labels" . | nindent 4 }}
-spec:
-  type: {{ .Values.broker.service.type }}
-  {{- if eq .Values.broker.service.type "NodePort" }}
-  ports:
-  - port: 1883
-    targetPort: 1883
-    protocol: TCP
-    name: mqtt-native
-    {{- if (.Values.broker.service.mqtt).nodePort }}
-    nodePort: {{ .Values.broker.service.mqtt.nodePort }}
-    {{- end }}
-  - port: 1884
-    targetPort: 1884
-    protocol: TCP
-    name: mqtt-ws
-    {{- if (.Values.broker.service.ws).nodePort }}
-    nodePort: {{ .Values.broker.service.ws.nodePort }}
-    {{- end }}
-  {{- else }}
-  ports:
-  - port: 1883
-    targetPort: 1883
-    protocol: TCP
-    name: mqtt-native
-  - port: 1884
-    targetPort: 1884
-    protocol: TCP
-    name: mqtt-ws
-  {{- end }}
-  selector:
-    {{- include "forge.brokerSelectorLabels" . | nindent 4 }}
-{{- end -}}
\ No newline at end of file
diff --git a/helm/flowfuse/templates/configmap.yaml b/helm/flowfuse/templates/configmap.yaml
index 311d18ff..7081a445 100644
--- a/helm/flowfuse/templates/configmap.yaml
+++ b/helm/flowfuse/templates/configmap.yaml
@@ -209,11 +209,7 @@ data:
       {{ if .Values.forge.broker.url -}}
       url: {{ .Values.forge.broker.url }}
       {{ else -}}
-      {{ if .Values.forge.broker.teamBroker.enabled }}
       url: mqtt://emqx-listeners.{{ .Release.Namespace }}:1883
-      {{ else -}}
-      url: mqtt://flowforge-broker.{{ .Release.Namespace }}:1883
-      {{end -}}
       {{ end -}}
       {{ if .Values.forge.broker.public_url -}}
       public_url: {{ .Values.forge.broker.public_url }}
diff --git a/helm/flowfuse/templates/emqx.yaml b/helm/flowfuse/templates/emqx.yaml
index 726b0dcd..0e5ffc6e 100644
--- a/helm/flowfuse/templates/emqx.yaml
+++ b/helm/flowfuse/templates/emqx.yaml
@@ -1,6 +1,6 @@
-{{- if and ( eq .Values.forge.broker.enabled true) ( eq .Values.forge.broker.teamBroker.enabled true )  -}}
+{{- if eq .Values.forge.broker.enabled true -}}
 {{- if not (.Capabilities.APIVersions.Has "apps.emqx.io/v2beta1") }}
-{{- fail "EMQX Operator not installed. Please install it or disable team broker before continuing" }}
+{{- fail "EMQX Operator not installed. Please install it or disable the broker (forge.broker.enabled=false) before continuing" }}
 {{- end }}
 apiVersion: apps.emqx.io/v2beta1
 kind: EMQX
@@ -33,8 +33,8 @@ spec:
               - name: EMQX_DASHBOARD__DEFAULT_PASSWORD
                 valueFrom:
                     secretKeyRef:
-                        {{- if .Values.broker.exisitingSecret }}
-                        name: {{ .Values.broker.exisitingSecret }}
+                        {{- if .Values.broker.existingSecret }}
+                        name: {{ .Values.broker.existingSecret }}
                         {{- else }}
                         name: emqx-config-secrets
                         {{- end }}
@@ -51,8 +51,8 @@ spec:
             extraVolumes:
               - name: config
                 secret:
-                    {{- if .Values.broker.exisitingSecret }}
-                    secretName: {{ .Values.broker.exisitingSecret }}
+                    {{- if .Values.broker.existingSecret }}
+                    secretName: {{ .Values.broker.existingSecret }}
                     {{- else }}
                     secretName: emqx-config-secrets
                     {{- end }}
@@ -83,7 +83,7 @@ spec:
             type: ClusterIP
         {{- end }}
 ---
-{{- if not .Values.broker.exisitingSecret }}
+{{- if not .Values.broker.existingSecret }}
 apiVersion: v1
 kind: Secret
 metadata:
diff --git a/helm/flowfuse/values.schema.json b/helm/flowfuse/values.schema.json
index c8ece7d8..78ed7207 100644
--- a/helm/flowfuse/values.schema.json
+++ b/helm/flowfuse/values.schema.json
@@ -344,100 +344,6 @@
                                 }
                             }
                         },
-                        "podSecurityContext": {
-                            "type": "object",
-                            "properties": {
-                                "runAsUser": {
-                                    "type": "integer"
-                                },
-                                "runAsGroup": {
-                                    "type": "integer"
-                                },
-                                "fsGroup": {
-                                    "type": "integer"
-                                },
-                                "seccompProfile": {
-                                    "type": "object",
-                                    "properties": {
-                                        "type": {
-                                            "type": "string"
-                                        },
-                                        "localhostProfile": {
-                                            "type": "string"
-                                        }
-                                    }
-                                }
-                            }
-                        },
-                        "livenessProbe": {
-                            "type": "object",
-                            "properties": {
-                                "failureThreshold": {
-                                    "type": "integer"
-                                },
-                                "initialDelaySeconds": {
-                                    "type": "integer"
-                                },
-                                "periodSeconds": {
-                                    "type": "integer"
-                                },
-                                "successThreshold": {
-                                    "type": "integer"
-                                },
-                                "timeoutSeconds": {
-                                    "type": "integer"
-                                }
-                            }
-                        },
-                        "readinessProbe": {
-                            "type": "object",
-                            "properties": {
-                                "failureThreshold": {
-                                    "type": "integer"
-                                },
-                                "initialDelaySeconds": {
-                                    "type": "integer"
-                                },
-                                "periodSeconds": {
-                                    "type": "integer"
-                                },
-                                "successThreshold": {
-                                    "type": "integer"
-                                },
-                                "timeoutSeconds": {
-                                    "type": "integer"
-                                }
-                            }
-                        },
-                        "startupProbe": {
-                            "type": "object",
-                            "properties": {
-                                "failureThreshold": {
-                                    "type": "integer"
-                                },
-                                "initialDelaySeconds": {
-                                    "type": "integer"
-                                },
-                                "periodSeconds": {
-                                    "type": "integer"
-                                },
-                                "successThreshold": {
-                                    "type": "integer"
-                                },
-                                "timeoutSeconds": {
-                                    "type": "integer"
-                                }
-                            }
-                        },
-                        "containerSecurityContext": {
-                            "type": "object"
-                        },
-                        "podLabels": {
-                            "type": "object"
-                        },
-                        "labels": {
-                            "type": "object"
-                        },
                         "tolerations": {
                             "type": "array"
                         },
@@ -449,12 +355,6 @@
                                     "minProperties": 0
                                 }
                             }
-                        },
-                        "createMetricsUser": {
-                            "type": "boolean"
-                        },
-                        "image": {
-                            "type": "string"
                         }
                     },
                     "required": [
@@ -1325,31 +1225,6 @@
                         }
                     }
                 },
-                "service": {
-                    "type": "object",
-                    "properties": {
-                        "type": {
-                            "type": "string"
-                        },
-                        "mqtt": {
-                            "type": "object",
-                            "properties": {
-                                "nodePort": {
-                                    "type": "integer"
-                                }
-                            }
-                        },
-                        "ws": {
-                            "type": "object",
-                            "properties": {
-                                "nodePort": {
-                                    "type": "integer"
-                                }
-                            }
-                        }
-                    },
-                    "required": ["type"]
-                },
                 "config": {
                     "type": "string",
                     "description": "EMQX configuration rendered into spec.config.data via tpl."
diff --git a/helm/flowfuse/values.yaml b/helm/flowfuse/values.yaml
index aafd0e36..e9b6e99d 100644
--- a/helm/flowfuse/values.yaml
+++ b/helm/flowfuse/values.yaml
@@ -26,34 +26,9 @@ forge:
   podLabels: {}
   broker:
     enabled: false
-    image: iegomez/mosquitto-go-auth
     revisionHistoryLimit: null
     teamBroker:
       enabled: false
-    createMetricsUser: false
-    podSecurityContext:
-      runAsUser: 1000
-      runAsGroup: 1000
-      fsGroup: 1000
-      seccompProfile:
-        type: RuntimeDefault
-    livenessProbe:
-      initialDelaySeconds: 10
-      periodSeconds: 10
-      timeoutSeconds: 15
-      successThreshold: 1
-      failureThreshold: 5
-    readinessProbe:
-      initialDelaySeconds: 10
-      periodSeconds: 10
-      timeoutSeconds: 15
-      successThreshold: 1
-      failureThreshold: 3
-    containerSecurityContext:
-      allowPrivilegeEscalation: false
-      readOnlyRootFilesystem: true
-    labels: {}
-    podLabels: {}
     tolerations: []
     ingress.annotations: {}
   logging:
@@ -352,8 +327,6 @@ broker:
         registry: ""
         repository: emqx/emqx-exporter
         tag: "0.2"
-  service:
-    type: ClusterIP
 
 npmRegistry:
   enabled: false

From 2cc54d013d51b00489778d4d5cd03f0c7159de7d Mon Sep 17 00:00:00 2001
From: ppawlowski <piotr@devopswizards.com>
Date: Wed, 3 Jun 2026 14:15:08 +0200
Subject: [PATCH 2/7] Fix indentation

---
 helm/flowfuse/templates/emqx.yaml | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/helm/flowfuse/templates/emqx.yaml b/helm/flowfuse/templates/emqx.yaml
index 0e5ffc6e..8acdb17f 100644
--- a/helm/flowfuse/templates/emqx.yaml
+++ b/helm/flowfuse/templates/emqx.yaml
@@ -108,7 +108,7 @@ metadata:
     {{- end }}
   {{- $filteredAnnotations := include "forge.filteredBrokerIngressAnnotations" . | replace "{{ instanceHost }}" "{{ include forge.brokerDomain . }}" | replace "{{ serviceName }}" "flowforge-broker" }}
   {{- if $filteredAnnotations }}
-{{ $filteredAnnotations | indent 4 }}
+{{ $filteredAnnotations | indent 8 }}
   {{- end }}
 spec:
     {{- if $.Values.ingress.className }}
@@ -129,7 +129,7 @@ spec:
     tls:
     - hosts:
         - {{ include "forge.brokerDomain" . }}
-        secretName: {{ include "forge.brokerDomain" . }}
+      secretName: {{ include "forge.brokerDomain" . }}
   {{- end }}
 
 {{- end }}

From 64fe331412f120b8b084e7ed01fa67e8cb95dea8 Mon Sep 17 00:00:00 2001
From: ppawlowski <piotr@devopswizards.com>
Date: Wed, 3 Jun 2026 14:15:27 +0200
Subject: [PATCH 3/7] Remove revisionHistoryLimit

---
 helm/flowfuse/values.schema.json | 31 -------------------------------
 helm/flowfuse/values.yaml        |  1 -
 2 files changed, 32 deletions(-)

diff --git a/helm/flowfuse/values.schema.json b/helm/flowfuse/values.schema.json
index 78ed7207..e60375a2 100644
--- a/helm/flowfuse/values.schema.json
+++ b/helm/flowfuse/values.schema.json
@@ -278,10 +278,6 @@
                         "enabled": {
                             "type": "boolean"
                         },
-                        "revisionHistoryLimit": {
-                            "type": ["integer", "null"],
-                            "minimum": 0
-                        },
                         "url": {
                             "type" : "string"
                         },
@@ -317,33 +313,6 @@
                                 }
                             }
                         },
-                        "resources": {
-                            "type": "object",
-                            "properties": {
-                                "limits": {
-                                    "type": "object",
-                                    "properties": {
-                                        "cpu": {
-                                            "type": ["number","string"]
-                                        },
-                                        "memory": {
-                                            "type": ["number","string"]
-                                        }
-                                    }
-                                },
-                                "requests": {
-                                    "type": "object",
-                                    "properties": {
-                                        "cpu": {
-                                            "type": ["number","string"]
-                                        },
-                                        "memory": {
-                                            "type": ["number","string"]
-                                        }
-                                    }
-                                }
-                            }
-                        },
                         "tolerations": {
                             "type": "array"
                         },
diff --git a/helm/flowfuse/values.yaml b/helm/flowfuse/values.yaml
index e9b6e99d..29534da1 100644
--- a/helm/flowfuse/values.yaml
+++ b/helm/flowfuse/values.yaml
@@ -26,7 +26,6 @@ forge:
   podLabels: {}
   broker:
     enabled: false
-    revisionHistoryLimit: null
     teamBroker:
       enabled: false
     tolerations: []

From 0a34b4d763232d4bc4d32f23d37211d44b496646 Mon Sep 17 00:00:00 2001
From: ppawlowski <piotr@devopswizards.com>
Date: Wed, 3 Jun 2026 15:11:51 +0200
Subject: [PATCH 4/7] Update unit tests

---
 helm/flowfuse/tests/broker_test.yaml  | 130 ++++++++++----------------
 helm/flowfuse/tests/ingress_test.yaml |  31 +++---
 2 files changed, 68 insertions(+), 93 deletions(-)

diff --git a/helm/flowfuse/tests/broker_test.yaml b/helm/flowfuse/tests/broker_test.yaml
index 775ec86b..a0bb4513 100644
--- a/helm/flowfuse/tests/broker_test.yaml
+++ b/helm/flowfuse/tests/broker_test.yaml
@@ -1,123 +1,89 @@
 # yaml-language-server: $schema=https://raw.githubusercontent.com/helm-unittest/helm-unittest/main/schema/helm-testsuite.json
 suite: test broker deployment
 templates:
-  - broker.yaml
-  - broker-config.yaml
+  - emqx.yaml
 set:
   forge.domain: "chart-unit-tests.com"
   forge.broker.enabled: true
+capabilities:
+  apiVersions:
+    - apps.emqx.io/v2beta1
 tests:
-  - it: should create a mosquitto broker deployment
-    template: broker.yaml
+  - it: should create an EMQX custom resource
     documentIndex: 0
     asserts:
       - isKind:
-          of: Deployment
+          of: EMQX
       - equal:
-          path: spec.template.spec.containers[?(@.name == "broker")].image
-          value: iegomez/mosquitto-go-auth
-      - lengthEqual:
-          path: spec.template.spec.containers
-          count: 1
+          path: spec.image
+          value: emqx:5
 
-  - it: should use forge.revisionHistoryLimit as default for mosquitto broker
-    template: broker.yaml
+  - it: should deploy EMQX even when the team broker is disabled
     documentIndex: 0
+    set:
+      forge.broker.teamBroker.enabled: false
     asserts:
-      - equal:
-          path: spec.revisionHistoryLimit
-          value: 10
+      - isKind:
+          of: EMQX
 
-  - it: should use component-specific revisionHistoryLimit for mosquitto broker
-    template: broker.yaml
+  - it: should deploy EMQX when the team broker is enabled
     documentIndex: 0
     set:
-      forge.broker.revisionHistoryLimit: 5
+      forge.broker.teamBroker.enabled: true
+    asserts:
+      - isKind:
+          of: EMQX
+
+  - it: should use forge.revisionHistoryLimit as default for the EMQX broker
+    documentIndex: 0
     asserts:
       - equal:
           path: spec.revisionHistoryLimit
-          value: 5
+          value: 10
 
-  - it: should prefer component value over forge.revisionHistoryLimit for mosquitto broker
-    template: broker.yaml
+  - it: should prefer broker.revisionHistoryLimit over forge.revisionHistoryLimit
     documentIndex: 0
     set:
       forge.revisionHistoryLimit: 7
-      forge.broker.revisionHistoryLimit: 5
+      broker.revisionHistoryLimit: 5
     asserts:
       - equal:
           path: spec.revisionHistoryLimit
           value: 5
 
-  - it: should create a broker service for mosquitto broker deployment 
-    template: broker.yaml
-    documentIndex: 1
+  - it: should generate the emqx-config-secrets secret when no existingSecret is set
+    documentSelector:
+      path: metadata.name
+      value: emqx-config-secrets
     asserts:
       - isKind:
-          of: Service
-      - equal:
-          path: spec.selector
-          value: 
-            app: flowforge-broker
-      - not: true
-        equal:
-          path: spec.selector
-          value: apps.emqx.io/instance
+          of: Secret
+      - exists:
+          path: data.api_key_secret
 
-  - it: should create a broker service for emqx deployment
-    template: broker.yaml
-    documentIndex: 0
+  - it: should not generate the emqx-config-secrets secret when existingSecret is set
     set:
-      forge.broker.teamBroker.enabled: true
+      broker.existingSecret: my-existing-secret
     asserts:
+      - hasDocuments:
+          count: 2
       - isKind:
-          of: Service
-      - notExists:
-          path: spec.selector.app
-      - equal:
-          path: spec.selector
-          value:
-            apps.emqx.io/db-role: core
-            apps.emqx.io/instance: emqx
-            apps.emqx.io/managed-by: emqx-operator
-
-  - it: should create a NodePort-type broker service
-    template: broker.yaml
-    documentIndex: 1
-    set:
-      broker.service.type: NodePort
-    asserts:
+          of: EMQX
+        documentIndex: 0
       - isKind:
-          of: Service
-      - equal:
-          path: metadata.name
-          value: flowforge-broker
-      - equal:
-          path: spec.type
-          value: NodePort
+          of: Ingress
+        documentIndex: 1
 
-  - it: should create a NodePort-type broker service with custom mqtt and ws NodePorts
-    template: broker.yaml
-    documentIndex: 1
-    set:
-      broker.service:
-        type: NodePort
-        mqtt:
-          nodePort: 30001
-        ws:
-          nodePort: 30002
+  - it: should create the broker ingress pointing at the EMQX listeners service
+    documentSelector:
+      path: metadata.name
+      value: flowforge-broker
     asserts:
       - isKind:
-          of: Service
-      - equal:
-          path: metadata.name
-          value: flowforge-broker
-      - equal:
-          path: spec.type
-          value: NodePort
+          of: Ingress
       - equal:
-          path: spec.ports[?(@.name == "mqtt-native")].nodePort
-          value: 30001
+          path: spec.rules[0].http.paths[0].backend.service.name
+          value: emqx-listeners
       - equal:
-          path: spec.ports[?(@.name == "mqtt-ws")].nodePort
-          value: 30002
+          path: spec.rules[0].http.paths[0].backend.service.port.number
+          value: 8080
diff --git a/helm/flowfuse/tests/ingress_test.yaml b/helm/flowfuse/tests/ingress_test.yaml
index 24f8fce6..6467b0a9 100644
--- a/helm/flowfuse/tests/ingress_test.yaml
+++ b/helm/flowfuse/tests/ingress_test.yaml
@@ -2,6 +2,9 @@
 suite: test forge ingress objects
 set:
   forge.domain: "chart-unit-tests.com"
+capabilities:
+  apiVersions:
+    - apps.emqx.io/v2beta1
 tests:
   - it: should create forge ingress object
     template: service-ingress.yaml
@@ -26,7 +29,7 @@ tests:
           name: flowforge-broker
           apiVersion: networking.k8s.io/v1
           any: true
-        template: broker-ingress.yaml
+        template: emqx.yaml
   - it: should create forge ingress object with annotations
     template: service-ingress.yaml
     documentSelector: 
@@ -50,8 +53,8 @@ tests:
       - isNullOrEmpty:
           path: metadata.annotations
   - it: should create broker ingress object with annotations
-    templates: 
-      - broker-ingress.yaml
+    template: emqx.yaml
+    documentIndex: 2
     set:
       forge.broker:
         enabled: true
@@ -65,8 +68,8 @@ tests:
           path: metadata.annotations.customBrokerAnnotation
           value: "true"
   - it: should create broker ingress object without annotations
-    templates: 
-    - broker-ingress.yaml
+    template: emqx.yaml
+    documentIndex: 2
     set:
       ingress.annotations:
         customForgeAnnotation: "true"
@@ -87,11 +90,13 @@ tests:
     asserts:
       - isNotNullOrEmpty:
           path: metadata.annotations
-        template: broker-ingress.yaml
+        template: emqx.yaml
+        documentIndex: 2
       - equal:
           path: metadata.annotations.customBrokerAnnotation
           value: "true"
-        template: broker-ingress.yaml
+        template: emqx.yaml
+        documentIndex: 2
       - isNotNullOrEmpty:
           path: metadata.annotations
         template: service-ingress.yaml
@@ -234,7 +239,8 @@ tests:
           path: spec.tls
 
   - it: should create broker ingress with TLS when certManagerIssuer is set
-    template: broker-ingress.yaml
+    template: emqx.yaml
+    documentIndex: 2
     set:
       forge:
         broker:
@@ -256,7 +262,8 @@ tests:
           value: "mqtt.chart-unit-tests.com"
 
   - it: should add TLS section to broker ingress when cert-manager annotations are detected
-    template: broker-ingress.yaml
+    template: emqx.yaml
+    documentIndex: 2
     set:
       forge:
         broker:
@@ -281,7 +288,8 @@ tests:
 
   # Test broker ingress without cert-manager annotations
   - it: should NOT add TLS section to broker ingress when no cert-manager annotations
-    template: broker-ingress.yaml
+    template: emqx.yaml
+    documentIndex: 2
     set:
       forge:
         broker:
@@ -296,7 +304,8 @@ tests:
           path: spec.tls
 
   - it: should use certManagerIssuer when both certManagerIssuer and cert-manager annotations are set for broker ingress
-    template: broker-ingress.yaml
+    template: emqx.yaml
+    documentIndex: 2
     set:
       forge:
         broker:

From d0990496f52c948a613b3f1802ab8ef0c8b600e0 Mon Sep 17 00:00:00 2001
From: ppawlowski <piotr@devopswizards.com>
Date: Wed, 3 Jun 2026 15:27:07 +0200
Subject: [PATCH 5/7] Install emqx operator in the helm lint workflow

---
 .github/workflows/helm-chart.yml | 18 ++++++++++++++++++
 1 file changed, 18 insertions(+)

diff --git a/.github/workflows/helm-chart.yml b/.github/workflows/helm-chart.yml
index 0762ff06..d81fac8d 100644
--- a/.github/workflows/helm-chart.yml
+++ b/.github/workflows/helm-chart.yml
@@ -55,6 +55,24 @@ jobs:
             kubectl label --overwrite $node "role=management"
           done
 
+      - name: Install cert-manager (required by EMQX Operator)
+        if: "${{!startsWith(github.event.pull_request.title, 'feat: Release')}}"
+        run: |
+          kubectl apply -f https://github.com/cert-manager/cert-manager/releases/download/v1.16.2/cert-manager.yaml
+          kubectl wait --for=condition=Available --timeout=300s \
+            deployment/cert-manager deployment/cert-manager-webhook deployment/cert-manager-cainjector \
+            -n cert-manager
+
+      - name: Install EMQX Operator
+        if: "${{!startsWith(github.event.pull_request.title, 'feat: Release')}}"
+        run: |
+          helm repo add emqx https://repos.emqx.io/charts
+          helm repo update
+          helm install emqx-operator emqx/emqx-operator \
+            --namespace emqx-operator-system --create-namespace --wait
+          kubectl wait --for=condition=Available --timeout=300s \
+            deployment -l app.kubernetes.io/instance=emqx-operator -n emqx-operator-system
+
       - name: Run chart-testing (install and upgrade)
         if: "${{!startsWith(github.event.pull_request.title, 'feat: Release')}}"
         run: ct install --upgrade --config ./.github/configs/chart-testing.yaml

From 80430f5f759710dcf7e24aa78efa668c08f89600 Mon Sep 17 00:00:00 2001
From: ppawlowski <piotr@devopswizards.com>
Date: Wed, 3 Jun 2026 19:23:23 +0200
Subject: [PATCH 6/7] Restore flowforge-broker service

---
 helm/flowfuse/templates/emqx.yaml    | 38 +++++++++++++++++++
 helm/flowfuse/tests/broker_test.yaml | 55 ++++++++++++++++++++++++++--
 helm/flowfuse/values.schema.json     | 25 +++++++++++++
 helm/flowfuse/values.yaml            |  2 +
 4 files changed, 116 insertions(+), 4 deletions(-)

diff --git a/helm/flowfuse/templates/emqx.yaml b/helm/flowfuse/templates/emqx.yaml
index 8acdb17f..cb153556 100644
--- a/helm/flowfuse/templates/emqx.yaml
+++ b/helm/flowfuse/templates/emqx.yaml
@@ -131,5 +131,43 @@ spec:
         - {{ include "forge.brokerDomain" . }}
       secretName: {{ include "forge.brokerDomain" . }}
   {{- end }}
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: flowforge-broker
+  labels:
+  {{- include "forge.labels" . | nindent 4 }}
+spec:
+  type: {{ .Values.broker.service.type }}
+  {{- if eq .Values.broker.service.type "NodePort" }}
+  ports:
+  - port: 1883
+    targetPort: 1883
+    protocol: TCP
+    name: mqtt-native
+    {{- if (.Values.broker.service.mqtt).nodePort }}
+    nodePort: {{ .Values.broker.service.mqtt.nodePort }}
+    {{- end }}
+  - port: 1884
+    targetPort: 1884
+    protocol: TCP
+    name: mqtt-ws
+    {{- if (.Values.broker.service.ws).nodePort }}
+    nodePort: {{ .Values.broker.service.ws.nodePort }}
+    {{- end }}
+  {{- else }}
+  ports:
+  - port: 1883
+    targetPort: 1883
+    protocol: TCP
+    name: mqtt-native
+  - port: 1884
+    targetPort: 1884
+    protocol: TCP
+    name: mqtt-ws
+  {{- end }}
+  selector:
+    {{- include "forge.brokerSelectorLabels" . | nindent 4 }}
 
 {{- end }}
diff --git a/helm/flowfuse/tests/broker_test.yaml b/helm/flowfuse/tests/broker_test.yaml
index a0bb4513..08c32783 100644
--- a/helm/flowfuse/tests/broker_test.yaml
+++ b/helm/flowfuse/tests/broker_test.yaml
@@ -66,24 +66,71 @@ tests:
       broker.existingSecret: my-existing-secret
     asserts:
       - hasDocuments:
-          count: 2
+          count: 3
       - isKind:
           of: EMQX
         documentIndex: 0
       - isKind:
           of: Ingress
         documentIndex: 1
+      - isKind:
+          of: Service
+        documentIndex: 2
 
   - it: should create the broker ingress pointing at the EMQX listeners service
-    documentSelector:
-      path: metadata.name
-      value: flowforge-broker
+    documentIndex: 2
     asserts:
       - isKind:
           of: Ingress
+      - equal:
+          path: metadata.name
+          value: flowforge-broker
       - equal:
           path: spec.rules[0].http.paths[0].backend.service.name
           value: emqx-listeners
       - equal:
           path: spec.rules[0].http.paths[0].backend.service.port.number
           value: 8080
+
+  - it: should create the flowforge-broker compatibility service selecting EMQX pods
+    documentIndex: 3
+    asserts:
+      - isKind:
+          of: Service
+      - equal:
+          path: metadata.name
+          value: flowforge-broker
+      - equal:
+          path: spec.type
+          value: ClusterIP
+      - equal:
+          path: spec.ports[?(@.name == "mqtt-native")].port
+          value: 1883
+      - equal:
+          path: spec.selector
+          value:
+            apps.emqx.io/db-role: core
+            apps.emqx.io/instance: emqx
+            apps.emqx.io/managed-by: emqx-operator
+
+  - it: should create a NodePort-type flowforge-broker service with custom node ports
+    documentIndex: 3
+    set:
+      broker.service:
+        type: NodePort
+        mqtt:
+          nodePort: 30001
+        ws:
+          nodePort: 30002
+    asserts:
+      - isKind:
+          of: Service
+      - equal:
+          path: spec.type
+          value: NodePort
+      - equal:
+          path: spec.ports[?(@.name == "mqtt-native")].nodePort
+          value: 30001
+      - equal:
+          path: spec.ports[?(@.name == "mqtt-ws")].nodePort
+          value: 30002
diff --git a/helm/flowfuse/values.schema.json b/helm/flowfuse/values.schema.json
index e60375a2..2a7bf483 100644
--- a/helm/flowfuse/values.schema.json
+++ b/helm/flowfuse/values.schema.json
@@ -1194,6 +1194,31 @@
                         }
                     }
                 },
+                "service": {
+                    "type": "object",
+                    "properties": {
+                        "type": {
+                            "type": "string"
+                        },
+                        "mqtt": {
+                            "type": "object",
+                            "properties": {
+                                "nodePort": {
+                                    "type": "integer"
+                                }
+                            }
+                        },
+                        "ws": {
+                            "type": "object",
+                            "properties": {
+                                "nodePort": {
+                                    "type": "integer"
+                                }
+                            }
+                        }
+                    },
+                    "required": ["type"]
+                },
                 "config": {
                     "type": "string",
                     "description": "EMQX configuration rendered into spec.config.data via tpl."
diff --git a/helm/flowfuse/values.yaml b/helm/flowfuse/values.yaml
index 29534da1..b3beb686 100644
--- a/helm/flowfuse/values.yaml
+++ b/helm/flowfuse/values.yaml
@@ -326,6 +326,8 @@ broker:
         registry: ""
         repository: emqx/emqx-exporter
         tag: "0.2"
+  service:
+    type: ClusterIP
 
 npmRegistry:
   enabled: false

From 172c7c578ce472e4d2e4b9840e61efd2f1630867 Mon Sep 17 00:00:00 2001
From: ppawlowski <piotr@devopswizards.com>
Date: Wed, 3 Jun 2026 19:30:25 +0200
Subject: [PATCH 7/7] Update docs

---
 helm/flowfuse/README.md | 21 ++++-----------------
 1 file changed, 4 insertions(+), 17 deletions(-)

diff --git a/helm/flowfuse/README.md b/helm/flowfuse/README.md
index aa6a1c65..80265bcb 100644
--- a/helm/flowfuse/README.md
+++ b/helm/flowfuse/README.md
@@ -108,27 +108,16 @@ To use STMP to send email
 
  ### MQTT Broker
 
-  - `forge.broker.enabled` (default `false`)
-  - `forge.broker.image` Allows the mosquitto broker container image to be overidden (default `iegomez/mosquitto-go-auth`)
-  - `forge.broker.url` URL to access the broker from inside the cluster (default `mqtt://flowforge-broker.[namespace]:1883`)
+  - `forge.broker.enabled` deploys the MQTT broker (default `false`)
+  - `forge.broker.url` URL to access the broker from inside the cluster (default `mqtt://emqx-listeners.[namespace]:1883`)
   - `forge.broker.public_url` URL to access the broker from outside the cluster (default `ws://mqtt.[forge.domain]`, uses `wss://` if `forge.https` is `true`)
   - `forge.broker.hostname` the custom Fully Qualified Domain Name (FQDN) where the broker will be hosted (default `mqtt.[forge.domain]`)
   - `forge.broker.teamBroker.enabled` Enables Team Broker feature (default `false`)
   - `forge.broker.teamBroker.api.url` URL for the Team Broker API (default `http://emqx-dashboard.<release-namespace>:18083`)
   - `forge.broker.teamBroker.api.key` API key for the Team Broker API (default not set)
   - `forge.broker.teamBroker.api.secret` API secret for the Team Broker API (default not set)
-  - `forge.broker.createMetricsUser` defines if a dedicated MQTT user with broker metrics collection permissions should be created (default `true`)
   - `forge.broker.affinity` allows to configure [affinity or anti-affinity](https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#affinity-and-anti-affinity) for the broker pod
-  - `forge.broker.resources` allows to configure [resources](https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/) for the broker container
-  - `forge.broker.podSecurityContext` allows to configure [securityContext](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/) for the broker pod
-  - `forge.broker.containerSecurityContext` allows to configure [securityContext](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/) for the broker container
-  - `forge.broker.livenessProbe` block with [livenessProbe](https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/) configuration for the broker pod (check [here](#liveness-readiness-and-startup-probes) for more details)
-  - `forge.broker.readinessProbe` block with [readinessProbe](https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/) configuration for the broker pod (check [here](#liveness-readiness-and-startup-probes) for more details)
-  - `forge.broker.startupProbe` block with [startupProbe](https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/) configuration for the broker pod (check [here](#liveness-readiness-and-startup-probes) for more details)
-  - `forge.broker.labels` allows to add custom labels to the broker related objects (e.g. deployment, services, etc.) (default `{}`)
-  - `forge.broker.revisionHistoryLimit` number of old ReplicaSets to retain for the mosquitto broker Deployment. If not set, uses `forge.revisionHistoryLimit` (default `10`).
-  - `forge.broker.podLabels` allows to add custom labels to the broker pod (default `{}`)
-  - `forge.broker.tolerations` allows to configure [tolerations](https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/) for the broker deployment (default `[]`)
+  - `forge.broker.tolerations` allows to configure [tolerations](https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/) for the broker pod (default `[]`)
   - `forge.broker.ingress.annotations` broker ingress annotations (default is `{}`)
 
 `forge.broker.ingress.annotations` values can contain the following tokens that will be replaced as follows:
@@ -136,8 +125,6 @@ To use STMP to send email
   - `{{ instanceHost }}` replaced by the hostname of the instance
   - `{{ serviceName }}` replaced by the service name of the instance
 
-`forge.broker.createMetricsUser` parameter controlls if a dedicated MQTT user with broker metrics collection permissions should be created. This user can by used by the tools like [Mosquitto Exporter](https://github.com/sapcc/mosquitto-exporter) to expose broker's metrics for Prometheus scrapper. 
-
 ### Team Broker
 
   - `broker.image` defines the container image for the Team Broker (default `emqx:5`)
@@ -152,7 +139,7 @@ To use STMP to send email
   - `broker.monitoring.emqxExporter.image.tag` tag for the emqx-exporter image (default `0.2`)
   - `broker.monitoring.emqxExporter.revisionHistoryLimit` number of old ReplicaSets to retain for the EMQX exporter Deployment. If not set, uses `forge.revisionHistoryLimit` (default `10`).
   - `broker.hostname` Sets the hostname for the Team Broker (default `broker.[forge.domain]`)
-  - `broker.service.type` allows to set the service type for the Team Broker service (default `ClusterIP`)
+  - `broker.service.type` allows to set the service type for the `flowforge-broker` MQTT service (default `ClusterIP`)
   - `broker.service.mqtt.nodePort` allows to set custom nodePort value for `mqtt` port when `broker.service.type` value is set to `NodePort` (default not set)
   - `broker.service.ws.nodePort` allows to set custom nodePort value for `ws` port when `broker.service.type` value is set to `NodePort` (default not set)
   - `broker.config` allows to overwrite the default Team Broker configuration