如何在 Kubernetes 中设置 Mosquitto MQTT 代理

Question

我一直在尝试在 Kubernetes 空间中设置 ChirpStack，但它似乎对我不起作用，而且我在网上找不到任何解决方案的资源。

**chirpstack-application-server-6d6f8d699c-nlrmx   1/1     Running            0          44s\
chirpstack-gateway-bridge-5454b7f9f-fm5wl          1/1     Running            0          73s\
chirpstack-mosquitto-646899d74d-d7bhl              0/1     CrashLoopBackOff   3          85s\
chirpstack-network-server-66cdf9bdf7-rhzg5         1/1     Running            0          55s**

上面是我有自动取款机的每个吊舱。应用程序服务器、网络服务器、网关桥都启动并运行，但是 Mosquitto 代理转到“完成”并直接进入 CrashLoopBackOff。

我认为这可能与缺乏配置有关，因此我花了几天时间将 mosquitto.conf 文件与“allow_anonymous true”放在一起，希望能够从我的任何 ChirpStack 组件获得连接，但日志只是指示 mqtt 连接被拒绝错误。

kubectl 日志的输出 chirpstack-application-server

time="2020-12-10T15:01:41Z" level=error msg="integration/mqtt: connecting to broker error, will retry in 2s: Network Error : dial tcp 10.244.146.236:1883: i/o timeout"

因为无法建立连接，所以我认为情况恰恰相反，我需要添加password_file并将allow_anonymous设置为false。以下是我当前的配置，如果有人可能知道出了什么问题。

configMap-1.yml

kind: ConfigMap
metadata:
  name: mosquitto-password
  namespace: ****
  labels:
    app: chirpstack-mosquitto  
data:
  password_file.txt: |
    admin:admin
    user:user
    app-server:app-server
    net-server:net-server
    gateway-bridge:gateway-bridge

配置映射.yml

kind: ConfigMap
metadata:
  name: mosquitto-config
  namespace: ****
  labels:
    app: chirpstack-mosquitto  
data:
  mosquitto.conf: |    
    persistence true
    persistence_location /mosquitto/data/
    # per_listener_settings false
    log_dest stdout
    # listener 1886
    listener 1883
    protocol mqtt
    # Defaults to false, unless there are no listeners defined in the configuration
    # file, in which case it is set to true, but connections are only allowed from
    # the local machine.
    allow_anonymous false
    password_file /.config/mosquitto/auth/password_file.txt
    #    cafile: /mosquitto/config/certs/ca.crt
    #    certfile: /mosquitto/config/certs/server.crt
    #    keyfile: /mosquitto/config/certs/server.key
    require_certificate false
    use_identity_as_username false

部署.yml

kind: Deployment
metadata:
  name: chirpstack-mosquitto
  namespace: ****  
spec:
  replicas: 1
  selector:
    matchLabels:
      app: chirpstack-mosquitto
  template:
    metadata:
      labels:
        app: chirpstack-mosquitto
    spec:
      containers:
      - name: chirpstack-mosquitto
        image: ****/chirpstack/eclipse-mosquitto:1.6.12
        ports:
        - containerPort: 1883
        volumeMounts:
        - name: password-file
          mountPath: /.config/mosquitto/auth/password_file.txt
          subPath: password_file.txt
        - name: mosquitto-data
          mountPath: /mosquitto/data
        - name: mosquitto-log
          mountPath: /mosquitto/log
        - name: config-file
          mountPath: /.config/mosquitto/mosquitto.conf
          subPath: mosquitto.conf         
      securityContext:
        runAsNonRoot: true
        fsGroup: 1
        runAsGroup: 1000
        runAsUser: 1000
        supplementalGroups:
        - 1    
      volumes:
      - name: config-file
        configMap:
          name: mosquitto-config
      - name: password-file
        configMap:
          name: mosquitto-password        
      - name: mosquitto-data
        emptyDir: {}
      - name: mosquitto-log
        emptyDir: {}   

服务.yml

kind: Service
metadata:
  name: chirpstack-mosquitto
  namespace: 186215-poc  
spec:
  type: ClusterIP
  ports:
    - name: mqtt 
      port: 1883
      targetPort: 1883
      protocol: TCP  
  selector:
    app: chirpstack-mosquitto    

Answer 1

蚊子/configmap.yaml：

apiVersion: v1
kind: ConfigMap
metadata:
  name: mosquitto-config
data:
  mosquitto.conf: |-
    # Ip/hostname to listen to.
    # If not given, will listen on all interfaces
    #bind_address

    # Port to use for the default listener.
    port 1883

    # Allow anonymous users to connect?
    # If not, the password file should be created
    allow_anonymous true

    # The password file.
    # Use the `mosquitto_passwd` utility.
    # If TLS is not compiled, plaintext "username:password" lines bay be used
    # password_file /mosquitto/config/passwd

蚊子/deployment.yaml：

apiVersion: apps/v1
kind: Deployment
metadata:
  name: mosquitto
spec:
  selector:
    matchLabels:
      app: mosquitto
  template:
    metadata:
      labels:
        app: mosquitto
    spec:
      containers:
      - name: mosquitto
        image: eclipse-mosquitto:2.0
        resources:
          requests:
            cpu: "50m"
          limits:
            memory: "128Mi"
            cpu: "500m"
        ports:
        - containerPort: 1883
        volumeMounts:
            - name: mosquitto-config
              mountPath: /mosquitto/config/mosquitto.conf
              subPath: mosquitto.conf
      volumes:
        - name: mosquitto-config
          configMap:
            name: mosquitto-config

蚊子/service.yaml：

apiVersion: v1
kind: Service
metadata:
  name: mosquitto
spec:
  selector:
    app: mosquitto
  ports:
  - port: 1883
    targetPort: 1883

现在：

apiVersion: v1
kind: ConfigMap
metadata:
  name: mosquitto-config
data:
  mosquitto.conf: |-
    # Ip/hostname to listen to.
    # If not given, will listen on all interfaces
    #bind_address

    # Port to use for the default listener.
    port 1883

    # Allow anonymous users to connect?
    # If not, the password file should be created
    allow_anonymous true

    # The password file.
    # Use the `mosquitto_passwd` utility.
    # If TLS is not compiled, plaintext "username:password" lines bay be used
    # password_file /mosquitto/config/passwd