replicaCount: 1
strategyType: Recreate

image:
  repository: eclipse-mosquitto
  tag: 2.0.15
  pullPolicy: IfNotPresent

service:
  type: LoadBalancer
  #externalTrafficPolicy: Cluster
  annotations:
    metallb.universe.tf/address-pool: iot
    #metallb.universe.tf/allow-shared-ip: adguard

ports:
  mqtt:
    port: 1883
    # sets consistent nodePort, required to set service.type=NodePort
    # nodePort: 31883
    protocol: TCP
  websocket:
    port: 9090
    protocol: TCP

persistence:
  enabled: true
  accessMode: ReadWriteOnce
  existingClaim: ""
  mountPath: /mosquitto/data
  subPath: ""
  # storageClass: "-"
  size: 1Gi

resources:
  limits:
    cpu: 300m
    memory: 128Mi
  requests:
    cpu: 100m
    memory: 64Mi

podSecurityContext:
  runAsUser: 1001
  runAsGroup: 10000
  fsGroup: 10000

securityContext:
  runAsUser: 1001
  fsGroup: 10000
  runAsNonRoot: true
  privileged: false
  readOnlyRootFilesystem: true
  allowPrivilegeEscalation: false
  capabilities:
    drop:
    - ALL

authentication:
  passwordEntries: ""
  # To use authentication with mosquitto, you can set a list of password entries to be used.
  # reference https://mosquitto.org/man/mosquitto_passwd-1.html to generate these entries.
  # For example:
  # passwordEntries: |-
  #   user1:$6$BKzw0RKerxV4Esbj$Uz5slWGB1TiOtYIEokEl0eR1YSEQAdKpcdRYMsLYbwjktlVzdLyGk41YCPGyMLnBePtdwPhkcm8kjGI0R9s57w==
  #   user2:$6$b5vYuHrSLj48Ii32$NjlbnatIaUQSsNvxxTpawpav6NPyZ8QhGrdEVGtyU1rgEGjNzVGKlstRg29FV6MFTPs/ugPA8D5I5+qRcIMXSg==
  passwordFilePath: "/etc/mosquitto/passwordfile"

authorization:
  acls: ""
  # To use authorizations with mosquitto, you can set a list of per user or pattern-based rules.
  # reference https://mosquitto.org/man/mosquitto-conf-5.html for further information.
  # For example:
  # acls: |-
      # zigbee2mqtt ACLs
      # user zigbee2mqtt
      # topic readwrite zigbee2mqtt/#
      # topic readwrite homeassistant/#
      # Tasmota-compatible ACLs
      # pattern read cmnd/%u/#
      # pattern write stat/%u/#
      # pattern write tele/%u/#
  aclfilePath: "/etc/mosquitto/aclfile"

existingConfigMap: ""
config: |
  persistence true
  persistence_location /mosquitto/data/
  log_dest stdout
  listener 1883
  listener 9090
  protocol websockets

## Additional volumes.
extraVolumes: []
  # - name: tls
  #   secret:
  #     secretName: mosquitto-certs

## Additional volumeMounts to the main container.
extraVolumeMounts: []
  # - name: tls
  #   mountPath: /certs
  #   subPath: cafile

monitoring:
  podMonitor:
    enabled: false
  sidecar:
    enabled: false
    port: 9234
    # nodePort: 32234
    image:
      repository: nolte/mosquitto-exporter
      tag: v0.6.3
      pullPolicy: IfNotPresent
    resources:
      limits:
        cpu: 300m
        memory: 128Mi
      requests:
        cpu: 100m
        memory: 64Mi