apiVersion: v1
kind: PersistentVolumeClaim
metadata:
  labels:
    app.kubernetes.io/component: mosquitto
    app.kubernetes.io/name: mosquitto
    app.kubernetes.io/part-of: home-assistant
  name: mosquitto
spec:
  accessModes:
  - ReadWriteOnce
  resources:
    requests:
      storage: 6Gi

---
apiVersion: v1
kind: Service
metadata:
  labels:
    app.kubernetes.io/component: mosquitto
    app.kubernetes.io/name: mosquitto
    app.kubernetes.io/part-of: home-assistant
  name: mosquitto
spec:
  ports:
  - port: 8883
    name: mqtt
  selector:
    app.kubernetes.io/component: mosquitto
    app.kubernetes.io/name: mosquitto
  type: ClusterIP
  externalIPs:
  - 172.30.0.148

---
apiVersion: apps/v1
kind: StatefulSet
metadata:
  labels:
    app.kubernetes.io/component: mosquitto
    app.kubernetes.io/name: mosquitto
    app.kubernetes.io/part-of: home-assistant
  name: mosquitto
spec:
  serviceName: mosquitto
  selector:
    matchLabels:
      app.kubernetes.io/component: mosquitto
      app.kubernetes.io/name: mosquitto
  template:
    metadata:
      labels:
        app.kubernetes.io/component: mosquitto
        app.kubernetes.io/name: mosquitto
        app.kubernetes.io/part-of: home-assistant
    spec:
      affinity:
        podAffinity:
          preferredDuringSchedulingIgnoredDuringExecution:
          - weight: 100
            podAffinityTerm:
              labelSelector:
                matchExpressions:
                - key: app.kubernetes.io/name
                  operator: In
                  values:
                  - home-assistant
              topologyKey: kubernetes.io/hostname
      containers:
      - name: mosquitto
        image: docker.io/library/eclipse-mosquitto:2.0.15
        ports:
        - containerPort: 8883
          name: mqtt
        readinessProbe: &probe
          tcpSocket:
            port: 8883
          failureThreshold: 3
          periodSeconds: 60
          successThreshold: 1
          timeoutSeconds: 1
        startupProbe:
          <<: *probe
          failureThreshold: 30
          periodSeconds: 1
        securityContext:
          runAsUser: 300
          runAsGroup: 300
        volumeMounts:
        - mountPath: /mosquitto/config/mosquitto.conf
          name: mosquitto-config
          subPath: mosquitto.conf
        - mountPath: /mosquitto/config/passwd
          name: mosquitto-passwd
          subPath: passwd
        - mountPath: /mosquitto/data
          name: mosquitto-data
          subPath: data
        - mountPath: /mosquitto/log
          name: mosquitto-log
          subPath: log
        - mountPath: /run/secrets/mosquitto
          name: mosquitto-cert
      securityContext:
        fsGroup: 300
      volumes:
      - name: mosquitto-cert
        secret:
          secretName: mosquitto-cert
      - name: mosquitto-config
        configMap:
          name: mosquitto
      - name: mosquitto-data
        persistentVolumeClaim:
          claimName: mosquitto
      - name: mosquitto-log
        emptyDir: {}
      - name: mosquitto-passwd
        secret:
          secretName: mosquitto