Can't connect Mosquitto Broker on Public Domain

8/18/2020

I have a Mosquitto Broker on my Kubernetes. I can connect to Mosquitto Broker in Private Network. It works well. But when We use a Public Domain ( We use Sophos UTM 9 ), The client can't connect to Mosquitto Broker.

I'm a new with Kubernetes. This is mosquitto.yaml file:

apiVersion: apps/v1
kind: Deployment
metadata:
  name: mosquitto
spec:
  selector:
    matchLabels:
      app: mosquitto
  replicas: 1
  template:
    metadata:
      labels:
        app: mosquitto
    spec:
      containers:
      - name: mosquitto
        image: eclipse-mosquitto:v1.16.10
        resources:
          limits:
            cpu: "1"
            memory: 2Gi
          requests:
            cpu: "1"
            memory: 2Gi
        imagePullPolicy: Always
        ports:
        - containerPort: 1883
---

apiVersion: v1
kind: Service
metadata:
  name: mosquitto
spec:
  externalIPs:
  - xxx.xxx.xxx.xxx
  type: ClusterIP
  ports:
    - name: mqtt
      port: 1883
      targetPort: 1883
      protocol: TCP
  selector:
    app: mosquitto

I use NodeJS to connect with public domain. This NodeJS code is:

var mqtt = require('mqtt');
var client = mqtt.connect('mqtt://mydomain.com:1883');

client.on('connect', function () {
    client.subscribe(topic)
    console.log("Subscribed topic " + topic);
})

I wonder what the problem is kubernetes or Sophos UTM 9. Do I miss anything?

What do I have to do for Mosquitto on Kubernetes to use the Public Domain ?

I am most grateful.

-- ngannt
kubernetes
mosquitto

1 Answer

8/19/2020

After test your yaml file, I've concluded that you configuration is almost correct, I mean that because:

  • The image you are using eclipse-mosquitto:v1.16.10 does not exists. You can check all tag available here.

So, the most probable issue, is that your pod might not be running. You can check it by running the command below and checking the column STATUS.

$ kubectl get pods -l=app=mosquitto
NAME                        READY   STATUS    RESTARTS   AGE
mosquitto-c9dc57d59-98l8r   1/1     Running   0          5m53s

Here the yaml that worked for me. Note: I've removed the externalIP and resource limits from service and deployment for tests purposes and replaced the image for eclipse-mosquitto:1.6.10:

apiVersion: apps/v1
kind: Deployment
metadata:
  name: mosquitto
spec:
  selector:
    matchLabels:
      app: mosquitto
  replicas: 1
  template:
    metadata:
      labels:
        app: mosquitto
    spec:
      containers:
      - name: mosquitto
        image: eclipse-mosquitto:1.6.10
        imagePullPolicy: Always
        ports:
        - containerPort: 1883
---

apiVersion: v1
kind: Service
metadata:
  name: mosquitto
spec:
  type: ClusterIP
  ports:
    - name: mqtt
      port: 1883
      targetPort: 1883
      protocol: TCP
  selector:
    app: mosquitto

After deployed I've tested using a dnsutil container (you can find the spec here):

kubectl exec dnsutils -- sh -c 'apk update && apk add mosquitto-clients'
kubectl exec dnsutils -- mosquitto_pub -h mosquitto -t 'test/topic' -m 'upvoteIt'

Check the logs in mosquitto pod:

kubectl logs mosquitto-xxxxx 

1597829622: New client connected from 172.17.0.4 as mosqpub|88-dnsutils (p1, c1, k60).
1597829622: Client mosqpub|88-dnsutils disconnected.

If you want to see the message before test, open a second terminal and run this command to see the message being received by mosquitto server:

$ kubectl exec mosquitto-xxxxx -- mosquitto_sub -v -t 'test/topic'
test/topic upvoteIt

Where mosquitto-xxxxx is the name of your pod.

-- Mr.KoopaKiller
Source: StackOverflow