Skip to main content

MQTT

MQTT is a lightweight protocol for sending IoT data and messages over the internet. It is a publish and subscribe protocol where a device publishes a message to a topic on an MQTT broker. Other clients can subscribe to the topic and receive updates. The concept of topics can be compared to channels on a radio. There are various public MQTT brokers such as mqtt.eclipse.org, test.mosquitto.org and broker.emqx.io. These can be used for testing purposes but are insecure: anybody can subscribe to the information that is broadcasted. Setting up a private MQTT broker can be done without much efforts by deploying a chart on your Kubernetes cluster.

If you have access to a private MQTT broker you can skip this section.

Installation

You can download and install an MQTT broker from the Eclipse Mosquitto site and install it as a native service on your server. Alternatively you can use the Kubernetes helm chart to deploy the broker in your Kubernetes cluster:

helm install mqtt 3d-t/mqtt

After the service has been deployed you can test the MQTT on the local system. You can use a MQTT client such as mosquitto. To install the client run:

sudo apt install mosquitto_clients

Open a command line end subscribe to a topic 'room/temperature' on the local system:

mosquitto_sub -t room/temperature

Open a second window on the local host and publish a message on the topic 'test':

mosquitto_pub -t room/temperature -m 22

The message 22 should now appear in the terminal with the subscription.

Authentication

To avoid that anybody can publish and subscribe to messages you can setup username and password authentication. Generate a password file mqtt.yml using the mosquitto_passwd utility:

mosquitto_passwd -c mqtt.yml bob
Password: 
Reenter password:

The content of the mqtt.yml file includes a single line with the name of the user and the password:

bob:$7$101$v3NUpaLlRvxX/P9t$URFgmd5n4kPhRW5772...

Change this password file into a Helm configuration file: 

config:
  anonymous: false
  passwd: bob:$7$101$v3NUpaLlRvxX/P9t$URFgmd5n4kPhRW5772...

Deploy the mqtt service with the configuration file:

helm uninstall mqtt
helm install -f mqtt.yml mqtt 3d-t/mqtt

You can now test that you can not publish without password:

mosquitto_pub -t room/temperature -m 22
Connection Refused: not authorised.

And test you can publish with the password:

mosquitto_pub -u bob -P secret -t room/temperature -m 22

External access

To make the MQTT server accessible to the outside open a forwarding rule on the router and link the port 1883 to same port on the node where the cluster runs.