我在 Kubernetes 上部署了一个 MQTT 代理。我还创建了一个 .net 核心 API,然后它将作为客户端将消息发布到在 Kubernetes 上运行的 MQTT 代理。该 API 也部署在 Kubernetes 集群上。我正在使用 MQTTnet 库作为客户端代码将消息发布到 MQTT 代理。
但是现在我收到错误Client disconnected, not authorized。
下面是我要连接的 MQTTnet 代码:
IMqttClient _mqttClient = new MqttFactory().CreateMqttClient();
var clientOptionsBuilder = new MqttClientOptionsBuilder();
clientOptionsBuilder.WithClientId("MQTTClient-FromAPI");
clientOptionsBuilder.WithTcpServer("mqtt-service.default.svc.cluster.local", 1883);
//clientOptionsBuilder.WithTcpServer("localhost", 1883);
clientOptionsBuilder.WithCredentials("admin", "admin");
MqttClientConnectResult result =_mqttClient.ConnectAsync(clientOptionsBuilder.Build()).Result;
以下是我对 MQTT 代理的部署:
apiVersion: v1
kind: ConfigMap
metadata:
name: mqtt-configmap
labels:
app: mqtt-configmap
data:
password_file: |-
admin:$7$101$3BT1W9A36TAQucti$9oNVFaQh9VLKM1CIIm6a6qtqUSVoEkTmD6mv9BtUSLPLXx+JRPwT9O+ebsWElddWetHUprU2p/mUduKfn4VdWA==
test:test
mosquitto.conf: |-
# Ip/hostname to listen to.
# If not given, will listen on all interfaces
#bind_address
# Port to use for the default listener.
listener 1883
# Allow anonymous users to connect?
# If not, the password file should be created
allow_anonymous false
# The password file.
# Use the `mosquitto_passwd` utility.
# If TLS is not compiled, plaintext "username:password" lines bay be used
password_file /mosquitto/password_file
---
apiVersion: v1
kind: PersistentVolume
metadata:
name: mqtt-pv
labels:
type: local
spec:
storageClassName: manual
capacity:
storage: 5Gi
accessModes:
- ReadWriteOnce
hostPath:
path: "/mnt/data"
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: mqtt-pvc
spec:
storageClassName: manual
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 2Gi
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: mqtt-deployment
spec:
replicas: 1
selector:
matchLabels:
app: mqtt-deployment
template:
metadata:
labels:
app: mqtt-deployment
spec:
containers:
- name: mqtt-deployment
image: eclipse-mosquitto
imagePullPolicy: "IfNotPresent"
ports:
- containerPort: 1883
volumeMounts:
- mountPath: /mosquitto/config/mosquitto.conf
name: mqtt-configmap
subPath: mosquitto.conf
- mountPath: /mosquitto/password_file
name: mqtt-configmap
subPath: password_file
- mountPath: /mosquitto/data
name: mqttdata
volumes:
- name: mqtt-configmap
configMap:
name: mqtt-configmap
- name: mqttdata
persistentVolumeClaim:
claimName: mqtt-pvc
---
apiVersion: v1
kind: Service
metadata:
name: mqtt-service
labels:
app: mqtt-service
spec:
ports:
- port: 1883
targetPort: 1883
type: LoadBalancer
selector:
app: mqtt-deployment
我尝试了两种方法来添加密码文件,一种是通过配置映射,另一种是使用 mosquitto_passwd 生成密码(第一种是加密的密码,实际密码值也是管理员)。
作为容器运行的 API 100% 命中作为容器运行的 MQTT 代理。因为对于每次命中,都会在 MQTT 代理 pod 中为我的名为MQTTClient-FromAPI的客户端生成日志。下面是这样的日志:
1641811779: New connection from 10.1.0.137:44120 on port 1883.
1641811779: Client MQTTClient-FromAPI disconnected, not authorised.
API 中的异常:
System.AggregateException: One or more errors occurred. (Connecting with MQTT server failed (NotAuthorized).)
---> MQTTnet.Adapter.MqttConnectingFailedException: Connecting with MQTT server failed (NotAuthorized).
at MQTTnet.Client.MqttClient.AuthenticateAsync(IMqttChannelAdapter channelAdapter, MqttApplicationMessage willApplicationMessage, CancellationToken cancellationToken)
at MQTTnet.Client.MqttClient.ConnectAsync(IMqttClientOptions options, CancellationToken cancellationToken)
at MQTTnet.Client.MqttClient.ConnectAsync(IMqttClientOptions options, CancellationToken cancellationToken)
请有人在这里指导我。