From cc0f8c376084230155bf5b6b9b16b7134041e473 Mon Sep 17 00:00:00 2001 From: Bharat Kathi Date: Fri, 5 Jun 2026 11:57:22 -0700 Subject: [PATCH 1/2] =?UTF-8?q?chore(gr26):=20swap=20MQTT=20auth=20from=20?= =?UTF-8?q?gr26=20user=20=E2=86=92=20mapache=20fleet=20user?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit The dedicated `gr26` MQTT user (PR #45) and the `mapache` fleet user (PR #70) both exist on the gr-mqtt broker. Standardizing the in-cluster gr26 service onto the fleet credential so all mapache services share a single broker identity that rotates together — keeps the `gr26` user free for the on-vehicle ingest path if we ever want it there. - MQTT_USER: gr26 → mapache - MQTT_PASSWORD secretKeyRef.key: MQTT_PASSWORD → MQTT_MAPACHE_PASSWORD - mapache-secrets already has both keys populated (MQTT_PASSWORD untouched, MQTT_MAPACHE_PASSWORD added manually via `kubectl patch` before this PR) Rollout: ArgoCD sync → new pods come up with the new env, paho connects fresh under the mapache identity. Old gr26-user MQTT sessions hold their TCP socket until pod termination then drop cleanly. --- kubernetes/manifests/mapache/gr26.yaml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/kubernetes/manifests/mapache/gr26.yaml b/kubernetes/manifests/mapache/gr26.yaml index ab33a21..f16b2d1 100644 --- a/kubernetes/manifests/mapache/gr26.yaml +++ b/kubernetes/manifests/mapache/gr26.yaml @@ -8,7 +8,7 @@ # MQTT broker lives on the gr-mqtt EC2 outside the cluster. Pods reach # it over the public hostname (gr-mqtt.gauchoracing.com); throughput is # low enough that hairpinning out through the NAT gateway is fine. -# Auth is gr26/. +# Auth uses the shared mapache-fleet credential (MQTT_USER=mapache). apiVersion: apps/v1 kind: Deployment @@ -83,12 +83,12 @@ spec: - name: MQTT_PORT value: "1883" - name: MQTT_USER - value: gr26 + value: mapache - name: MQTT_PASSWORD valueFrom: secretKeyRef: name: mapache-secrets - key: MQTT_PASSWORD + key: MQTT_MAPACHE_PASSWORD - name: FOREMAN_ENDPOINT value: http://foreman.mapache.svc.cluster.local:7011 - name: NUM_WORKERS From 5f13c9868a6dd3bf32445a5d20111fc94c167120 Mon Sep 17 00:00:00 2001 From: Bharat Kathi Date: Fri, 5 Jun 2026 12:46:27 -0700 Subject: [PATCH 2/2] =?UTF-8?q?chore(gr26):=20revert=20secret=20key=20rena?= =?UTF-8?q?me=20=E2=80=94=20reuse=20MQTT=5FPASSWORD?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Switching strategy: instead of adding a new MQTT_MAPACHE_PASSWORD key, the mapache-secrets MQTT_PASSWORD value got updated in place to hold the mapache user's password (out-of-band patch). All consumers stay pointed at the same secret key, the env diff is just MQTT_USER. The temporary MQTT_MAPACHE_PASSWORD key was removed from the secret. --- kubernetes/manifests/mapache/gr26.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/kubernetes/manifests/mapache/gr26.yaml b/kubernetes/manifests/mapache/gr26.yaml index f16b2d1..740b3cd 100644 --- a/kubernetes/manifests/mapache/gr26.yaml +++ b/kubernetes/manifests/mapache/gr26.yaml @@ -88,7 +88,7 @@ spec: valueFrom: secretKeyRef: name: mapache-secrets - key: MQTT_MAPACHE_PASSWORD + key: MQTT_PASSWORD - name: FOREMAN_ENDPOINT value: http://foreman.mapache.svc.cluster.local:7011 - name: NUM_WORKERS