MQTT binding spec

Detailed documentation on the MQTT binding component

Component format

To setup MQTT binding create a component of type bindings.mqtt. See this guide on how to create and apply a binding configuration.

  1. apiVersion: dapr.io/v1alpha1
  2. kind: Component
  3. metadata:
  4. name: <NAME>
  5. namespace: <NAMESPACE>
  6. spec:
  7. type: bindings.mqtt
  8. version: v1
  9. metadata:
  10. - name: url
  11. value: "tcp://[username][:password]@host.domain[:port]"
  12. - name: topic
  13. value: "mytopic"
  14. - name: qos
  15. value: 1
  16. - name: retain
  17. value: "false"
  18. - name: cleanSession
  19. value: "true"
  20. - name: backOffMaxRetries
  21. value: "0"

Warning

The above example uses secrets as plain strings. It is recommended to use a secret store for the secrets as described here.

Spec metadata fields

FieldRequiredBinding supportDetailsExample
urlYInput/OutputAddress of the MQTT broker. Can be secretKeyRef to use a secret reference.
Use the tcp:// URI scheme for non-TLS communication.
Use the ssl:// URI scheme for TLS communication.
“tcp://[username][:password]@host.domain[:port]”
topicYInput/OutputThe topic to listen on or send events to.“mytopic”
consumerIDNInput/OutputThe client ID used to connect to the MQTT broker. Defaults to the Dapr app ID.“myMqttClientApp”
qosNInput/OutputIndicates the Quality of Service Level (QoS) of the message. Defaults to 0.1
retainNInput/OutputDefines whether the message is saved by the broker as the last known good value for a specified topic. Defaults to “false”.“true”, “false”
cleanSessionNInput/OutputSets the clean_session flag in the connection message to the MQTT broker if “true”. Defaults to “true”.“true”, “false”
caCertRequired for using TLSInput/OutputCertificate Authority (CA) certificate in PEM format for verifying server TLS certificates.“——-BEGIN CERTIFICATE——-\n<base64-encoded DER>\n——-END CERTIFICATE——-“
clientCertRequired for using TLSInput/OutputTLS client certificate in PEM format. Must be used with clientKey.“——-BEGIN CERTIFICATE——-\n<base64-encoded DER>\n——-END CERTIFICATE——-“
clientKeyRequired for using TLSInput/OutputTLS client key in PEM format. Must be used with clientCert. Can be secretKeyRef to use a secret reference.“——-BEGIN RSA PRIVATE KEY——-\n<base64-encoded PKCS8>\n——-END RSA PRIVATE KEY——-“
backOffMaxRetriesNInputThe maximum number of retries to process the message before returning an error. Defaults to “0”, which means that no retries will be attempted. “-1” can be specified to indicate that messages should be retried indefinitely until they are successfully processed or the application is shutdown. The component will wait 5 seconds between retries.“3”

Communication using TLS

To configure communication using TLS, ensure that the MQTT broker (e.g. mosquitto) is configured to support certificates and provide the caCert, clientCert, clientKey metadata in the component configuration. For example:

  1. apiVersion: dapr.io/v1alpha1
  2. kind: Component
  3. metadata:
  4. name: mqtt-binding
  5. namespace: default
  6. spec:
  7. type: bindings.mqtt
  8. version: v1
  9. metadata:
  10. - name: url
  11. value: "ssl://host.domain[:port]"
  12. - name: topic
  13. value: "topic1"
  14. - name: qos
  15. value: 1
  16. - name: retain
  17. value: "false"
  18. - name: cleanSession
  19. value: "false"
  20. - name: backoffMaxRetries
  21. value: "0"
  22. - name: caCert
  23. value: ${{ myLoadedCACert }}
  24. - name: clientCert
  25. value: ${{ myLoadedClientCert }}
  26. - name: clientKey
  27. secretKeyRef:
  28. name: myMqttClientKey
  29. key: myMqttClientKey
  30. auth:
  31. secretStore: <SECRET_STORE_NAME>

Note that while the caCert and clientCert values may not be secrets, they can be referenced from a Dapr secret store as well for convenience.

Consuming a shared topic

When consuming a shared topic, each consumer must have a unique identifier. By default, the application ID is used to uniquely identify each consumer and publisher. In self-hosted mode, invoking each dapr run with a different application ID is sufficient to have them consume from the same shared topic. However, on Kubernetes, multiple instances of an application pod will share the same application ID, prohibiting all instances from consuming the same topic. To overcome this, configure the component’s consumerID metadata with a {uuid} tag, which will give each instance a randomly generated consumerID value on start up. For example:

  1. apiVersion: dapr.io/v1alpha1
  2. kind: Component
  3. metadata:
  4. name: mqtt-binding
  5. namespace: default
  6. spec:
  7. type: bindings.mqtt
  8. version: v1
  9. metadata:
  10. - name: consumerID
  11. value: "{uuid}"
  12. - name: url
  13. value: "tcp://admin:public@localhost:1883"
  14. - name: topic
  15. value: "topic1"
  16. - name: qos
  17. value: 1
  18. - name: retain
  19. value: "false"
  20. - name: cleanSession
  21. value: "false"
  22. - name: backoffMaxRetries
  23. value: "0"

Warning

The above example uses secrets as plain strings. It is recommended to use a secret store for the secrets as described here.

Binding support

This component supports both input and output binding interfaces.

This component supports output binding with the following operations:

  • create

Last modified November 12, 2021 : Merge pull request #1949 from willtsai/az-staticwebapp-versioning (c40e456)