2021-04-22 09:59:18 +00:00
|
|
|
###############################
|
|
|
|
# #
|
|
|
|
# NATS Server Configuration #
|
|
|
|
# #
|
|
|
|
###############################
|
|
|
|
nats:
|
2021-07-22 20:15:12 +00:00
|
|
|
image: nats:2.3.2-alpine
|
2021-04-22 09:59:18 +00:00
|
|
|
pullPolicy: IfNotPresent
|
|
|
|
|
|
|
|
# Toggle whether to enable external access.
|
|
|
|
# This binds a host port for clients, gateways and leafnodes.
|
|
|
|
externalAccess: false
|
|
|
|
|
|
|
|
# Toggle to disable client advertisements (connect_urls),
|
|
|
|
# in case of running behind a load balancer (which is not recommended)
|
|
|
|
# it might be required to disable advertisements.
|
|
|
|
advertise: true
|
|
|
|
|
|
|
|
# In case both external access and advertise are enabled
|
|
|
|
# then a service account would be required to be able to
|
|
|
|
# gather the public ip from a node.
|
|
|
|
serviceAccount: "nats-server"
|
|
|
|
|
|
|
|
# The number of connect attempts against discovered routes.
|
|
|
|
connectRetries: 30
|
|
|
|
|
|
|
|
# How many seconds should pass before sending a PING
|
|
|
|
# to a client that has no activity.
|
|
|
|
pingInterval:
|
|
|
|
|
|
|
|
resources: {}
|
|
|
|
|
|
|
|
# Server settings.
|
|
|
|
limits:
|
2021-07-22 20:15:12 +00:00
|
|
|
maxConnections:
|
|
|
|
maxSubscriptions:
|
|
|
|
maxControlLine:
|
|
|
|
maxPayload:
|
2021-04-22 09:59:18 +00:00
|
|
|
|
2021-07-22 20:15:12 +00:00
|
|
|
writeDeadline:
|
|
|
|
maxPending:
|
|
|
|
maxPings:
|
|
|
|
lameDuckDuration:
|
2021-04-22 09:59:18 +00:00
|
|
|
|
|
|
|
terminationGracePeriodSeconds: 60
|
|
|
|
|
|
|
|
logging:
|
2021-07-22 20:15:12 +00:00
|
|
|
debug:
|
|
|
|
trace:
|
|
|
|
logtime:
|
|
|
|
connectErrorReports:
|
|
|
|
reconnectErrorReports:
|
2021-04-22 09:59:18 +00:00
|
|
|
|
|
|
|
jetstream:
|
|
|
|
enabled: false
|
|
|
|
|
|
|
|
#############################
|
|
|
|
# #
|
|
|
|
# Jetstream Memory Storage #
|
|
|
|
# #
|
|
|
|
#############################
|
|
|
|
memStorage:
|
|
|
|
enabled: true
|
|
|
|
size: 1Gi
|
|
|
|
|
|
|
|
############################
|
|
|
|
# #
|
|
|
|
# Jetstream File Storage #
|
|
|
|
# #
|
|
|
|
############################
|
|
|
|
fileStorage:
|
|
|
|
enabled: false
|
|
|
|
storageDirectory: /data
|
|
|
|
|
|
|
|
# Set for use with existing PVC
|
|
|
|
# existingClaim: jetstream-pvc
|
|
|
|
# claimStorageSize: 1Gi
|
2021-07-22 20:15:12 +00:00
|
|
|
|
2021-04-22 09:59:18 +00:00
|
|
|
# Use below block to create new persistent volume
|
|
|
|
# only used if existingClaim is not specified
|
|
|
|
size: 1Gi
|
|
|
|
storageClassName: default
|
|
|
|
accessModes:
|
|
|
|
- ReadWriteOnce
|
|
|
|
annotations:
|
|
|
|
# key: "value"
|
|
|
|
|
|
|
|
#######################
|
|
|
|
# #
|
|
|
|
# TLS Configuration #
|
|
|
|
# #
|
|
|
|
#######################
|
2021-07-22 20:15:12 +00:00
|
|
|
#
|
2021-04-22 09:59:18 +00:00
|
|
|
# # You can find more on how to setup and trouble shoot TLS connnections at:
|
2021-07-22 20:15:12 +00:00
|
|
|
#
|
2021-04-22 09:59:18 +00:00
|
|
|
# # https://docs.nats.io/nats-server/configuration/securing_nats/tls
|
2021-07-22 20:15:12 +00:00
|
|
|
#
|
2021-04-22 09:59:18 +00:00
|
|
|
|
|
|
|
# tls:
|
|
|
|
# secret:
|
|
|
|
# name: nats-client-tls
|
|
|
|
# ca: "ca.crt"
|
|
|
|
# cert: "tls.crt"
|
|
|
|
# key: "tls.key"
|
|
|
|
|
2021-07-22 20:15:12 +00:00
|
|
|
mqtt:
|
|
|
|
enabled: false
|
|
|
|
ackWait: 1m
|
|
|
|
maxAckPending: 100
|
|
|
|
|
|
|
|
#######################
|
|
|
|
# #
|
|
|
|
# TLS Configuration #
|
|
|
|
# #
|
|
|
|
#######################
|
|
|
|
#
|
|
|
|
# # You can find more on how to setup and trouble shoot TLS connnections at:
|
|
|
|
#
|
|
|
|
# # https://docs.nats.io/nats-server/configuration/securing_nats/tls
|
|
|
|
#
|
|
|
|
|
|
|
|
#
|
|
|
|
# tls:
|
|
|
|
# secret:
|
|
|
|
# name: nats-mqtt-tls
|
|
|
|
# ca: "ca.crt"
|
|
|
|
# cert: "tls.crt"
|
|
|
|
# key: "tls.key"
|
|
|
|
|
2021-04-22 09:59:18 +00:00
|
|
|
nameOverride: ""
|
2021-07-22 20:15:12 +00:00
|
|
|
# An array of imagePullSecrets, and they have to be created manually in the same namespace
|
|
|
|
# ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
|
2021-04-22 09:59:18 +00:00
|
|
|
imagePullSecrets: []
|
|
|
|
|
|
|
|
# Toggle whether to use setup a Pod Security Context
|
|
|
|
# ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/
|
|
|
|
securityContext: {}
|
2021-07-22 20:15:12 +00:00
|
|
|
# securityContext:
|
2021-04-22 09:59:18 +00:00
|
|
|
# fsGroup: 1000
|
|
|
|
# runAsUser: 1000
|
|
|
|
# runAsNonRoot: true
|
|
|
|
|
|
|
|
# Affinity for pod assignment
|
|
|
|
# ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity
|
|
|
|
affinity: {}
|
|
|
|
|
|
|
|
## Pod priority class name
|
|
|
|
## ref: https://kubernetes.io/docs/concepts/configuration/pod-priority-preemption/#priorityclass
|
|
|
|
priorityClassName: null
|
|
|
|
|
|
|
|
# Service topology
|
|
|
|
# ref: https://kubernetes.io/docs/concepts/services-networking/service-topology/
|
|
|
|
topologyKeys: []
|
|
|
|
|
|
|
|
# Pod Topology Spread Constraints
|
|
|
|
# ref https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/
|
|
|
|
topologySpreadConstraints: []
|
|
|
|
# - maxSkew: 1
|
|
|
|
# topologyKey: zone
|
|
|
|
# whenUnsatisfiable: DoNotSchedule
|
|
|
|
|
|
|
|
# Annotations to add to the NATS pods
|
|
|
|
# ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/
|
|
|
|
podAnnotations: {}
|
|
|
|
# key: "value"
|
|
|
|
|
|
|
|
## Define a Pod Disruption Budget for the stateful set
|
|
|
|
## ref: https://kubernetes.io/docs/concepts/workloads/pods/disruptions/
|
|
|
|
podDisruptionBudget: null
|
|
|
|
# minAvailable: 1
|
|
|
|
# maxUnavailable: 1
|
|
|
|
|
|
|
|
# Annotations to add to the NATS StatefulSet
|
|
|
|
statefulSetAnnotations: {}
|
|
|
|
|
|
|
|
# Annotations to add to the NATS Service
|
|
|
|
serviceAnnotations: {}
|
|
|
|
|
|
|
|
cluster:
|
|
|
|
enabled: false
|
|
|
|
replicas: 3
|
|
|
|
noAdvertise: false
|
2021-07-22 20:15:12 +00:00
|
|
|
# authorization:
|
|
|
|
# user: foo
|
|
|
|
# password: pwd
|
|
|
|
# timeout: 0.5
|
2021-04-22 09:59:18 +00:00
|
|
|
|
|
|
|
# Leafnode connections to extend a cluster:
|
|
|
|
#
|
|
|
|
# https://docs.nats.io/nats-server/configuration/leafnodes
|
|
|
|
#
|
|
|
|
leafnodes:
|
|
|
|
enabled: false
|
|
|
|
noAdvertise: false
|
|
|
|
# remotes:
|
|
|
|
# - url: "tls://connect.ngs.global:7422"
|
|
|
|
|
|
|
|
#######################
|
|
|
|
# #
|
|
|
|
# TLS Configuration #
|
|
|
|
# #
|
|
|
|
#######################
|
2021-07-22 20:15:12 +00:00
|
|
|
#
|
2021-04-22 09:59:18 +00:00
|
|
|
# # You can find more on how to setup and trouble shoot TLS connnections at:
|
2021-07-22 20:15:12 +00:00
|
|
|
#
|
2021-04-22 09:59:18 +00:00
|
|
|
# # https://docs.nats.io/nats-server/configuration/securing_nats/tls
|
2021-07-22 20:15:12 +00:00
|
|
|
#
|
2021-04-22 09:59:18 +00:00
|
|
|
|
|
|
|
#
|
|
|
|
# tls:
|
|
|
|
# secret:
|
|
|
|
# name: nats-client-tls
|
|
|
|
# ca: "ca.crt"
|
|
|
|
# cert: "tls.crt"
|
|
|
|
# key: "tls.key"
|
|
|
|
|
|
|
|
# Gateway connections to create a super cluster
|
|
|
|
#
|
|
|
|
# https://docs.nats.io/nats-server/configuration/gateways
|
|
|
|
#
|
|
|
|
gateway:
|
|
|
|
enabled: false
|
|
|
|
name: 'default'
|
|
|
|
|
|
|
|
#############################
|
|
|
|
# #
|
|
|
|
# List of remote gateways #
|
|
|
|
# #
|
|
|
|
#############################
|
|
|
|
# gateways:
|
|
|
|
# - name: other
|
|
|
|
# url: nats://my-gateway-url:7522
|
|
|
|
|
|
|
|
#######################
|
|
|
|
# #
|
|
|
|
# TLS Configuration #
|
|
|
|
# #
|
|
|
|
#######################
|
2021-07-22 20:15:12 +00:00
|
|
|
#
|
2021-04-22 09:59:18 +00:00
|
|
|
# # You can find more on how to setup and trouble shoot TLS connnections at:
|
2021-07-22 20:15:12 +00:00
|
|
|
#
|
2021-04-22 09:59:18 +00:00
|
|
|
# # https://docs.nats.io/nats-server/configuration/securing_nats/tls
|
|
|
|
#
|
|
|
|
# tls:
|
|
|
|
# secret:
|
|
|
|
# name: nats-client-tls
|
|
|
|
# ca: "ca.crt"
|
|
|
|
# cert: "tls.crt"
|
|
|
|
# key: "tls.key"
|
2021-07-22 20:15:12 +00:00
|
|
|
|
2021-04-22 09:59:18 +00:00
|
|
|
# In case of both external access and advertisements being
|
|
|
|
# enabled, an initializer container will be used to gather
|
|
|
|
# the public ips.
|
|
|
|
bootconfig:
|
2021-07-22 20:15:12 +00:00
|
|
|
image: natsio/nats-boot-config:0.5.3
|
2021-04-22 09:59:18 +00:00
|
|
|
pullPolicy: IfNotPresent
|
|
|
|
|
|
|
|
# NATS Box
|
|
|
|
#
|
|
|
|
# https://github.com/nats-io/nats-box
|
2021-07-22 20:15:12 +00:00
|
|
|
#
|
2021-04-22 09:59:18 +00:00
|
|
|
natsbox:
|
|
|
|
enabled: true
|
2021-07-22 20:15:12 +00:00
|
|
|
image: natsio/nats-box:0.6.0
|
2021-04-22 09:59:18 +00:00
|
|
|
pullPolicy: IfNotPresent
|
|
|
|
|
2021-07-22 20:15:12 +00:00
|
|
|
# An array of imagePullSecrets, and they have to be created manually in the same namespace
|
|
|
|
# ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
|
|
|
|
imagePullSecrets: []
|
|
|
|
# - name: dockerhub
|
|
|
|
|
2021-04-22 09:59:18 +00:00
|
|
|
# credentials:
|
|
|
|
# secret:
|
|
|
|
# name: nats-sys-creds
|
|
|
|
# key: sys.creds
|
|
|
|
|
2021-07-22 20:15:12 +00:00
|
|
|
# Annotations to add to the box pods
|
|
|
|
# ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/
|
|
|
|
podAnnotations: {}
|
|
|
|
# key: "value"
|
|
|
|
|
|
|
|
# Affinity for nats box pod assignment
|
|
|
|
# ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity
|
|
|
|
affinity: {}
|
|
|
|
|
2021-04-22 09:59:18 +00:00
|
|
|
# The NATS config reloader image to use.
|
|
|
|
reloader:
|
|
|
|
enabled: true
|
2021-07-22 20:15:12 +00:00
|
|
|
image: natsio/nats-server-config-reloader:0.6.1
|
2021-04-22 09:59:18 +00:00
|
|
|
pullPolicy: IfNotPresent
|
|
|
|
|
|
|
|
# Prometheus NATS Exporter configuration.
|
|
|
|
exporter:
|
|
|
|
enabled: true
|
2021-07-22 20:15:12 +00:00
|
|
|
image: natsio/prometheus-nats-exporter:0.8.0
|
2021-04-22 09:59:18 +00:00
|
|
|
pullPolicy: IfNotPresent
|
2021-07-22 20:15:12 +00:00
|
|
|
resources: {}
|
2021-04-22 09:59:18 +00:00
|
|
|
# Prometheus operator ServiceMonitor support. Exporter has to be enabled
|
|
|
|
serviceMonitor:
|
|
|
|
enabled: false
|
|
|
|
## Specify the namespace where Prometheus Operator is running
|
|
|
|
##
|
|
|
|
# namespace: monitoring
|
|
|
|
labels: {}
|
|
|
|
annotations: {}
|
|
|
|
path: /metrics
|
|
|
|
# interval:
|
|
|
|
# scrapeTimeout:
|
|
|
|
|
|
|
|
# Authentication setup
|
|
|
|
auth:
|
|
|
|
enabled: false
|
|
|
|
|
|
|
|
# basic:
|
|
|
|
# noAuthUser:
|
|
|
|
# # List of users that can connect with basic auth,
|
|
|
|
# # that belong to the global account.
|
|
|
|
# users:
|
|
|
|
|
|
|
|
# # List of accounts with users that can connect
|
|
|
|
# # using basic auth.
|
|
|
|
# accounts:
|
|
|
|
|
|
|
|
# Reference to the Operator JWT.
|
|
|
|
# operatorjwt:
|
|
|
|
# configMap:
|
|
|
|
# name: operator-jwt
|
|
|
|
# key: KO.jwt
|
|
|
|
|
2021-07-22 20:15:12 +00:00
|
|
|
# Token authentication
|
|
|
|
# token:
|
|
|
|
|
2021-04-22 09:59:18 +00:00
|
|
|
# Public key of the System Account
|
|
|
|
# systemAccount:
|
|
|
|
|
|
|
|
resolver:
|
|
|
|
# Disables the resolver by default
|
|
|
|
type: none
|
|
|
|
|
|
|
|
##########################################
|
|
|
|
# #
|
|
|
|
# Embedded NATS Account Server Resolver #
|
|
|
|
# #
|
|
|
|
##########################################
|
|
|
|
# type: full
|
|
|
|
|
|
|
|
# If the resolver type is 'full', delete when enabled will rename the jwt.
|
|
|
|
allowDelete: false
|
|
|
|
|
|
|
|
# Interval at which a nats-server with a nats based account resolver will compare
|
2021-07-22 20:15:12 +00:00
|
|
|
# it's state with one random nats based account resolver in the cluster and if needed,
|
2021-04-22 09:59:18 +00:00
|
|
|
# exchange jwt and converge on the same set of jwt.
|
|
|
|
interval: 2m
|
|
|
|
|
|
|
|
# Operator JWT
|
2021-07-22 20:15:12 +00:00
|
|
|
operator:
|
2021-04-22 09:59:18 +00:00
|
|
|
|
|
|
|
# System Account Public NKEY
|
2021-07-22 20:15:12 +00:00
|
|
|
systemAccount:
|
2021-04-22 09:59:18 +00:00
|
|
|
|
|
|
|
# resolverPreload:
|
|
|
|
# <ACCOUNT>: <JWT>
|
|
|
|
|
|
|
|
# Directory in which the account JWTs will be stored.
|
|
|
|
store:
|
|
|
|
dir: "/accounts/jwt"
|
|
|
|
|
|
|
|
# Size of the account JWT storage.
|
|
|
|
size: 1Gi
|
|
|
|
|
|
|
|
##############################
|
|
|
|
# #
|
|
|
|
# Memory resolver settings #
|
|
|
|
# #
|
|
|
|
##############################
|
|
|
|
# type: memory
|
2021-07-22 20:15:12 +00:00
|
|
|
#
|
2021-04-22 09:59:18 +00:00
|
|
|
# Use a configmap reference which will be mounted
|
|
|
|
# into the container.
|
2021-07-22 20:15:12 +00:00
|
|
|
#
|
2021-04-22 09:59:18 +00:00
|
|
|
# configMap:
|
|
|
|
# name: nats-accounts
|
|
|
|
# key: resolver.conf
|
2021-07-22 20:15:12 +00:00
|
|
|
|
2021-04-22 09:59:18 +00:00
|
|
|
##########################
|
|
|
|
# #
|
|
|
|
# URL resolver settings #
|
|
|
|
# #
|
|
|
|
##########################
|
|
|
|
# type: URL
|
|
|
|
# url: "http://nats-account-server:9090/jwt/v1/accounts/"
|
|
|
|
|
|
|
|
websocket:
|
|
|
|
enabled: false
|
|
|
|
port: 443
|
2021-07-22 20:15:12 +00:00
|
|
|
|
|
|
|
appProtocol:
|
|
|
|
enabled: false
|
|
|
|
|
|
|
|
# Cluster Domain configured on the kubelets
|
|
|
|
# https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/
|
|
|
|
k8sClusterDomain: cluster.local
|
|
|
|
|
|
|
|
# Add labels to all the deployed resources
|
|
|
|
commonLabels: {}
|