ZeroDownTime/KubeZero
3
0
Fork 0
Code Issues 1 Pull Requests 21 Packages Projects Releases Wiki Activity

feat: kubezero-mq NATS version bump

Browse Source
This commit is contained in:
Stefan Reimer 2021-07-22 22:15:12 +02:00
parent 8e0e6a7eab
commit 99e5c91fc1
20 changed files with 421 additions and 95 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
charts/kubezero-mq/Chart.yaml
View File

@ -2,7 +2,7 @@ apiVersion: v2
name: kubezero-mq name: kubezero-mq
description: KubeZero umbrella chart for MQ systems like NATS, RabbitMQ description: KubeZero umbrella chart for MQ systems like NATS, RabbitMQ
type: application type: application
version: 0.2.0 version: 0.2.1
home: https://kubezero.com home: https://kubezero.com
icon: https://cdn.zero-downtime.net/assets/kubezero/logo-small-64.png icon: https://cdn.zero-downtime.net/assets/kubezero/logo-small-64.png
keywords: keywords:
@ -16,7 +16,7 @@ dependencies:
version: ">= 0.1.3" version: ">= 0.1.3"
repository: https://zero-down-time.github.io/kubezero/ repository: https://zero-down-time.github.io/kubezero/
- name: nats - name: nats
version: 0.8.3 version: 0.8.4
#repository: https://nats-io.github.io/k8s/helm/charts/ #repository: https://nats-io.github.io/k8s/helm/charts/
condition: nats.enabled condition: nats.enabled
- name: rabbitmq - name: rabbitmq

22
charts/kubezero-mq/charts/nats/.helmignore Normal file
View File

@ -0,0 +1,22 @@
# Patterns to ignore when building packages.
# This supports shell glob matching, relative path matching, and
# negation (prefixed with !). Only one pattern per line.
.DS_Store
# Common VCS dirs
.git/
.gitignore
.bzr/
.bzrignore
.hg/
.hgignore
.svn/
# Common backup files
*.swp
*.bak
*.tmp
*~
# Various IDEs
.project
.idea/
*.tmproj
.vscode/

34
charts/kubezero-mq/charts/nats/Chart.yaml
View File

@ -1,21 +1,19 @@
apiVersion: v2 apiVersion: v2
appVersion: "2.1.9" appVersion: 2.3.2
description: A Helm chart for the NATS.io High Speed Cloud Native Distributed Communications Technology. description: A Helm chart for the NATS.io High Speed Cloud Native Distributed Communications
name: nats Technology.
keywords:
- nats
- messaging
- cncf
version: 0.8.3
home: http://github.com/nats-io/k8s home: http://github.com/nats-io/k8s
maintainers:
- name: Waldemar Quevedo
github: https://github.com/wallyqs
email: wally@nats.io
- name: Colin Sullivan
github: https://github.com/ColinSullivan1
email: colin@nats.io
- name: Jaime Piña
github: https://github.com/variadico
email: jaime@nats.io
icon: https://nats.io/img/nats-icon-color.png icon: https://nats.io/img/nats-icon-color.png
keywords:
- nats
- messaging
- cncf
maintainers:
- email: wally@nats.io
name: Waldemar Quevedo
- email: colin@nats.io
name: Colin Sullivan
- email: jaime@nats.io
name: Jaime Piña
name: nats
version: 0.8.4

26
charts/kubezero-mq/charts/nats/README.md
View File

@ -109,6 +109,16 @@ leafnodes:
enabled: true enabled: true
remotes: remotes:
- url: "tls://connect.ngs.global:7422" - url: "tls://connect.ngs.global:7422"
# credentials:
# secret:
# name: leafnode-creds
# key: TA.creds
# tls:
# secret:
# name: nats-leafnode-tls
# ca: "ca.crt"
# cert: "tls.crt"
# key: "tls.key"
####################### #######################
# # # #
@ -194,7 +204,7 @@ The container image of the initializer can be customized via:
```yaml ```yaml
bootconfig: bootconfig:
image: connecteverything/nats-boot-config:0.5.2 image: natsio/nats-boot-config:latest
pullPolicy: IfNotPresent pullPolicy: IfNotPresent
``` ```
@ -230,7 +240,7 @@ metadata:
spec: spec:
type: LoadBalancer type: LoadBalancer
selector: selector:
app: nats app.kubernetes.io/name: nats
ports: ports:
- protocol: TCP - protocol: TCP
port: 4222 port: 4222
@ -349,7 +359,7 @@ auth:
```yaml ```yaml
nats: nats:
image: synadia/nats-server:nightly image: nats:alpine
jetstream: jetstream:
enabled: true enabled: true
@ -389,7 +399,7 @@ You can start JetStream so that one pod is bounded to it:
```yaml ```yaml
nats: nats:
image: synadia/nats-server:nightly image: nats:alpine
jetstream: jetstream:
enabled: true enabled: true
@ -406,7 +416,7 @@ nats:
```yaml ```yaml
nats: nats:
image: synadia/nats-server:nightly image: nats:alpine
jetstream: jetstream:
enabled: true enabled: true
@ -438,7 +448,7 @@ You can find the image at: https://github.com/nats-io/nats-box
```yaml ```yaml
natsbox: natsbox:
enabled: true enabled: true
image: synadia/nats-box:latest image: nats:alpine
pullPolicy: IfNotPresent pullPolicy: IfNotPresent
# credentials: # credentials:
@ -454,7 +464,7 @@ The NATS config reloader image to use:
```yaml ```yaml
reloader: reloader:
enabled: true enabled: true
image: connecteverything/nats-server-config-reloader:0.6.0 image: natsio/nats-server-config-reloader:latest
pullPolicy: IfNotPresent pullPolicy: IfNotPresent
``` ```
@ -465,7 +475,7 @@ You can toggle whether to start the sidecar that can be used to feed metrics to
```yaml ```yaml
exporter: exporter:
enabled: true enabled: true
image: synadia/prometheus-nats-exporter:0.5.0 image: natsio/prometheus-nats-exporter:latest
pullPolicy: IfNotPresent pullPolicy: IfNotPresent
``` ```

21
charts/kubezero-mq/charts/nats/accounts.conf Normal file
View File

@ -0,0 +1,21 @@
// Operator "KO"
operator: eyJ0eXAiOiJqd3QiLCJhbGciOiJlZDI1NTE5In0.eyJqdGkiOiI0U09OUjZLT05FMzNFRFhRWE5IR1JUSEg2TEhPM0dFU0xXWlJYNlNENTQ2MjQyTE80QlVRIiwiaWF0IjoxNTgzNzg1MTMyLCJpc3MiOiJPQ0RHNk9ZUFdYRlNLTEdTSFBBUkdTUllDS0xKSVFJMklORUtVVkFGMzJNVzU2VlRMTDRGV0o0SSIsIm5hbWUiOiJLTyIsInN1YiI6Ik9DREc2T1lQV1hGU0tMR1NIUEFSR1NSWUNLTEpJUUkySU5FS1VWQUYzMk1XNTZWVExMNEZXSjRJIiwidHlwZSI6Im9wZXJhdG9yIiwibmF0cyI6e319.0039eTgLj-uyYFoWB3rivGP0WyIZkb_vrrE6tnqcNgIDM59o92nw_Rvb-hrvsK30QWqwm_W8BpVZHDMEY-CiBQ
system_account: ACLZ6OSWC7BXFT4VNVBDMWUFNBIVGHTUONOXI6TCBP3QHOD34JIDSRYW
resolver: MEMORY
resolver_preload: {
// Account "A"
AA3NXTHTXOHCTPIBKEDHNAYAHJ4CO7ERCOJFYCXOXVEOPZTMW55WX32Z: eyJ0eXAiOiJqd3QiLCJhbGciOiJlZDI1NTE5In0.eyJqdGkiOiJSM0QyWUM1UVlJWk4zS0hYR1FFRTZNQTRCRVU3WkFWQk5LSElJNTNOM0tLRVRTTVZEVVRRIiwiaWF0IjoxNTgzNzg1MTMyLCJpc3MiOiJPQ0RHNk9ZUFdYRlNLTEdTSFBBUkdTUllDS0xKSVFJMklORUtVVkFGMzJNVzU2VlRMTDRGV0o0SSIsIm5hbWUiOiJBIiwic3ViIjoiQUEzTlhUSFRYT0hDVFBJQktFREhOQVlBSEo0Q083RVJDT0pGWUNYT1hWRU9QWlRNVzU1V1gzMloiLCJ0eXBlIjoiYWNjb3VudCIsIm5hdHMiOnsiZXhwb3J0cyI6W3sibmFtZSI6InRlc3QiLCJzdWJqZWN0IjoidGVzdCIsInR5cGUiOiJzZXJ2aWNlIiwicmVzcG9uc2VfdHlwZSI6IlNpbmdsZXRvbiIsInNlcnZpY2VfbGF0ZW5jeSI6eyJzYW1wbGluZyI6MTAwLCJyZXN1bHRzIjoibGF0ZW5jeS5vbi50ZXN0In19XSwibGltaXRzIjp7InN1YnMiOi0xLCJjb25uIjotMSwibGVhZiI6LTEsImltcG9ydHMiOi0xLCJleHBvcnRzIjotMSwiZGF0YSI6LTEsInBheWxvYWQiOi0xLCJ3aWxkY2FyZHMiOnRydWV9fX0.W7oEjpQA986Hai3t8UOiJwCcVDYm2sj7L545oYZhQtYbydh_ragPn8pc0f1pA1krMz_ZDuBwKHLZRgXuNSysDQ
// Account "STAN"
AAYNFTMTKWXZEPPSEZLECMHE3VBULMIUO2QGVY3P4VCI7NNQC3TVX2PB: eyJ0eXAiOiJqd3QiLCJhbGciOiJlZDI1NTE5In0.eyJqdGkiOiJRSUozV0I0MjdSVU5RSlZFM1dRVEs3TlNaVlpaNkRQT01KWkdHMlhTMzQ2WFNQTVZERElBIiwiaWF0IjoxNTgzNzg1MTMyLCJpc3MiOiJPQ0RHNk9ZUFdYRlNLTEdTSFBBUkdTUllDS0xKSVFJMklORUtVVkFGMzJNVzU2VlRMTDRGV0o0SSIsIm5hbWUiOiJTVEFOIiwic3ViIjoiQUFZTkZUTVRLV1haRVBQU0VaTEVDTUhFM1ZCVUxNSVVPMlFHVlkzUDRWQ0k3Tk5RQzNUVlgyUEIiLCJ0eXBlIjoiYWNjb3VudCIsIm5hdHMiOnsibGltaXRzIjp7InN1YnMiOi0xLCJjb25uIjotMSwibGVhZiI6LTEsImltcG9ydHMiOi0xLCJleHBvcnRzIjotMSwiZGF0YSI6LTEsInBheWxvYWQiOi0xLCJ3aWxkY2FyZHMiOnRydWV9fX0.SPyQdAFmoON577s-eZP4K3-9QXYhTn9Xqy3aDGeHvHYRE9IVD47Eu7d38ZiySPlxgkdM_WXZn241_59d07axBA
// Account "SYS"
ACLZ6OSWC7BXFT4VNVBDMWUFNBIVGHTUONOXI6TCBP3QHOD34JIDSRYW: eyJ0eXAiOiJqd3QiLCJhbGciOiJlZDI1NTE5In0.eyJqdGkiOiJGSk1TSEROVlVGUEM0U0pSRlcyV0NZT1hRWUFDM1hNNUJaWTRKQUZWUTc1V0lEUkdDN0lBIiwiaWF0IjoxNTgzNzg1MTMyLCJpc3MiOiJPQ0RHNk9ZUFdYRlNLTEdTSFBBUkdTUllDS0xKSVFJMklORUtVVkFGMzJNVzU2VlRMTDRGV0o0SSIsIm5hbWUiOiJTWVMiLCJzdWIiOiJBQ0xaNk9TV0M3QlhGVDRWTlZCRE1XVUZOQklWR0hUVU9OT1hJNlRDQlAzUUhPRDM0SklEU1JZVyIsInR5cGUiOiJhY2NvdW50IiwibmF0cyI6eyJsaW1pdHMiOnsic3VicyI6LTEsImNvbm4iOi0xLCJsZWFmIjotMSwiaW1wb3J0cyI6LTEsImV4cG9ydHMiOi0xLCJkYXRhIjotMSwicGF5bG9hZCI6LTEsIndpbGRjYXJkcyI6dHJ1ZX19fQ.owW08dIa97STqgT0ux-5sD00Ad0I3HstJKTmh1CGVpsQwelaZdrBuia-4XgCgN88zuLokPMfWI_pkxXU_iB0BA
// Account "B"
ADOR7Q5KMWC2XIWRRRC4MZUDCPYG3UMAIWDRX6M2MFDY5SR6HQAAMHJA: eyJ0eXAiOiJqd3QiLCJhbGciOiJlZDI1NTE5In0.eyJqdGkiOiJRQjdIRFg3VUZYN01KUjZPS1E2S1dRSlVUUEpWWENTNkJCWjQ3SDVVTFdVVFNRUU1NQzJRIiwiaWF0IjoxNTgzNzg1MTMyLCJpc3MiOiJPQ0RHNk9ZUFdYRlNLTEdTSFBBUkdTUllDS0xKSVFJMklORUtVVkFGMzJNVzU2VlRMTDRGV0o0SSIsIm5hbWUiOiJCIiwic3ViIjoiQURPUjdRNUtNV0MyWElXUlJSQzRNWlVEQ1BZRzNVTUFJV0RSWDZNMk1GRFk1U1I2SFFBQU1ISkEiLCJ0eXBlIjoiYWNjb3VudCIsIm5hdHMiOnsiaW1wb3J0cyI6W3sibmFtZSI6InRlc3QiLCJzdWJqZWN0IjoidGVzdCIsImFjY291bnQiOiJBQTNOWFRIVFhPSENUUElCS0VESE5BWUFISjRDTzdFUkNPSkZZQ1hPWFZFT1BaVE1XNTVXWDMyWiIsInRvIjoidGVzdCIsInR5cGUiOiJzZXJ2aWNlIn1dLCJsaW1pdHMiOnsic3VicyI6LTEsImNvbm4iOi0xLCJsZWFmIjotMSwiaW1wb3J0cyI6LTEsImV4cG9ydHMiOi0xLCJkYXRhIjotMSwicGF5bG9hZCI6LTEsIndpbGRjYXJkcyI6dHJ1ZX19fQ.r5p_sGt_hmDfWWIJGrLodAM8VfXPeUzsbRtzrMTBGGkcLdi4jqAHXRu09CmFISEzX2VKeGuOonGuAMOFotvICg
}

24
charts/kubezero-mq/charts/nats/deploy.yaml Normal file
View File

@ -0,0 +1,24 @@
# Setup memory preload config.
auth:
enabled: true
resolver:
type: memory
preload: |
// Operator "KO"
operator: eyJ0eXAiOiJqd3QiLCJhbGciOiJlZDI1NTE5In0.eyJqdGkiOiI0U09OUjZLT05FMzNFRFhRWE5IR1JUSEg2TEhPM0dFU0xXWlJYNlNENTQ2MjQyTE80QlVRIiwiaWF0IjoxNTgzNzg1MTMyLCJpc3MiOiJPQ0RHNk9ZUFdYRlNLTEdTSFBBUkdTUllDS0xKSVFJMklORUtVVkFGMzJNVzU2VlRMTDRGV0o0SSIsIm5hbWUiOiJLTyIsInN1YiI6Ik9DREc2T1lQV1hGU0tMR1NIUEFSR1NSWUNLTEpJUUkySU5FS1VWQUYzMk1XNTZWVExMNEZXSjRJIiwidHlwZSI6Im9wZXJhdG9yIiwibmF0cyI6e319.0039eTgLj-uyYFoWB3rivGP0WyIZkb_vrrE6tnqcNgIDM59o92nw_Rvb-hrvsK30QWqwm_W8BpVZHDMEY-CiBQ
system_account: ACLZ6OSWC7BXFT4VNVBDMWUFNBIVGHTUONOXI6TCBP3QHOD34JIDSRYW
resolver_preload: {
// Account "A"
AA3NXTHTXOHCTPIBKEDHNAYAHJ4CO7ERCOJFYCXOXVEOPZTMW55WX32Z: eyJ0eXAiOiJqd3QiLCJhbGciOiJlZDI1NTE5In0.eyJqdGkiOiJSM0QyWUM1UVlJWk4zS0hYR1FFRTZNQTRCRVU3WkFWQk5LSElJNTNOM0tLRVRTTVZEVVRRIiwiaWF0IjoxNTgzNzg1MTMyLCJpc3MiOiJPQ0RHNk9ZUFdYRlNLTEdTSFBBUkdTUllDS0xKSVFJMklORUtVVkFGMzJNVzU2VlRMTDRGV0o0SSIsIm5hbWUiOiJBIiwic3ViIjoiQUEzTlhUSFRYT0hDVFBJQktFREhOQVlBSEo0Q083RVJDT0pGWUNYT1hWRU9QWlRNVzU1V1gzMloiLCJ0eXBlIjoiYWNjb3VudCIsIm5hdHMiOnsiZXhwb3J0cyI6W3sibmFtZSI6InRlc3QiLCJzdWJqZWN0IjoidGVzdCIsInR5cGUiOiJzZXJ2aWNlIiwicmVzcG9uc2VfdHlwZSI6IlNpbmdsZXRvbiIsInNlcnZpY2VfbGF0ZW5jeSI6eyJzYW1wbGluZyI6MTAwLCJyZXN1bHRzIjoibGF0ZW5jeS5vbi50ZXN0In19XSwibGltaXRzIjp7InN1YnMiOi0xLCJjb25uIjotMSwibGVhZiI6LTEsImltcG9ydHMiOi0xLCJleHBvcnRzIjotMSwiZGF0YSI6LTEsInBheWxvYWQiOi0xLCJ3aWxkY2FyZHMiOnRydWV9fX0.W7oEjpQA986Hai3t8UOiJwCcVDYm2sj7L545oYZhQtYbydh_ragPn8pc0f1pA1krMz_ZDuBwKHLZRgXuNSysDQ
// Account "STAN"
AAYNFTMTKWXZEPPSEZLECMHE3VBULMIUO2QGVY3P4VCI7NNQC3TVX2PB: eyJ0eXAiOiJqd3QiLCJhbGciOiJlZDI1NTE5In0.eyJqdGkiOiJRSUozV0I0MjdSVU5RSlZFM1dRVEs3TlNaVlpaNkRQT01KWkdHMlhTMzQ2WFNQTVZERElBIiwiaWF0IjoxNTgzNzg1MTMyLCJpc3MiOiJPQ0RHNk9ZUFdYRlNLTEdTSFBBUkdTUllDS0xKSVFJMklORUtVVkFGMzJNVzU2VlRMTDRGV0o0SSIsIm5hbWUiOiJTVEFOIiwic3ViIjoiQUFZTkZUTVRLV1haRVBQU0VaTEVDTUhFM1ZCVUxNSVVPMlFHVlkzUDRWQ0k3Tk5RQzNUVlgyUEIiLCJ0eXBlIjoiYWNjb3VudCIsIm5hdHMiOnsibGltaXRzIjp7InN1YnMiOi0xLCJjb25uIjotMSwibGVhZiI6LTEsImltcG9ydHMiOi0xLCJleHBvcnRzIjotMSwiZGF0YSI6LTEsInBheWxvYWQiOi0xLCJ3aWxkY2FyZHMiOnRydWV9fX0.SPyQdAFmoON577s-eZP4K3-9QXYhTn9Xqy3aDGeHvHYRE9IVD47Eu7d38ZiySPlxgkdM_WXZn241_59d07axBA
// Account "SYS"
ACLZ6OSWC7BXFT4VNVBDMWUFNBIVGHTUONOXI6TCBP3QHOD34JIDSRYW: eyJ0eXAiOiJqd3QiLCJhbGciOiJlZDI1NTE5In0.eyJqdGkiOiJGSk1TSEROVlVGUEM0U0pSRlcyV0NZT1hRWUFDM1hNNUJaWTRKQUZWUTc1V0lEUkdDN0lBIiwiaWF0IjoxNTgzNzg1MTMyLCJpc3MiOiJPQ0RHNk9ZUFdYRlNLTEdTSFBBUkdTUllDS0xKSVFJMklORUtVVkFGMzJNVzU2VlRMTDRGV0o0SSIsIm5hbWUiOiJTWVMiLCJzdWIiOiJBQ0xaNk9TV0M3QlhGVDRWTlZCRE1XVUZOQklWR0hUVU9OT1hJNlRDQlAzUUhPRDM0SklEU1JZVyIsInR5cGUiOiJhY2NvdW50IiwibmF0cyI6eyJsaW1pdHMiOnsic3VicyI6LTEsImNvbm4iOi0xLCJsZWFmIjotMSwiaW1wb3J0cyI6LTEsImV4cG9ydHMiOi0xLCJkYXRhIjotMSwicGF5bG9hZCI6LTEsIndpbGRjYXJkcyI6dHJ1ZX19fQ.owW08dIa97STqgT0ux-5sD00Ad0I3HstJKTmh1CGVpsQwelaZdrBuia-4XgCgN88zuLokPMfWI_pkxXU_iB0BA
// Account "B"
ADOR7Q5KMWC2XIWRRRC4MZUDCPYG3UMAIWDRX6M2MFDY5SR6HQAAMHJA: eyJ0eXAiOiJqd3QiLCJhbGciOiJlZDI1NTE5In0.eyJqdGkiOiJRQjdIRFg3VUZYN01KUjZPS1E2S1dRSlVUUEpWWENTNkJCWjQ3SDVVTFdVVFNRUU1NQzJRIiwiaWF0IjoxNTgzNzg1MTMyLCJpc3MiOiJPQ0RHNk9ZUFdYRlNLTEdTSFBBUkdTUllDS0xKSVFJMklORUtVVkFGMzJNVzU2VlRMTDRGV0o0SSIsIm5hbWUiOiJCIiwic3ViIjoiQURPUjdRNUtNV0MyWElXUlJSQzRNWlVEQ1BZRzNVTUFJV0RSWDZNMk1GRFk1U1I2SFFBQU1ISkEiLCJ0eXBlIjoiYWNjb3VudCIsIm5hdHMiOnsiaW1wb3J0cyI6W3sibmFtZSI6InRlc3QiLCJzdWJqZWN0IjoidGVzdCIsImFjY291bnQiOiJBQTNOWFRIVFhPSENUUElCS0VESE5BWUFISjRDTzdFUkNPSkZZQ1hPWFZFT1BaVE1XNTVXWDMyWiIsInRvIjoidGVzdCIsInR5cGUiOiJzZXJ2aWNlIn1dLCJsaW1pdHMiOnsic3VicyI6LTEsImNvbm4iOi0xLCJsZWFmIjotMSwiaW1wb3J0cyI6LTEsImV4cG9ydHMiOi0xLCJkYXRhIjotMSwicGF5bG9hZCI6LTEsIndpbGRjYXJkcyI6dHJ1ZX19fQ.r5p_sGt_hmDfWWIJGrLodAM8VfXPeUzsbRtzrMTBGGkcLdi4jqAHXRu09CmFISEzX2VKeGuOonGuAMOFotvICg
}

9
charts/kubezero-mq/charts/nats/deploy2.yaml Normal file
View File

@ -0,0 +1,9 @@
# Setup memory preload config.
auth:
enabled: true
resolver:
type: memory
configMap:
name: nats-accounts
key: resolver.conf

0
charts/kubezero-mq/charts/nats/foo.conf Normal file
View File

9
charts/kubezero-mq/charts/nats/foo.dhall Normal file
View File

@ -0,0 +1,9 @@
let accounts = ./accounts.conf as Text
in
''
port: 4222
${accounts}
''

21
charts/kubezero-mq/charts/nats/resolver.conf Normal file
View File

@ -0,0 +1,21 @@
// Operator "KO"
operator: eyJ0eXAiOiJqd3QiLCJhbGciOiJlZDI1NTE5In0.eyJqdGkiOiJKS0E2U0pKUUVOTFpYVDJEWTRWNE00UDZXUFRVUlhIQzNMU1pJWEZWRlFGV0I3U0tKVk9BIiwiaWF0IjoxNTgzODIyNjYwLCJpc3MiOiJPQkZCSEMzVTVXVVRFTVpKTzNYN0hZWTJCNjNQWUpQT0RYS0FWWUdHU0VNQTczTEtGTVg0TEYyQSIsIm5hbWUiOiJLTyIsInN1YiI6Ik9CRkJIQzNVNVdVVEVNWkpPM1g3SFlZMkI2M1BZSlBPRFhLQVZZR0dTRU1BNzNMS0ZNWDRMRjJBIiwidHlwZSI6Im9wZXJhdG9yIiwibmF0cyI6e319.60YToJe3Dz9OZES80jYXVgg7uCB1c3BsX6HglA8tsKKRe-Br3pMpn9yUPUujjB61MGqnA7Zmbx8qWnoj8CkuCw
system_account: ABL65FFQWUDHHTGMGRFVVSQDBAWHGEJ2CDRCMGBFV6SB4MLKFSUPN7GP
resolver: MEMORY
resolver_preload: {
// Account "B"
AAIJAGRSL2KCEPTRBP6DJCTAMSNOUXRILLZXIY6CTZ4GR27ISCZOP6QH: eyJ0eXAiOiJqd3QiLCJhbGciOiJlZDI1NTE5In0.eyJqdGkiOiJEVTdWV1BXQUtBSVdNNkhNUElDNE43TVRGTFEyV01JUFhFVU5aNVEzRE1YSTRKVkpLQU1BIiwiaWF0IjoxNTgzODIyNjYwLCJpc3MiOiJPQkZCSEMzVTVXVVRFTVpKTzNYN0hZWTJCNjNQWUpQT0RYS0FWWUdHU0VNQTczTEtGTVg0TEYyQSIsIm5hbWUiOiJCIiwic3ViIjoiQUFJSkFHUlNMMktDRVBUUkJQNkRKQ1RBTVNOT1VYUklMTFpYSVk2Q1RaNEdSMjdJU0NaT1A2UUgiLCJ0eXBlIjoiYWNjb3VudCIsIm5hdHMiOnsiaW1wb3J0cyI6W3sibmFtZSI6InRlc3QiLCJzdWJqZWN0IjoidGVzdCIsImFjY291bnQiOiJBQlhXNU9aV09LSzUzWDNWNUhSVkdPMlJXTlVUU1NQSU1HVDZORU9SMjNBQzRNTk1QTlFTUTZWTCIsInRvIjoidGVzdCIsInR5cGUiOiJzZXJ2aWNlIn1dLCJsaW1pdHMiOnsic3VicyI6LTEsImNvbm4iOi0xLCJsZWFmIjotMSwiaW1wb3J0cyI6LTEsImV4cG9ydHMiOi0xLCJkYXRhIjotMSwicGF5bG9hZCI6LTEsIndpbGRjYXJkcyI6dHJ1ZX19fQ.VLv3U7k8jJaIcGpDYXo0XQCYNVMNQd2PHVUOXGMvCU8ifiYpkaRJ4G0UXZHqlQl_0g3M_LEtJw0K-4HwgOeIAA
// Account "SYS"
ABL65FFQWUDHHTGMGRFVVSQDBAWHGEJ2CDRCMGBFV6SB4MLKFSUPN7GP: eyJ0eXAiOiJqd3QiLCJhbGciOiJlZDI1NTE5In0.eyJqdGkiOiJPSUpENkozTjdCVk0zSEY0M0NCTUhLMllUNlpXTlFCWkZBRzQ0VE5RSFA3SlVZT0hZR0dRIiwiaWF0IjoxNTgzODIyNjYwLCJpc3MiOiJPQkZCSEMzVTVXVVRFTVpKTzNYN0hZWTJCNjNQWUpQT0RYS0FWWUdHU0VNQTczTEtGTVg0TEYyQSIsIm5hbWUiOiJTWVMiLCJzdWIiOiJBQkw2NUZGUVdVREhIVEdNR1JGVlZTUURCQVdIR0VKMkNEUkNNR0JGVjZTQjRNTEtGU1VQTjdHUCIsInR5cGUiOiJhY2NvdW50IiwibmF0cyI6eyJsaW1pdHMiOnsic3VicyI6LTEsImNvbm4iOi0xLCJsZWFmIjotMSwiaW1wb3J0cyI6LTEsImV4cG9ydHMiOi0xLCJkYXRhIjotMSwicGF5bG9hZCI6LTEsIndpbGRjYXJkcyI6dHJ1ZX19fQ.Jei8psto5h35bFn4y1Unsk0Noh6MYJxkB8Hs-nnLuUBrkTppSwukEkM_ufNGA_lxsmPki3zBf8y6rsQ13Ec5AA
// Account "A"
ABXW5OZWOKK53X3V5HRVGO2RWNUTSSPIMGT6NEOR23AC4MNMPNQSQ6VL: eyJ0eXAiOiJqd3QiLCJhbGciOiJlZDI1NTE5In0.eyJqdGkiOiJSRFNRTE9GT0gzRUoyUUNLSkkyUEJXNkxLMllUVFJDUUdGV0tJRFJJRVRVMzZTT0RPT1FRIiwiaWF0IjoxNTgzODIyNjYwLCJpc3MiOiJPQkZCSEMzVTVXVVRFTVpKTzNYN0hZWTJCNjNQWUpQT0RYS0FWWUdHU0VNQTczTEtGTVg0TEYyQSIsIm5hbWUiOiJBIiwic3ViIjoiQUJYVzVPWldPS0s1M1gzVjVIUlZHTzJSV05VVFNTUElNR1Q2TkVPUjIzQUM0TU5NUE5RU1E2VkwiLCJ0eXBlIjoiYWNjb3VudCIsIm5hdHMiOnsiZXhwb3J0cyI6W3sibmFtZSI6InRlc3QiLCJzdWJqZWN0IjoidGVzdCIsInR5cGUiOiJzZXJ2aWNlIiwicmVzcG9uc2VfdHlwZSI6IlNpbmdsZXRvbiIsInNlcnZpY2VfbGF0ZW5jeSI6eyJzYW1wbGluZyI6MTAwLCJyZXN1bHRzIjoibGF0ZW5jeS5vbi50ZXN0In19XSwibGltaXRzIjp7InN1YnMiOi0xLCJjb25uIjotMSwibGVhZiI6LTEsImltcG9ydHMiOi0xLCJleHBvcnRzIjotMSwiZGF0YSI6LTEsInBheWxvYWQiOi0xLCJ3aWxkY2FyZHMiOnRydWV9fX0.lJfHHkbXeEf6DbHFju0zktCjWL0kgll17BdYJl6f2hcZxbUtiyf3H1mGfrzELgCuEO7p8X11UpRVy_eTQfnGAA
// Account "STAN"
ACLSVE2AZYTXOBIJXOV5XHAIIM7KLL777F7GAEWW5W5P4IAR2VZJSGID: eyJ0eXAiOiJqd3QiLCJhbGciOiJlZDI1NTE5In0.eyJqdGkiOiJJT1ZPSFBPV1hJRDI2U1JYVEJQTTVUQlVKWDJRU0FSSTJMQjJTM09aRFpMU0paS1BOVU9BIiwiaWF0IjoxNTgzODIyNjYwLCJpc3MiOiJPQkZCSEMzVTVXVVRFTVpKTzNYN0hZWTJCNjNQWUpQT0RYS0FWWUdHU0VNQTczTEtGTVg0TEYyQSIsIm5hbWUiOiJTVEFOIiwic3ViIjoiQUNMU1ZFMkFaWVRYT0JJSlhPVjVYSEFJSU03S0xMNzc3RjdHQUVXVzVXNVA0SUFSMlZaSlNHSUQiLCJ0eXBlIjoiYWNjb3VudCIsIm5hdHMiOnsibGltaXRzIjp7InN1YnMiOi0xLCJjb25uIjotMSwibGVhZiI6LTEsImltcG9ydHMiOi0xLCJleHBvcnRzIjotMSwiZGF0YSI6LTEsInBheWxvYWQiOi0xLCJ3aWxkY2FyZHMiOnRydWV9fX0.CE5_K9kAdAgxesJRiJYh3kK2f74_c7T3bNQhgfaXOMzI8X6VOWqn0_5gH9jOD0xzHXIYiUMwy7a4Ou63PizHCw
}

11
charts/kubezero-mq/charts/nats/templates/_helpers.tpl
View File

@ -31,6 +31,9 @@ Common labels
*/}} */}}
{{- define "nats.labels" -}} {{- define "nats.labels" -}}
helm.sh/chart: {{ include "nats.chart" . }} helm.sh/chart: {{ include "nats.chart" . }}
{{- range $name, $value := .Values.commonLabels }}
{{ $name }}: {{ $value }}
{{- end }}
{{ include "nats.selectorLabels" . }} {{ include "nats.selectorLabels" . }}
{{- if .Chart.AppVersion }} {{- if .Chart.AppVersion }}
app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
@ -51,16 +54,16 @@ app.kubernetes.io/instance: {{ .Release.Name }}
Return the proper NATS image name Return the proper NATS image name
*/}} */}}
{{- define "nats.clusterAdvertise" -}} {{- define "nats.clusterAdvertise" -}}
{{- printf "$(POD_NAME).%s.$(POD_NAMESPACE).svc" (include "nats.fullname" . ) }} {{- printf "$(POD_NAME).%s.$(POD_NAMESPACE).svc.%s." (include "nats.fullname" . ) $.Values.k8sClusterDomain }}
{{- end }} {{- end }}
{{/* {{/*
Return the NATS cluster routes. Return the NATS cluster routes.
*/}} */}}
{{- define "nats.clusterRoutes" -}} {{- define "nats.clusterRoutes" -}}
{{- $name := default .Release.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} {{- $name := (include "nats.fullname" . ) -}}
{{- range $i, $e := until (.Values.cluster.replicas | int) -}} {{- range $i, $e := until (.Values.cluster.replicas | int) -}}
{{- printf "nats://%s-%d.%s.%s.svc:6222," $name $i $name $.Release.Namespace -}} {{- printf "nats://%s-%d.%s.%s.svc.%s.:6222," $name $i $name $.Release.Namespace $.Values.k8sClusterDomain -}}
{{- end -}} {{- end -}}
{{- end }} {{- end }}
@ -92,4 +95,4 @@ tls {
timeout: {{ .timeout }} timeout: {{ .timeout }}
{{- end }} {{- end }}
} }
{{- end }} {{- end }}

15
charts/kubezero-mq/charts/nats/templates/_mem_resolver.yaml Normal file
View File

@ -0,0 +1,15 @@
{{- if .Values.auth.enabled }}
{{- if eq .Values.auth.resolver.type "memory" }}
---
apiVersion: v1
kind: ConfigMap
metadata:
name: {{ template "nats.name" . }}-accounts
labels:
app: {{ template "nats.name" . }}
chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
data:
accounts.conf: |-
{{- .Files.Get "accounts.conf" | indent 6 }}
{{- end }}
{{- end }}

75
charts/kubezero-mq/charts/nats/templates/configmap.yaml
View File

@ -3,6 +3,7 @@ apiVersion: v1
kind: ConfigMap kind: ConfigMap
metadata: metadata:
name: {{ include "nats.fullname" . }}-config name: {{ include "nats.fullname" . }}-config
namespace: {{ .Release.Namespace | quote }}
labels: labels:
{{- include "nats.labels" . | nindent 4 }} {{- include "nats.labels" . | nindent 4 }}
data: data:
@ -44,8 +45,8 @@ data:
{{- if .Values.nats.jetstream.fileStorage.enabled }} {{- if .Values.nats.jetstream.fileStorage.enabled }}
store_dir: {{ .Values.nats.jetstream.fileStorage.storageDirectory }} store_dir: {{ .Values.nats.jetstream.fileStorage.storageDirectory }}
max_file: max_file:
{{- if .Values.nats.jetstream.fileStorage.existingClaim }} {{- if .Values.nats.jetstream.fileStorage.existingClaim }}
{{- .Values.nats.jetstream.fileStorage.claimStorageSize }} {{- .Values.nats.jetstream.fileStorage.claimStorageSize }}
{{- else }} {{- else }}
@ -55,6 +56,29 @@ data:
{{- end }} {{- end }}
} }
{{- end }} {{- end }}
{{- if .Values.mqtt.enabled }}
###################################
# #
# NATS MQTT #
# #
###################################
mqtt {
port: 1883
{{- with .Values.mqtt.tls }}
{{- $mqtt_tls := merge (dict) . }}
{{- $_ := set $mqtt_tls "secretPath" "/etc/nats-certs/mqtt" }}
{{- include "nats.tlsConfig" $mqtt_tls | nindent 6}}
{{- end }}
{{- if .Values.mqtt.noAuthUser }}
no_auth_user: {{ .Values.mqtt.noAuthUser | quote }}
{{- end }}
ack_wait: {{ .Values.mqtt.ackWait | quote }}
max_ack_pending: {{ .Values.mqtt.maxAckPending }}
}
{{- end }}
{{- if .Values.cluster.enabled }} {{- if .Values.cluster.enabled }}
################################### ###################################
@ -83,12 +107,26 @@ data:
{{- include "nats.tlsConfig" $cluster_tls | nindent 6}} {{- include "nats.tlsConfig" $cluster_tls | nindent 6}}
{{- end }} {{- end }}
{{- if .Values.cluster.authorization }}
authorization {
{{- with .Values.cluster.authorization.user }}
user: {{ . }}
{{- end }}
{{- with .Values.cluster.authorization.password }}
password: {{ . }}
{{- end }}
{{- with .Values.cluster.authorization.timeout }}
timeout: {{ . }}
{{- end }}
}
{{- end }}
routes = [ routes = [
{{ include "nats.clusterRoutes" . }} {{ include "nats.clusterRoutes" . }}
] ]
cluster_advertise: $CLUSTER_ADVERTISE cluster_advertise: $CLUSTER_ADVERTISE
{{- with .Values.cluster.noAdvertise }} {{- with .Values.cluster.noAdvertise }}
no_advertise: {{ . }} no_advertise: {{ . }}
{{- end }} {{- end }}
@ -101,7 +139,7 @@ data:
{{- end }} {{- end }}
{{- if or .Values.leafnodes.enabled .Values.leafnodes.remotes }} {{- if or .Values.leafnodes.enabled .Values.leafnodes.remotes }}
################# #################
# # # #
# NATS Leafnode # # NATS Leafnode #
# # # #
@ -115,7 +153,7 @@ data:
include "advertise/gateway_advertise.conf" include "advertise/gateway_advertise.conf"
{{ end }} {{ end }}
{{- with .Values.leafnodes.noAdvertise }} {{- with .Values.leafnodes.noAdvertise }}
no_advertise: {{ . }} no_advertise: {{ . }}
{{- end }} {{- end }}
@ -135,6 +173,23 @@ data:
{{- with .credentials }} {{- with .credentials }}
credentials: "/etc/nats-creds/{{ .secret.name }}/{{ .secret.key }}" credentials: "/etc/nats-creds/{{ .secret.name }}/{{ .secret.key }}"
{{- end }} {{- end }}
{{- with .tls }}
{{ $secretName := .secret.name }}
tls: {
{{- with .cert }}
cert_file: /etc/nats-certs/leafnodes/{{ $secretName }}/{{ . }}
{{- end }}
{{- with .key }}
key_file: /etc/nats-certs/leafnodes/{{ $secretName }}/{{ . }}
{{- end }}
{{- with .ca }}
ca_file: /etc/nats-certs/leafnodes/{{ $secretName }}/{{ . }}
{{- end }}
}
{{- end }}
} }
{{- end }} {{- end }}
] ]
@ -142,7 +197,7 @@ data:
{{ end }} {{ end }}
{{- if .Values.gateway.enabled }} {{- if .Values.gateway.enabled }}
################# #################
# # # #
# NATS Gateways # # NATS Gateways #
# # # #
@ -236,7 +291,7 @@ data:
# Websocket # # Websocket #
# # # #
################## ##################
ws { websocket {
port: {{ .Values.websocket.port }} port: {{ .Values.websocket.port }}
{{- if .Values.websocket.tls }} {{- if .Values.websocket.tls }}
{{ $secretName := .secret.name }} {{ $secretName := .secret.name }}
@ -328,6 +383,12 @@ data:
} }
{{- end }} {{- end }}
{{- if .token }}
authorization {
token: "{{ .token }}"
}
{{- end }}
{{- with .accounts }} {{- with .accounts }}
accounts: {{- toRawJson . }} accounts: {{- toRawJson . }}
{{- end }} {{- end }}

22
charts/kubezero-mq/charts/nats/templates/nats-box.yaml
View File

@ -4,6 +4,7 @@ apiVersion: apps/v1
kind: Deployment kind: Deployment
metadata: metadata:
name: {{ include "nats.fullname" . }}-box name: {{ include "nats.fullname" . }}-box
namespace: {{ .Release.Namespace | quote }}
labels: labels:
app: {{ include "nats.fullname" . }}-box app: {{ include "nats.fullname" . }}-box
chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
@ -16,7 +17,17 @@ spec:
metadata: metadata:
labels: labels:
app: {{ include "nats.fullname" . }}-box app: {{ include "nats.fullname" . }}-box
{{- if .Values.natsbox.podAnnotations }}
annotations:
{{- range $key, $value := .Values.natsbox.podAnnotations }}
{{ $key }}: {{ $value | quote }}
{{- end }}
{{- end }}
spec: spec:
{{- with .Values.natsbox.affinity }}
affinity:
{{- tpl (toYaml .) $ | nindent 8 }}
{{- end }}
volumes: volumes:
{{- if .Values.natsbox.credentials }} {{- if .Values.natsbox.credentials }}
- name: nats-sys-creds - name: nats-sys-creds
@ -29,11 +40,16 @@ spec:
secret: secret:
secretName: {{ $secretName }} secretName: {{ $secretName }}
{{- end }} {{- end }}
{{- with .Values.imagePullSecrets }}
imagePullSecrets:
{{- toYaml . | nindent 8 }}
{{- end }}
containers: containers:
- name: nats-box - name: nats-box
image: {{ .Values.natsbox.image }} image: {{ .Values.natsbox.image }}
imagePullPolicy: {{ .Values.natsbox.pullPolicy }} imagePullPolicy: {{ .Values.natsbox.pullPolicy }}
resources:
{{- toYaml .Values.natsbox.resources | nindent 10 }}
env: env:
- name: NATS_URL - name: NATS_URL
value: {{ template "nats.fullname" . }} value: {{ template "nats.fullname" . }}
@ -72,4 +88,8 @@ spec:
- name: {{ $secretName }}-clients-volume - name: {{ $secretName }}-clients-volume
mountPath: /etc/nats-certs/clients/{{ $secretName }} mountPath: /etc/nats-certs/clients/{{ $secretName }}
{{- end }} {{- end }}
{{- with .Values.securityContext }}
securityContext:
{{ toYaml . | indent 8 }}
{{- end }}
{{- end }} {{- end }}

1
charts/kubezero-mq/charts/nats/templates/pdb.yaml
View File

@ -5,6 +5,7 @@ kind: PodDisruptionBudget
metadata: metadata:
labels: labels:
name: {{ include "nats.fullname" . }} name: {{ include "nats.fullname" . }}
namespace: {{ .Release.Namespace | quote }}
labels: labels:
{{- include "nats.labels" . | nindent 4 }} {{- include "nats.labels" . | nindent 4 }}
spec: spec:

29
charts/kubezero-mq/charts/nats/templates/service.yaml
View File

@ -3,6 +3,7 @@ apiVersion: v1
kind: Service kind: Service
metadata: metadata:
name: {{ include "nats.fullname" . }} name: {{ include "nats.fullname" . }}
namespace: {{ .Release.Namespace | quote }}
labels: labels:
{{- include "nats.labels" . | nindent 4 }} {{- include "nats.labels" . | nindent 4 }}
{{- if .Values.serviceAnnotations}} {{- if .Values.serviceAnnotations}}
@ -23,16 +24,44 @@ spec:
{{- if .Values.websocket.enabled }} {{- if .Values.websocket.enabled }}
- name: websocket - name: websocket
port: {{ .Values.websocket.port }} port: {{ .Values.websocket.port }}
{{- if .Values.appProtocol.enabled }}
appProtocol: tcp
{{- end }}
{{- end }} {{- end }}
- name: client - name: client
port: 4222 port: 4222
{{- if .Values.appProtocol.enabled }}
appProtocol: tcp
{{- end }}
- name: cluster - name: cluster
port: 6222 port: 6222
{{- if .Values.appProtocol.enabled }}
appProtocol: tcp
{{- end }}
- name: monitor - name: monitor
port: 8222 port: 8222
{{- if .Values.appProtocol.enabled }}
appProtocol: http
{{- end }}
- name: metrics - name: metrics
port: 7777 port: 7777
{{- if .Values.appProtocol.enabled }}
appProtocol: http
{{- end }}
- name: leafnodes - name: leafnodes
port: 7422 port: 7422
{{- if .Values.appProtocol.enabled }}
appProtocol: tcp
{{- end }}
- name: gateways - name: gateways
port: 7522 port: 7522
{{- if .Values.appProtocol.enabled }}
appProtocol: tcp
{{- end }}
{{- if .Values.mqtt.enabled }}
- name: mqtt
port: 1883
{{- if .Values.appProtocol.enabled }}
appProtocol: tcp
{{- end }}
{{- end }}

48
charts/kubezero-mq/charts/nats/templates/statefulset.yaml
View File

@ -3,14 +3,15 @@ apiVersion: apps/v1
kind: StatefulSet kind: StatefulSet
metadata: metadata:
name: {{ include "nats.fullname" . }} name: {{ include "nats.fullname" . }}
namespace: {{ .Release.Namespace | quote }}
labels: labels:
{{- include "nats.labels" . | nindent 4 }} {{- include "nats.labels" . | nindent 4 }}
{{- if .Values.statefulSetAnnotations}} {{- if .Values.statefulSetAnnotations}}
annotations: annotations:
{{- range $key, $value := .Values.statefulSetAnnotations }} {{- range $key, $value := .Values.statefulSetAnnotations }}
{{ $key }}: {{ $value | quote }} {{ $key }}: {{ $value | quote }}
{{- end }} {{- end }}
{{- end }} {{- end }}
spec: spec:
selector: selector:
matchLabels: matchLabels:
@ -115,6 +116,12 @@ spec:
secret: secret:
secretName: {{ $secretName }} secretName: {{ $secretName }}
{{- end }} {{- end }}
{{- with .Values.mqtt.tls }}
{{ $secretName := .secret.name }}
- name: {{ $secretName }}-mqtt-volume
secret:
secretName: {{ $secretName }}
{{- end }}
{{- with .Values.cluster.tls }} {{- with .Values.cluster.tls }}
{{ $secretName := .secret.name }} {{ $secretName := .secret.name }}
- name: {{ $secretName }}-cluster-volume - name: {{ $secretName }}-cluster-volume
@ -140,9 +147,9 @@ spec:
secretName: {{ $secretName }} secretName: {{ $secretName }}
{{- end }} {{- end }}
{{- if .Values.leafnodes.enabled }} {{- if .Values.leafnodes.enabled }}
# #
# Leafnode credential volumes # Leafnode credential volumes
# #
{{- range .Values.leafnodes.remotes }} {{- range .Values.leafnodes.remotes }}
{{- with .credentials }} {{- with .credentials }}
- name: {{ .secret.name }}-volume - name: {{ .secret.name }}-volume
@ -182,6 +189,8 @@ spec:
fieldPath: spec.nodeName fieldPath: spec.nodeName
image: {{ .Values.bootconfig.image }} image: {{ .Values.bootconfig.image }}
imagePullPolicy: {{ .Values.bootconfig.pullPolicy }} imagePullPolicy: {{ .Values.bootconfig.pullPolicy }}
resources:
{{- toYaml .Values.bootconfig.resources | nindent 10 }}
volumeMounts: volumeMounts:
- mountPath: /etc/nats-config/advertise - mountPath: /etc/nats-config/advertise
name: advertiseconfig name: advertiseconfig
@ -222,6 +231,13 @@ spec:
name: monitor name: monitor
- containerPort: 7777 - containerPort: 7777
name: metrics name: metrics
{{- if .Values.mqtt.enabled }}
- containerPort: 1883
name: mqtt
{{- if .Values.nats.externalAccess }}
hostPort: 1883
{{- end }}
{{- end }}
{{- if .Values.websocket.enabled }} {{- if .Values.websocket.enabled }}
- containerPort: {{ .Values.websocket.port }} - containerPort: {{ .Values.websocket.port }}
name: websocket name: websocket
@ -297,6 +313,11 @@ spec:
- name: {{ $secretName }}-clients-volume - name: {{ $secretName }}-clients-volume
mountPath: /etc/nats-certs/clients/{{ $secretName }} mountPath: /etc/nats-certs/clients/{{ $secretName }}
{{- end }} {{- end }}
{{- with .Values.mqtt.tls }}
{{ $secretName := .secret.name }}
- name: {{ $secretName }}-mqtt-volume
mountPath: /etc/nats-certs/mqtt/{{ $secretName }}
{{- end }}
{{- with .Values.cluster.tls }} {{- with .Values.cluster.tls }}
{{ $secretName := .secret.name }} {{ $secretName := .secret.name }}
- name: {{ $secretName }}-cluster-volume - name: {{ $secretName }}-cluster-volume
@ -320,9 +341,9 @@ spec:
{{- end }} {{- end }}
{{- if .Values.leafnodes.enabled }} {{- if .Values.leafnodes.enabled }}
# #
# Leafnode credential volumes # Leafnode credential volumes
# #
{{- range .Values.leafnodes.remotes }} {{- range .Values.leafnodes.remotes }}
{{- with .credentials }} {{- with .credentials }}
- name: {{ .secret.name }}-volume - name: {{ .secret.name }}-volume
@ -369,6 +390,8 @@ spec:
- name: reloader - name: reloader
image: {{ .Values.reloader.image }} image: {{ .Values.reloader.image }}
imagePullPolicy: {{ .Values.reloader.pullPolicy }} imagePullPolicy: {{ .Values.reloader.pullPolicy }}
resources:
{{- toYaml .Values.reloader.resources | nindent 10 }}
command: command:
- "nats-server-config-reloader" - "nats-server-config-reloader"
- "-pid" - "-pid"
@ -391,6 +414,8 @@ spec:
- name: metrics - name: metrics
image: {{ .Values.exporter.image }} image: {{ .Values.exporter.image }}
imagePullPolicy: {{ .Values.exporter.pullPolicy }} imagePullPolicy: {{ .Values.exporter.pullPolicy }}
resources:
{{- toYaml .Values.exporter.resources | nindent 10 }}
args: args:
- -connz - -connz
- -routez - -routez
@ -398,6 +423,9 @@ spec:
- -varz - -varz
- -prefix=nats - -prefix=nats
- -use_internal_server_id - -use_internal_server_id
{{- if .Values.nats.jetstream.enabled }}
- -jsz=all
{{- end }}
- http://localhost:8222/ - http://localhost:8222/
ports: ports:
- containerPort: 7777 - containerPort: 7777
@ -415,7 +443,7 @@ spec:
- metadata: - metadata:
name: nats-jwt-pvc name: nats-jwt-pvc
spec: spec:
accessModes: accessModes:
- ReadWriteOnce - ReadWriteOnce
resources: resources:
requests: requests:

130
charts/kubezero-mq/charts/nats/values.yaml
View File

@ -4,7 +4,7 @@
# # # #
############################### ###############################
nats: nats:
image: nats:2.1.9-alpine3.12 image: nats:2.3.2-alpine
pullPolicy: IfNotPresent pullPolicy: IfNotPresent
# Toggle whether to enable external access. # Toggle whether to enable external access.
@ -32,24 +32,24 @@ nats:
# Server settings. # Server settings.
limits: limits:
maxConnections: maxConnections:
maxSubscriptions: maxSubscriptions:
maxControlLine: maxControlLine:
maxPayload: maxPayload:
writeDeadline: writeDeadline:
maxPending: maxPending:
maxPings: maxPings:
lameDuckDuration: lameDuckDuration:
terminationGracePeriodSeconds: 60 terminationGracePeriodSeconds: 60
logging: logging:
debug: debug:
trace: trace:
logtime: logtime:
connectErrorReports: connectErrorReports:
reconnectErrorReports: reconnectErrorReports:
jetstream: jetstream:
enabled: false enabled: false
@ -75,7 +75,7 @@ nats:
# Set for use with existing PVC # Set for use with existing PVC
# existingClaim: jetstream-pvc # existingClaim: jetstream-pvc
# claimStorageSize: 1Gi # claimStorageSize: 1Gi
# Use below block to create new persistent volume # Use below block to create new persistent volume
# only used if existingClaim is not specified # only used if existingClaim is not specified
size: 1Gi size: 1Gi
@ -90,11 +90,11 @@ nats:
# TLS Configuration # # TLS Configuration #
# # # #
####################### #######################
# #
# # You can find more on how to setup and trouble shoot TLS connnections at: # # You can find more on how to setup and trouble shoot TLS connnections at:
# #
# # https://docs.nats.io/nats-server/configuration/securing_nats/tls # # https://docs.nats.io/nats-server/configuration/securing_nats/tls
# #
# tls: # tls:
# secret: # secret:
@ -103,13 +103,39 @@ nats:
# cert: "tls.crt" # cert: "tls.crt"
# key: "tls.key" # key: "tls.key"
mqtt:
enabled: false
ackWait: 1m
maxAckPending: 100
#######################
# #
# TLS Configuration #
# #
#######################
#
# # You can find more on how to setup and trouble shoot TLS connnections at:
#
# # https://docs.nats.io/nats-server/configuration/securing_nats/tls
#
#
# tls:
# secret:
# name: nats-mqtt-tls
# ca: "ca.crt"
# cert: "tls.crt"
# key: "tls.key"
nameOverride: "" nameOverride: ""
# An array of imagePullSecrets, and they have to be created manually in the same namespace
# ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
imagePullSecrets: [] imagePullSecrets: []
# Toggle whether to use setup a Pod Security Context # Toggle whether to use setup a Pod Security Context
# ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ # ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/
securityContext: {} securityContext: {}
# securityContext: # securityContext:
# fsGroup: 1000 # fsGroup: 1000
# runAsUser: 1000 # runAsUser: 1000
# runAsNonRoot: true # runAsNonRoot: true
@ -154,6 +180,10 @@ cluster:
enabled: false enabled: false
replicas: 3 replicas: 3
noAdvertise: false noAdvertise: false
# authorization:
# user: foo
# password: pwd
# timeout: 0.5
# Leafnode connections to extend a cluster: # Leafnode connections to extend a cluster:
# #
@ -170,11 +200,11 @@ leafnodes:
# TLS Configuration # # TLS Configuration #
# # # #
####################### #######################
# #
# # You can find more on how to setup and trouble shoot TLS connnections at: # # You can find more on how to setup and trouble shoot TLS connnections at:
# #
# # https://docs.nats.io/nats-server/configuration/securing_nats/tls # # https://docs.nats.io/nats-server/configuration/securing_nats/tls
# #
# #
# tls: # tls:
@ -206,9 +236,9 @@ gateway:
# TLS Configuration # # TLS Configuration #
# # # #
####################### #######################
# #
# # You can find more on how to setup and trouble shoot TLS connnections at: # # You can find more on how to setup and trouble shoot TLS connnections at:
# #
# # https://docs.nats.io/nats-server/configuration/securing_nats/tls # # https://docs.nats.io/nats-server/configuration/securing_nats/tls
# #
# tls: # tls:
@ -217,39 +247,54 @@ gateway:
# ca: "ca.crt" # ca: "ca.crt"
# cert: "tls.crt" # cert: "tls.crt"
# key: "tls.key" # key: "tls.key"
# In case of both external access and advertisements being # In case of both external access and advertisements being
# enabled, an initializer container will be used to gather # enabled, an initializer container will be used to gather
# the public ips. # the public ips.
bootconfig: bootconfig:
image: connecteverything/nats-boot-config:0.5.2 image: natsio/nats-boot-config:0.5.3
pullPolicy: IfNotPresent pullPolicy: IfNotPresent
# NATS Box # NATS Box
# #
# https://github.com/nats-io/nats-box # https://github.com/nats-io/nats-box
# #
natsbox: natsbox:
enabled: true enabled: true
image: synadia/nats-box:0.4.0 image: natsio/nats-box:0.6.0
pullPolicy: IfNotPresent pullPolicy: IfNotPresent
# An array of imagePullSecrets, and they have to be created manually in the same namespace
# ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
imagePullSecrets: []
# - name: dockerhub
# credentials: # credentials:
# secret: # secret:
# name: nats-sys-creds # name: nats-sys-creds
# key: sys.creds # key: sys.creds
# Annotations to add to the box pods
# ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/
podAnnotations: {}
# key: "value"
# Affinity for nats box pod assignment
# ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity
affinity: {}
# The NATS config reloader image to use. # The NATS config reloader image to use.
reloader: reloader:
enabled: true enabled: true
image: connecteverything/nats-server-config-reloader:0.6.0 image: natsio/nats-server-config-reloader:0.6.1
pullPolicy: IfNotPresent pullPolicy: IfNotPresent
# Prometheus NATS Exporter configuration. # Prometheus NATS Exporter configuration.
exporter: exporter:
enabled: true enabled: true
image: synadia/prometheus-nats-exporter:0.5.0 image: natsio/prometheus-nats-exporter:0.8.0
pullPolicy: IfNotPresent pullPolicy: IfNotPresent
resources: {}
# Prometheus operator ServiceMonitor support. Exporter has to be enabled # Prometheus operator ServiceMonitor support. Exporter has to be enabled
serviceMonitor: serviceMonitor:
enabled: false enabled: false
@ -282,6 +327,9 @@ auth:
# name: operator-jwt # name: operator-jwt
# key: KO.jwt # key: KO.jwt
# Token authentication
# token:
# Public key of the System Account # Public key of the System Account
# systemAccount: # systemAccount:
@ -300,15 +348,15 @@ auth:
allowDelete: false allowDelete: false
# Interval at which a nats-server with a nats based account resolver will compare # Interval at which a nats-server with a nats based account resolver will compare
# it's state with one random nats based account resolver in the cluster and if needed, # it's state with one random nats based account resolver in the cluster and if needed,
# exchange jwt and converge on the same set of jwt. # exchange jwt and converge on the same set of jwt.
interval: 2m interval: 2m
# Operator JWT # Operator JWT
operator: operator:
# System Account Public NKEY # System Account Public NKEY
systemAccount: systemAccount:
# resolverPreload: # resolverPreload:
# <ACCOUNT>: <JWT> # <ACCOUNT>: <JWT>
@ -326,14 +374,14 @@ auth:
# # # #
############################## ##############################
# type: memory # type: memory
# #
# Use a configmap reference which will be mounted # Use a configmap reference which will be mounted
# into the container. # into the container.
# #
# configMap: # configMap:
# name: nats-accounts # name: nats-accounts
# key: resolver.conf # key: resolver.conf
########################## ##########################
# # # #
# URL resolver settings # # URL resolver settings #
@ -345,3 +393,13 @@ auth:
websocket: websocket:
enabled: false enabled: false
port: 443 port: 443
appProtocol:
enabled: false
# Cluster Domain configured on the kubelets
# https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/
k8sClusterDomain: cluster.local
# Add labels to all the deployed resources
commonLabels: {}

10
charts/kubezero-mq/update.sh
View File

@ -1,14 +1,10 @@
#!/bin/bash #!/bin/bash
set -ex set -ex
### NATS ## NATS
# get latest chart until they have upstream repo fixed NATS_VERSION=0.8.4
rm -rf charts/nats && mkdir -p charts/nats rm -rf charts/nats && curl -L -s -o - https://github.com/nats-io/k8s/releases/download/v$NATS_VERSION/nats-$NATS_VERSION.tgz | tar xfz - -C charts
git clone --depth=1 https://github.com/nats-io/k8s.git
cp -r k8s/helm/charts/nats/* charts/nats/
rm -rf k8s
# Fetch dashboards # Fetch dashboards
../kubezero-metrics/sync_grafana_dashboards.py dashboards-nats.yaml templates/nats/grafana-dashboards.yaml ../kubezero-metrics/sync_grafana_dashboards.py dashboards-nats.yaml templates/nats/grafana-dashboards.yaml

5
charts/kubezero-mq/values.yaml
View File

@ -3,8 +3,6 @@ nats:
enabled: false enabled: false
nats: nats:
image: nats:2.2.1-alpine3.13
advertise: false advertise: false
jetstream: jetstream:
@ -17,6 +15,9 @@ nats:
serviceMonitor: serviceMonitor:
enabled: false enabled: false
mqtt:
enabled: false
# rabbitmq # rabbitmq
rabbitmq: rabbitmq:
enabled: false enabled: false