feat: Major version bump for all MQ components
This commit is contained in:
parent
bebf9f4f9d
commit
f5c8a9f7ff
@ -18,8 +18,8 @@ dependencies:
|
|||||||
version: ">= 0.1.6"
|
version: ">= 0.1.6"
|
||||||
repository: https://cdn.zero-downtime.net/charts/
|
repository: https://cdn.zero-downtime.net/charts/
|
||||||
- name: nats
|
- name: nats
|
||||||
version: 0.8.4
|
version: 1.2.2
|
||||||
#repository: https://nats-io.github.io/k8s/helm/charts/
|
repository: https://nats-io.github.io/k8s/helm/charts/
|
||||||
condition: nats.enabled
|
condition: nats.enabled
|
||||||
- name: rabbitmq
|
- name: rabbitmq
|
||||||
version: 14.6.6
|
version: 14.6.6
|
||||||
@ -29,4 +29,4 @@ dependencies:
|
|||||||
version: 4.3.19
|
version: 4.3.19
|
||||||
repository: https://charts.bitnami.com/bitnami
|
repository: https://charts.bitnami.com/bitnami
|
||||||
condition: rabbitmq-cluster-operator.enabled
|
condition: rabbitmq-cluster-operator.enabled
|
||||||
kubeVersion: ">= 1.25.0"
|
kubeVersion: ">= 1.26.0"
|
||||||
|
@ -1,6 +1,6 @@
|
|||||||
# kubezero-mq
|
# kubezero-mq
|
||||||
|
|
||||||
![Version: 0.3.5](https://img.shields.io/badge/Version-0.3.5-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square)
|
![Version: 0.3.10](https://img.shields.io/badge/Version-0.3.10-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square)
|
||||||
|
|
||||||
KubeZero umbrella chart for MQ systems like NATS, RabbitMQ
|
KubeZero umbrella chart for MQ systems like NATS, RabbitMQ
|
||||||
|
|
||||||
@ -14,14 +14,14 @@ KubeZero umbrella chart for MQ systems like NATS, RabbitMQ
|
|||||||
|
|
||||||
## Requirements
|
## Requirements
|
||||||
|
|
||||||
Kubernetes: `>= 1.20.0`
|
Kubernetes: `>= 1.25.0`
|
||||||
|
|
||||||
| Repository | Name | Version |
|
| Repository | Name | Version |
|
||||||
|------------|------|---------|
|
|------------|------|---------|
|
||||||
| | nats | 0.8.4 |
|
|
||||||
| https://cdn.zero-downtime.net/charts/ | kubezero-lib | >= 0.1.6 |
|
| https://cdn.zero-downtime.net/charts/ | kubezero-lib | >= 0.1.6 |
|
||||||
| https://charts.bitnami.com/bitnami | rabbitmq | 11.3.2 |
|
| https://charts.bitnami.com/bitnami | rabbitmq | 14.6.6 |
|
||||||
| https://charts.bitnami.com/bitnami | rabbitmq-cluster-operator | 3.1.4 |
|
| https://charts.bitnami.com/bitnami | rabbitmq-cluster-operator | 4.3.19 |
|
||||||
|
| https://nats-io.github.io/k8s/helm/charts/ | nats | 1.2.2 |
|
||||||
|
|
||||||
## Values
|
## Values
|
||||||
|
|
||||||
@ -64,7 +64,7 @@ Kubernetes: `>= 1.20.0`
|
|||||||
| rabbitmq.podAntiAffinityPreset | string | `""` | |
|
| rabbitmq.podAntiAffinityPreset | string | `""` | |
|
||||||
| rabbitmq.replicaCount | int | `1` | |
|
| rabbitmq.replicaCount | int | `1` | |
|
||||||
| rabbitmq.resources.requests.cpu | string | `"100m"` | |
|
| rabbitmq.resources.requests.cpu | string | `"100m"` | |
|
||||||
| rabbitmq.resources.requests.memory | string | `"256Mi"` | |
|
| rabbitmq.resources.requests.memory | string | `"512Mi"` | |
|
||||||
| rabbitmq.topologySpreadConstraints | string | `"- maxSkew: 1\n topologyKey: topology.kubernetes.io/zone\n whenUnsatisfiable: DoNotSchedule\n labelSelector:\n matchLabels: {{- include \"common.labels.matchLabels\" . | nindent 6 }}\n- maxSkew: 1\n topologyKey: kubernetes.io/hostname\n whenUnsatisfiable: DoNotSchedule\n labelSelector:\n matchLabels: {{- include \"common.labels.matchLabels\" . | nindent 6 }}"` | |
|
| rabbitmq.topologySpreadConstraints | string | `"- maxSkew: 1\n topologyKey: topology.kubernetes.io/zone\n whenUnsatisfiable: DoNotSchedule\n labelSelector:\n matchLabels: {{- include \"common.labels.matchLabels\" . | nindent 6 }}\n- maxSkew: 1\n topologyKey: kubernetes.io/hostname\n whenUnsatisfiable: DoNotSchedule\n labelSelector:\n matchLabels: {{- include \"common.labels.matchLabels\" . | nindent 6 }}"` | |
|
||||||
| rabbitmq.ulimitNofiles | string | `""` | |
|
| rabbitmq.ulimitNofiles | string | `""` | |
|
||||||
|
|
||||||
|
@ -1,22 +0,0 @@
|
|||||||
# Patterns to ignore when building packages.
|
|
||||||
# This supports shell glob matching, relative path matching, and
|
|
||||||
# negation (prefixed with !). Only one pattern per line.
|
|
||||||
.DS_Store
|
|
||||||
# Common VCS dirs
|
|
||||||
.git/
|
|
||||||
.gitignore
|
|
||||||
.bzr/
|
|
||||||
.bzrignore
|
|
||||||
.hg/
|
|
||||||
.hgignore
|
|
||||||
.svn/
|
|
||||||
# Common backup files
|
|
||||||
*.swp
|
|
||||||
*.bak
|
|
||||||
*.tmp
|
|
||||||
*~
|
|
||||||
# Various IDEs
|
|
||||||
.project
|
|
||||||
.idea/
|
|
||||||
*.tmproj
|
|
||||||
.vscode/
|
|
@ -1,19 +0,0 @@
|
|||||||
apiVersion: v2
|
|
||||||
appVersion: 2.3.2
|
|
||||||
description: A Helm chart for the NATS.io High Speed Cloud Native Distributed Communications
|
|
||||||
Technology.
|
|
||||||
home: http://github.com/nats-io/k8s
|
|
||||||
icon: https://nats.io/img/nats-icon-color.png
|
|
||||||
keywords:
|
|
||||||
- nats
|
|
||||||
- messaging
|
|
||||||
- cncf
|
|
||||||
maintainers:
|
|
||||||
- email: wally@nats.io
|
|
||||||
name: Waldemar Quevedo
|
|
||||||
- email: colin@nats.io
|
|
||||||
name: Colin Sullivan
|
|
||||||
- email: jaime@nats.io
|
|
||||||
name: Jaime Piña
|
|
||||||
name: nats
|
|
||||||
version: 0.8.4
|
|
@ -1,596 +0,0 @@
|
|||||||
# NATS Server
|
|
||||||
|
|
||||||
[NATS](https://nats.io) is a simple, secure and performant communications system for digital systems, services and devices. NATS is part of the Cloud Native Computing Foundation ([CNCF](https://cncf.io)). NATS has over [30 client language implementations](https://nats.io/download/), and its server can run on-premise, in the cloud, at the edge, and even on a Raspberry Pi. NATS can secure and simplify design and operation of modern distributed systems.
|
|
||||||
|
|
||||||
## TL;DR;
|
|
||||||
|
|
||||||
```console
|
|
||||||
helm repo add nats https://nats-io.github.io/k8s/helm/charts/
|
|
||||||
helm install my-nats nats/nats
|
|
||||||
```
|
|
||||||
|
|
||||||
## Configuration
|
|
||||||
|
|
||||||
### Server Image
|
|
||||||
|
|
||||||
```yaml
|
|
||||||
nats:
|
|
||||||
image: nats:2.1.7-alpine3.11
|
|
||||||
pullPolicy: IfNotPresent
|
|
||||||
```
|
|
||||||
|
|
||||||
### Limits
|
|
||||||
|
|
||||||
```yaml
|
|
||||||
nats:
|
|
||||||
# The number of connect attempts against discovered routes.
|
|
||||||
connectRetries: 30
|
|
||||||
|
|
||||||
# How many seconds should pass before sending a PING
|
|
||||||
# to a client that has no activity.
|
|
||||||
pingInterval:
|
|
||||||
|
|
||||||
# Server settings.
|
|
||||||
limits:
|
|
||||||
maxConnections:
|
|
||||||
maxSubscriptions:
|
|
||||||
maxControlLine:
|
|
||||||
maxPayload:
|
|
||||||
|
|
||||||
writeDeadline:
|
|
||||||
maxPending:
|
|
||||||
maxPings:
|
|
||||||
lameDuckDuration:
|
|
||||||
|
|
||||||
# Number of seconds to wait for client connections to end after the pod termination is requested
|
|
||||||
terminationGracePeriodSeconds: 60
|
|
||||||
```
|
|
||||||
|
|
||||||
### Logging
|
|
||||||
|
|
||||||
*Note*: It is not recommended to enable trace or debug in production since enabling it will significantly degrade performance.
|
|
||||||
|
|
||||||
```yaml
|
|
||||||
nats:
|
|
||||||
logging:
|
|
||||||
debug:
|
|
||||||
trace:
|
|
||||||
logtime:
|
|
||||||
connectErrorReports:
|
|
||||||
reconnectErrorReports:
|
|
||||||
```
|
|
||||||
|
|
||||||
### TLS setup for client connections
|
|
||||||
|
|
||||||
You can find more on how to setup and trouble shoot TLS connnections at:
|
|
||||||
https://docs.nats.io/nats-server/configuration/securing_nats/tls
|
|
||||||
|
|
||||||
```yaml
|
|
||||||
nats:
|
|
||||||
tls:
|
|
||||||
secret:
|
|
||||||
name: nats-client-tls
|
|
||||||
ca: "ca.crt"
|
|
||||||
cert: "tls.crt"
|
|
||||||
key: "tls.key"
|
|
||||||
```
|
|
||||||
|
|
||||||
## Clustering
|
|
||||||
|
|
||||||
If clustering is enabled, then a 3-node cluster will be setup. More info at:
|
|
||||||
https://docs.nats.io/nats-server/configuration/clustering#nats-server-clustering
|
|
||||||
|
|
||||||
```yaml
|
|
||||||
cluster:
|
|
||||||
enabled: true
|
|
||||||
replicas: 3
|
|
||||||
|
|
||||||
tls:
|
|
||||||
secret:
|
|
||||||
name: nats-server-tls
|
|
||||||
ca: "ca.crt"
|
|
||||||
cert: "tls.crt"
|
|
||||||
key: "tls.key"
|
|
||||||
```
|
|
||||||
|
|
||||||
Example:
|
|
||||||
|
|
||||||
```sh
|
|
||||||
$ helm install nats nats/nats --set cluster.enabled=true
|
|
||||||
```
|
|
||||||
|
|
||||||
## Leafnodes
|
|
||||||
|
|
||||||
Leafnode connections to extend a cluster. More info at:
|
|
||||||
https://docs.nats.io/nats-server/configuration/leafnodes
|
|
||||||
|
|
||||||
```yaml
|
|
||||||
leafnodes:
|
|
||||||
enabled: true
|
|
||||||
remotes:
|
|
||||||
- url: "tls://connect.ngs.global:7422"
|
|
||||||
# credentials:
|
|
||||||
# secret:
|
|
||||||
# name: leafnode-creds
|
|
||||||
# key: TA.creds
|
|
||||||
# tls:
|
|
||||||
# secret:
|
|
||||||
# name: nats-leafnode-tls
|
|
||||||
# ca: "ca.crt"
|
|
||||||
# cert: "tls.crt"
|
|
||||||
# key: "tls.key"
|
|
||||||
|
|
||||||
#######################
|
|
||||||
# #
|
|
||||||
# TLS Configuration #
|
|
||||||
# #
|
|
||||||
#######################
|
|
||||||
#
|
|
||||||
# # You can find more on how to setup and trouble shoot TLS connnections at:
|
|
||||||
#
|
|
||||||
# # https://docs.nats.io/nats-server/configuration/securing_nats/tls
|
|
||||||
#
|
|
||||||
tls:
|
|
||||||
secret:
|
|
||||||
name: nats-client-tls
|
|
||||||
ca: "ca.crt"
|
|
||||||
cert: "tls.crt"
|
|
||||||
key: "tls.key"
|
|
||||||
```
|
|
||||||
|
|
||||||
## Setting up External Access
|
|
||||||
|
|
||||||
### Using HostPorts
|
|
||||||
|
|
||||||
In case of both external access and advertisements being enabled, an
|
|
||||||
initializer container will be used to gather the public ips. This
|
|
||||||
container will required to have enough RBAC policy to be able to make a
|
|
||||||
look up of the public ip of the node where it is running.
|
|
||||||
|
|
||||||
For example, to setup external access for a cluster and advertise the public ip to clients:
|
|
||||||
|
|
||||||
```yaml
|
|
||||||
nats:
|
|
||||||
# Toggle whether to enable external access.
|
|
||||||
# This binds a host port for clients, gateways and leafnodes.
|
|
||||||
externalAccess: true
|
|
||||||
|
|
||||||
# Toggle to disable client advertisements (connect_urls),
|
|
||||||
# in case of running behind a load balancer (which is not recommended)
|
|
||||||
# it might be required to disable advertisements.
|
|
||||||
advertise: true
|
|
||||||
|
|
||||||
# In case both external access and advertise are enabled
|
|
||||||
# then a service account would be required to be able to
|
|
||||||
# gather the public ip from a node.
|
|
||||||
serviceAccount: "nats-server"
|
|
||||||
```
|
|
||||||
|
|
||||||
Where the service account named `nats-server` has the following RBAC policy for example:
|
|
||||||
|
|
||||||
```yaml
|
|
||||||
---
|
|
||||||
apiVersion: v1
|
|
||||||
kind: ServiceAccount
|
|
||||||
metadata:
|
|
||||||
name: nats-server
|
|
||||||
namespace: default
|
|
||||||
---
|
|
||||||
apiVersion: rbac.authorization.k8s.io/v1
|
|
||||||
kind: ClusterRole
|
|
||||||
metadata:
|
|
||||||
name: nats-server
|
|
||||||
rules:
|
|
||||||
- apiGroups: [""]
|
|
||||||
resources:
|
|
||||||
- nodes
|
|
||||||
verbs: ["get"]
|
|
||||||
---
|
|
||||||
apiVersion: rbac.authorization.k8s.io/v1
|
|
||||||
kind: ClusterRoleBinding
|
|
||||||
metadata:
|
|
||||||
name: nats-server-binding
|
|
||||||
roleRef:
|
|
||||||
apiGroup: rbac.authorization.k8s.io
|
|
||||||
kind: ClusterRole
|
|
||||||
name: nats-server
|
|
||||||
subjects:
|
|
||||||
- kind: ServiceAccount
|
|
||||||
name: nats-server
|
|
||||||
namespace: default
|
|
||||||
```
|
|
||||||
|
|
||||||
The container image of the initializer can be customized via:
|
|
||||||
|
|
||||||
```yaml
|
|
||||||
bootconfig:
|
|
||||||
image: natsio/nats-boot-config:latest
|
|
||||||
pullPolicy: IfNotPresent
|
|
||||||
```
|
|
||||||
|
|
||||||
### Using LoadBalancers
|
|
||||||
|
|
||||||
In case of using a load balancer for external access, it is recommended to disable no advertise
|
|
||||||
so that internal ips from the NATS Servers are not advertised to the clients connecting through
|
|
||||||
the load balancer.
|
|
||||||
|
|
||||||
```yaml
|
|
||||||
nats:
|
|
||||||
image: nats:alpine
|
|
||||||
|
|
||||||
cluster:
|
|
||||||
enabled: true
|
|
||||||
noAdvertise: true
|
|
||||||
|
|
||||||
leafnodes:
|
|
||||||
enabled: true
|
|
||||||
noAdvertise: true
|
|
||||||
|
|
||||||
natsbox:
|
|
||||||
enabled: true
|
|
||||||
```
|
|
||||||
|
|
||||||
Then could use an L4 enabled load balancer to connect to NATS, for example:
|
|
||||||
|
|
||||||
```yaml
|
|
||||||
apiVersion: v1
|
|
||||||
kind: Service
|
|
||||||
metadata:
|
|
||||||
name: nats-lb
|
|
||||||
spec:
|
|
||||||
type: LoadBalancer
|
|
||||||
selector:
|
|
||||||
app.kubernetes.io/name: nats
|
|
||||||
ports:
|
|
||||||
- protocol: TCP
|
|
||||||
port: 4222
|
|
||||||
targetPort: 4222
|
|
||||||
name: nats
|
|
||||||
- protocol: TCP
|
|
||||||
port: 7422
|
|
||||||
targetPort: 7422
|
|
||||||
name: leafnodes
|
|
||||||
- protocol: TCP
|
|
||||||
port: 7522
|
|
||||||
targetPort: 7522
|
|
||||||
name: gateways
|
|
||||||
```
|
|
||||||
|
|
||||||
## Gateways
|
|
||||||
|
|
||||||
A super cluster can be formed by pointing to remote gateways.
|
|
||||||
You can find more about gateways in the NATS documentation:
|
|
||||||
https://docs.nats.io/nats-server/configuration/gateways
|
|
||||||
|
|
||||||
```yaml
|
|
||||||
gateway:
|
|
||||||
enabled: false
|
|
||||||
name: 'default'
|
|
||||||
|
|
||||||
#############################
|
|
||||||
# #
|
|
||||||
# List of remote gateways #
|
|
||||||
# #
|
|
||||||
#############################
|
|
||||||
# gateways:
|
|
||||||
# - name: other
|
|
||||||
# url: nats://my-gateway-url:7522
|
|
||||||
|
|
||||||
#######################
|
|
||||||
# #
|
|
||||||
# TLS Configuration #
|
|
||||||
# #
|
|
||||||
#######################
|
|
||||||
#
|
|
||||||
# # You can find more on how to setup and trouble shoot TLS connnections at:
|
|
||||||
#
|
|
||||||
# # https://docs.nats.io/nats-server/configuration/securing_nats/tls
|
|
||||||
#
|
|
||||||
# tls:
|
|
||||||
# secret:
|
|
||||||
# name: nats-client-tls
|
|
||||||
# ca: "ca.crt"
|
|
||||||
# cert: "tls.crt"
|
|
||||||
# key: "tls.key"
|
|
||||||
```
|
|
||||||
|
|
||||||
## Auth setup
|
|
||||||
|
|
||||||
### Auth with a Memory Resolver
|
|
||||||
|
|
||||||
```yaml
|
|
||||||
auth:
|
|
||||||
enabled: true
|
|
||||||
|
|
||||||
# Reference to the Operator JWT.
|
|
||||||
operatorjwt:
|
|
||||||
configMap:
|
|
||||||
name: operator-jwt
|
|
||||||
key: KO.jwt
|
|
||||||
|
|
||||||
# Public key of the System Account
|
|
||||||
systemAccount:
|
|
||||||
|
|
||||||
resolver:
|
|
||||||
############################
|
|
||||||
# #
|
|
||||||
# Memory resolver settings #
|
|
||||||
# #
|
|
||||||
##############################
|
|
||||||
type: memory
|
|
||||||
|
|
||||||
#
|
|
||||||
# Use a configmap reference which will be mounted
|
|
||||||
# into the container.
|
|
||||||
#
|
|
||||||
configMap:
|
|
||||||
name: nats-accounts
|
|
||||||
key: resolver.conf
|
|
||||||
```
|
|
||||||
|
|
||||||
### Auth using an Account Server Resolver
|
|
||||||
|
|
||||||
```yaml
|
|
||||||
auth:
|
|
||||||
enabled: true
|
|
||||||
|
|
||||||
# Reference to the Operator JWT.
|
|
||||||
operatorjwt:
|
|
||||||
configMap:
|
|
||||||
name: operator-jwt
|
|
||||||
key: KO.jwt
|
|
||||||
|
|
||||||
# Public key of the System Account
|
|
||||||
systemAccount:
|
|
||||||
|
|
||||||
resolver:
|
|
||||||
##########################
|
|
||||||
# #
|
|
||||||
# URL resolver settings #
|
|
||||||
# #
|
|
||||||
##########################
|
|
||||||
type: URL
|
|
||||||
url: "http://nats-account-server:9090/jwt/v1/accounts/"
|
|
||||||
```
|
|
||||||
|
|
||||||
## JetStream
|
|
||||||
|
|
||||||
### Setting up Memory and File Storage
|
|
||||||
|
|
||||||
```yaml
|
|
||||||
nats:
|
|
||||||
image: nats:alpine
|
|
||||||
|
|
||||||
jetstream:
|
|
||||||
enabled: true
|
|
||||||
|
|
||||||
memStorage:
|
|
||||||
enabled: true
|
|
||||||
size: 2Gi
|
|
||||||
|
|
||||||
fileStorage:
|
|
||||||
enabled: true
|
|
||||||
size: 1Gi
|
|
||||||
storageDirectory: /data/
|
|
||||||
storageClassName: default
|
|
||||||
```
|
|
||||||
|
|
||||||
### Using with an existing PersistentVolumeClaim
|
|
||||||
|
|
||||||
For example, given the following `PersistentVolumeClaim`:
|
|
||||||
|
|
||||||
```yaml
|
|
||||||
---
|
|
||||||
kind: PersistentVolumeClaim
|
|
||||||
apiVersion: v1
|
|
||||||
metadata:
|
|
||||||
name: nats-js-disk
|
|
||||||
annotations:
|
|
||||||
volume.beta.kubernetes.io/storage-class: "default"
|
|
||||||
spec:
|
|
||||||
accessModes:
|
|
||||||
- ReadWriteOnce
|
|
||||||
resources:
|
|
||||||
requests:
|
|
||||||
storage: 3Gi
|
|
||||||
```
|
|
||||||
|
|
||||||
You can start JetStream so that one pod is bounded to it:
|
|
||||||
|
|
||||||
```yaml
|
|
||||||
nats:
|
|
||||||
image: nats:alpine
|
|
||||||
|
|
||||||
jetstream:
|
|
||||||
enabled: true
|
|
||||||
|
|
||||||
fileStorage:
|
|
||||||
enabled: true
|
|
||||||
storageDirectory: /data/
|
|
||||||
existingClaim: nats-js-disk
|
|
||||||
claimStorageSize: 3Gi
|
|
||||||
```
|
|
||||||
|
|
||||||
### Clustering example
|
|
||||||
|
|
||||||
```yaml
|
|
||||||
|
|
||||||
nats:
|
|
||||||
image: nats:alpine
|
|
||||||
|
|
||||||
jetstream:
|
|
||||||
enabled: true
|
|
||||||
|
|
||||||
memStorage:
|
|
||||||
enabled: true
|
|
||||||
size: "2Gi"
|
|
||||||
|
|
||||||
fileStorage:
|
|
||||||
enabled: true
|
|
||||||
size: "1Gi"
|
|
||||||
storageDirectory: /data/
|
|
||||||
storageClassName: default
|
|
||||||
|
|
||||||
cluster:
|
|
||||||
enabled: true
|
|
||||||
# Cluster name is required, by default will be release name.
|
|
||||||
# name: "nats"
|
|
||||||
replicas: 3
|
|
||||||
```
|
|
||||||
|
|
||||||
## Misc
|
|
||||||
|
|
||||||
### NATS Box
|
|
||||||
|
|
||||||
A lightweight container with NATS and NATS Streaming utilities that is deployed along the cluster to confirm the setup.
|
|
||||||
You can find the image at: https://github.com/nats-io/nats-box
|
|
||||||
|
|
||||||
```yaml
|
|
||||||
natsbox:
|
|
||||||
enabled: true
|
|
||||||
image: nats:alpine
|
|
||||||
pullPolicy: IfNotPresent
|
|
||||||
|
|
||||||
# credentials:
|
|
||||||
# secret:
|
|
||||||
# name: nats-sys-creds
|
|
||||||
# key: sys.creds
|
|
||||||
```
|
|
||||||
|
|
||||||
### Configuration Reload sidecar
|
|
||||||
|
|
||||||
The NATS config reloader image to use:
|
|
||||||
|
|
||||||
```yaml
|
|
||||||
reloader:
|
|
||||||
enabled: true
|
|
||||||
image: natsio/nats-server-config-reloader:latest
|
|
||||||
pullPolicy: IfNotPresent
|
|
||||||
```
|
|
||||||
|
|
||||||
### Prometheus Exporter sidecar
|
|
||||||
|
|
||||||
You can toggle whether to start the sidecar that can be used to feed metrics to Prometheus:
|
|
||||||
|
|
||||||
```yaml
|
|
||||||
exporter:
|
|
||||||
enabled: true
|
|
||||||
image: natsio/prometheus-nats-exporter:latest
|
|
||||||
pullPolicy: IfNotPresent
|
|
||||||
```
|
|
||||||
|
|
||||||
### Prometheus operator ServiceMonitor support
|
|
||||||
|
|
||||||
You can enable prometheus operator ServiceMonitor:
|
|
||||||
|
|
||||||
```yaml
|
|
||||||
exporter:
|
|
||||||
# You have to enable exporter first
|
|
||||||
enabled: true
|
|
||||||
serviceMonitor:
|
|
||||||
enabled: true
|
|
||||||
## Specify the namespace where Prometheus Operator is running
|
|
||||||
# namespace: monitoring
|
|
||||||
# ...
|
|
||||||
```
|
|
||||||
|
|
||||||
### Pod Customizations
|
|
||||||
|
|
||||||
#### Security Context
|
|
||||||
|
|
||||||
```yaml
|
|
||||||
# Toggle whether to use setup a Pod Security Context
|
|
||||||
# ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/
|
|
||||||
securityContext:
|
|
||||||
fsGroup: 1000
|
|
||||||
runAsUser: 1000
|
|
||||||
runAsNonRoot: true
|
|
||||||
```
|
|
||||||
|
|
||||||
#### Affinity
|
|
||||||
|
|
||||||
<https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity>
|
|
||||||
|
|
||||||
`matchExpressions` must be configured according to your setup
|
|
||||||
|
|
||||||
```yaml
|
|
||||||
affinity:
|
|
||||||
nodeAffinity:
|
|
||||||
requiredDuringSchedulingIgnoredDuringExecution:
|
|
||||||
nodeSelectorTerms:
|
|
||||||
- matchExpressions:
|
|
||||||
- key: node.kubernetes.io/purpose
|
|
||||||
operator: In
|
|
||||||
values:
|
|
||||||
- nats
|
|
||||||
podAntiAffinity:
|
|
||||||
requiredDuringSchedulingIgnoredDuringExecution:
|
|
||||||
- labelSelector:
|
|
||||||
matchExpressions:
|
|
||||||
- key: app
|
|
||||||
operator: In
|
|
||||||
values:
|
|
||||||
- nats
|
|
||||||
- stan
|
|
||||||
topologyKey: "kubernetes.io/hostname"
|
|
||||||
```
|
|
||||||
|
|
||||||
#### Service topology
|
|
||||||
|
|
||||||
[Service topology](https://kubernetes.io/docs/concepts/services-networking/service-topology/) is disabled by default, but can be enabled by setting `topologyKeys`. For example:
|
|
||||||
|
|
||||||
```yaml
|
|
||||||
topologyKeys:
|
|
||||||
- "kubernetes.io/hostname"
|
|
||||||
- "topology.kubernetes.io/zone"
|
|
||||||
- "topology.kubernetes.io/region"
|
|
||||||
```
|
|
||||||
|
|
||||||
#### CPU/Memory Resource Requests/Limits
|
|
||||||
Sets the pods cpu/memory requests/limits
|
|
||||||
|
|
||||||
```yaml
|
|
||||||
nats:
|
|
||||||
resources:
|
|
||||||
requests:
|
|
||||||
cpu: 2
|
|
||||||
memory: 4Gi
|
|
||||||
limits:
|
|
||||||
cpu: 4
|
|
||||||
memory: 6Gi
|
|
||||||
```
|
|
||||||
|
|
||||||
No resources are set by default.
|
|
||||||
|
|
||||||
#### Annotations
|
|
||||||
|
|
||||||
<https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations>
|
|
||||||
|
|
||||||
```yaml
|
|
||||||
podAnnotations:
|
|
||||||
key1 : "value1",
|
|
||||||
key2 : "value2"
|
|
||||||
```
|
|
||||||
|
|
||||||
### Name Overides
|
|
||||||
|
|
||||||
Can change the name of the resources as needed with:
|
|
||||||
|
|
||||||
```yaml
|
|
||||||
nameOverride: "my-nats"
|
|
||||||
```
|
|
||||||
|
|
||||||
### Image Pull Secrets
|
|
||||||
|
|
||||||
```yaml
|
|
||||||
imagePullSecrets:
|
|
||||||
- name: myRegistry
|
|
||||||
```
|
|
||||||
|
|
||||||
Adds this to the StatefulSet:
|
|
||||||
|
|
||||||
```yaml
|
|
||||||
spec:
|
|
||||||
imagePullSecrets:
|
|
||||||
- name: myRegistry
|
|
||||||
```
|
|
@ -1,21 +0,0 @@
|
|||||||
// Operator "KO"
|
|
||||||
operator: eyJ0eXAiOiJqd3QiLCJhbGciOiJlZDI1NTE5In0.eyJqdGkiOiI0U09OUjZLT05FMzNFRFhRWE5IR1JUSEg2TEhPM0dFU0xXWlJYNlNENTQ2MjQyTE80QlVRIiwiaWF0IjoxNTgzNzg1MTMyLCJpc3MiOiJPQ0RHNk9ZUFdYRlNLTEdTSFBBUkdTUllDS0xKSVFJMklORUtVVkFGMzJNVzU2VlRMTDRGV0o0SSIsIm5hbWUiOiJLTyIsInN1YiI6Ik9DREc2T1lQV1hGU0tMR1NIUEFSR1NSWUNLTEpJUUkySU5FS1VWQUYzMk1XNTZWVExMNEZXSjRJIiwidHlwZSI6Im9wZXJhdG9yIiwibmF0cyI6e319.0039eTgLj-uyYFoWB3rivGP0WyIZkb_vrrE6tnqcNgIDM59o92nw_Rvb-hrvsK30QWqwm_W8BpVZHDMEY-CiBQ
|
|
||||||
|
|
||||||
system_account: ACLZ6OSWC7BXFT4VNVBDMWUFNBIVGHTUONOXI6TCBP3QHOD34JIDSRYW
|
|
||||||
|
|
||||||
resolver: MEMORY
|
|
||||||
|
|
||||||
resolver_preload: {
|
|
||||||
// Account "A"
|
|
||||||
AA3NXTHTXOHCTPIBKEDHNAYAHJ4CO7ERCOJFYCXOXVEOPZTMW55WX32Z: eyJ0eXAiOiJqd3QiLCJhbGciOiJlZDI1NTE5In0.eyJqdGkiOiJSM0QyWUM1UVlJWk4zS0hYR1FFRTZNQTRCRVU3WkFWQk5LSElJNTNOM0tLRVRTTVZEVVRRIiwiaWF0IjoxNTgzNzg1MTMyLCJpc3MiOiJPQ0RHNk9ZUFdYRlNLTEdTSFBBUkdTUllDS0xKSVFJMklORUtVVkFGMzJNVzU2VlRMTDRGV0o0SSIsIm5hbWUiOiJBIiwic3ViIjoiQUEzTlhUSFRYT0hDVFBJQktFREhOQVlBSEo0Q083RVJDT0pGWUNYT1hWRU9QWlRNVzU1V1gzMloiLCJ0eXBlIjoiYWNjb3VudCIsIm5hdHMiOnsiZXhwb3J0cyI6W3sibmFtZSI6InRlc3QiLCJzdWJqZWN0IjoidGVzdCIsInR5cGUiOiJzZXJ2aWNlIiwicmVzcG9uc2VfdHlwZSI6IlNpbmdsZXRvbiIsInNlcnZpY2VfbGF0ZW5jeSI6eyJzYW1wbGluZyI6MTAwLCJyZXN1bHRzIjoibGF0ZW5jeS5vbi50ZXN0In19XSwibGltaXRzIjp7InN1YnMiOi0xLCJjb25uIjotMSwibGVhZiI6LTEsImltcG9ydHMiOi0xLCJleHBvcnRzIjotMSwiZGF0YSI6LTEsInBheWxvYWQiOi0xLCJ3aWxkY2FyZHMiOnRydWV9fX0.W7oEjpQA986Hai3t8UOiJwCcVDYm2sj7L545oYZhQtYbydh_ragPn8pc0f1pA1krMz_ZDuBwKHLZRgXuNSysDQ
|
|
||||||
|
|
||||||
// Account "STAN"
|
|
||||||
AAYNFTMTKWXZEPPSEZLECMHE3VBULMIUO2QGVY3P4VCI7NNQC3TVX2PB: eyJ0eXAiOiJqd3QiLCJhbGciOiJlZDI1NTE5In0.eyJqdGkiOiJRSUozV0I0MjdSVU5RSlZFM1dRVEs3TlNaVlpaNkRQT01KWkdHMlhTMzQ2WFNQTVZERElBIiwiaWF0IjoxNTgzNzg1MTMyLCJpc3MiOiJPQ0RHNk9ZUFdYRlNLTEdTSFBBUkdTUllDS0xKSVFJMklORUtVVkFGMzJNVzU2VlRMTDRGV0o0SSIsIm5hbWUiOiJTVEFOIiwic3ViIjoiQUFZTkZUTVRLV1haRVBQU0VaTEVDTUhFM1ZCVUxNSVVPMlFHVlkzUDRWQ0k3Tk5RQzNUVlgyUEIiLCJ0eXBlIjoiYWNjb3VudCIsIm5hdHMiOnsibGltaXRzIjp7InN1YnMiOi0xLCJjb25uIjotMSwibGVhZiI6LTEsImltcG9ydHMiOi0xLCJleHBvcnRzIjotMSwiZGF0YSI6LTEsInBheWxvYWQiOi0xLCJ3aWxkY2FyZHMiOnRydWV9fX0.SPyQdAFmoON577s-eZP4K3-9QXYhTn9Xqy3aDGeHvHYRE9IVD47Eu7d38ZiySPlxgkdM_WXZn241_59d07axBA
|
|
||||||
|
|
||||||
// Account "SYS"
|
|
||||||
ACLZ6OSWC7BXFT4VNVBDMWUFNBIVGHTUONOXI6TCBP3QHOD34JIDSRYW: eyJ0eXAiOiJqd3QiLCJhbGciOiJlZDI1NTE5In0.eyJqdGkiOiJGSk1TSEROVlVGUEM0U0pSRlcyV0NZT1hRWUFDM1hNNUJaWTRKQUZWUTc1V0lEUkdDN0lBIiwiaWF0IjoxNTgzNzg1MTMyLCJpc3MiOiJPQ0RHNk9ZUFdYRlNLTEdTSFBBUkdTUllDS0xKSVFJMklORUtVVkFGMzJNVzU2VlRMTDRGV0o0SSIsIm5hbWUiOiJTWVMiLCJzdWIiOiJBQ0xaNk9TV0M3QlhGVDRWTlZCRE1XVUZOQklWR0hUVU9OT1hJNlRDQlAzUUhPRDM0SklEU1JZVyIsInR5cGUiOiJhY2NvdW50IiwibmF0cyI6eyJsaW1pdHMiOnsic3VicyI6LTEsImNvbm4iOi0xLCJsZWFmIjotMSwiaW1wb3J0cyI6LTEsImV4cG9ydHMiOi0xLCJkYXRhIjotMSwicGF5bG9hZCI6LTEsIndpbGRjYXJkcyI6dHJ1ZX19fQ.owW08dIa97STqgT0ux-5sD00Ad0I3HstJKTmh1CGVpsQwelaZdrBuia-4XgCgN88zuLokPMfWI_pkxXU_iB0BA
|
|
||||||
|
|
||||||
// Account "B"
|
|
||||||
ADOR7Q5KMWC2XIWRRRC4MZUDCPYG3UMAIWDRX6M2MFDY5SR6HQAAMHJA: eyJ0eXAiOiJqd3QiLCJhbGciOiJlZDI1NTE5In0.eyJqdGkiOiJRQjdIRFg3VUZYN01KUjZPS1E2S1dRSlVUUEpWWENTNkJCWjQ3SDVVTFdVVFNRUU1NQzJRIiwiaWF0IjoxNTgzNzg1MTMyLCJpc3MiOiJPQ0RHNk9ZUFdYRlNLTEdTSFBBUkdTUllDS0xKSVFJMklORUtVVkFGMzJNVzU2VlRMTDRGV0o0SSIsIm5hbWUiOiJCIiwic3ViIjoiQURPUjdRNUtNV0MyWElXUlJSQzRNWlVEQ1BZRzNVTUFJV0RSWDZNMk1GRFk1U1I2SFFBQU1ISkEiLCJ0eXBlIjoiYWNjb3VudCIsIm5hdHMiOnsiaW1wb3J0cyI6W3sibmFtZSI6InRlc3QiLCJzdWJqZWN0IjoidGVzdCIsImFjY291bnQiOiJBQTNOWFRIVFhPSENUUElCS0VESE5BWUFISjRDTzdFUkNPSkZZQ1hPWFZFT1BaVE1XNTVXWDMyWiIsInRvIjoidGVzdCIsInR5cGUiOiJzZXJ2aWNlIn1dLCJsaW1pdHMiOnsic3VicyI6LTEsImNvbm4iOi0xLCJsZWFmIjotMSwiaW1wb3J0cyI6LTEsImV4cG9ydHMiOi0xLCJkYXRhIjotMSwicGF5bG9hZCI6LTEsIndpbGRjYXJkcyI6dHJ1ZX19fQ.r5p_sGt_hmDfWWIJGrLodAM8VfXPeUzsbRtzrMTBGGkcLdi4jqAHXRu09CmFISEzX2VKeGuOonGuAMOFotvICg
|
|
||||||
|
|
||||||
}
|
|
@ -1,24 +0,0 @@
|
|||||||
# Setup memory preload config.
|
|
||||||
auth:
|
|
||||||
enabled: true
|
|
||||||
resolver:
|
|
||||||
type: memory
|
|
||||||
preload: |
|
|
||||||
// Operator "KO"
|
|
||||||
operator: eyJ0eXAiOiJqd3QiLCJhbGciOiJlZDI1NTE5In0.eyJqdGkiOiI0U09OUjZLT05FMzNFRFhRWE5IR1JUSEg2TEhPM0dFU0xXWlJYNlNENTQ2MjQyTE80QlVRIiwiaWF0IjoxNTgzNzg1MTMyLCJpc3MiOiJPQ0RHNk9ZUFdYRlNLTEdTSFBBUkdTUllDS0xKSVFJMklORUtVVkFGMzJNVzU2VlRMTDRGV0o0SSIsIm5hbWUiOiJLTyIsInN1YiI6Ik9DREc2T1lQV1hGU0tMR1NIUEFSR1NSWUNLTEpJUUkySU5FS1VWQUYzMk1XNTZWVExMNEZXSjRJIiwidHlwZSI6Im9wZXJhdG9yIiwibmF0cyI6e319.0039eTgLj-uyYFoWB3rivGP0WyIZkb_vrrE6tnqcNgIDM59o92nw_Rvb-hrvsK30QWqwm_W8BpVZHDMEY-CiBQ
|
|
||||||
|
|
||||||
system_account: ACLZ6OSWC7BXFT4VNVBDMWUFNBIVGHTUONOXI6TCBP3QHOD34JIDSRYW
|
|
||||||
|
|
||||||
resolver_preload: {
|
|
||||||
// Account "A"
|
|
||||||
AA3NXTHTXOHCTPIBKEDHNAYAHJ4CO7ERCOJFYCXOXVEOPZTMW55WX32Z: eyJ0eXAiOiJqd3QiLCJhbGciOiJlZDI1NTE5In0.eyJqdGkiOiJSM0QyWUM1UVlJWk4zS0hYR1FFRTZNQTRCRVU3WkFWQk5LSElJNTNOM0tLRVRTTVZEVVRRIiwiaWF0IjoxNTgzNzg1MTMyLCJpc3MiOiJPQ0RHNk9ZUFdYRlNLTEdTSFBBUkdTUllDS0xKSVFJMklORUtVVkFGMzJNVzU2VlRMTDRGV0o0SSIsIm5hbWUiOiJBIiwic3ViIjoiQUEzTlhUSFRYT0hDVFBJQktFREhOQVlBSEo0Q083RVJDT0pGWUNYT1hWRU9QWlRNVzU1V1gzMloiLCJ0eXBlIjoiYWNjb3VudCIsIm5hdHMiOnsiZXhwb3J0cyI6W3sibmFtZSI6InRlc3QiLCJzdWJqZWN0IjoidGVzdCIsInR5cGUiOiJzZXJ2aWNlIiwicmVzcG9uc2VfdHlwZSI6IlNpbmdsZXRvbiIsInNlcnZpY2VfbGF0ZW5jeSI6eyJzYW1wbGluZyI6MTAwLCJyZXN1bHRzIjoibGF0ZW5jeS5vbi50ZXN0In19XSwibGltaXRzIjp7InN1YnMiOi0xLCJjb25uIjotMSwibGVhZiI6LTEsImltcG9ydHMiOi0xLCJleHBvcnRzIjotMSwiZGF0YSI6LTEsInBheWxvYWQiOi0xLCJ3aWxkY2FyZHMiOnRydWV9fX0.W7oEjpQA986Hai3t8UOiJwCcVDYm2sj7L545oYZhQtYbydh_ragPn8pc0f1pA1krMz_ZDuBwKHLZRgXuNSysDQ
|
|
||||||
|
|
||||||
// Account "STAN"
|
|
||||||
AAYNFTMTKWXZEPPSEZLECMHE3VBULMIUO2QGVY3P4VCI7NNQC3TVX2PB: eyJ0eXAiOiJqd3QiLCJhbGciOiJlZDI1NTE5In0.eyJqdGkiOiJRSUozV0I0MjdSVU5RSlZFM1dRVEs3TlNaVlpaNkRQT01KWkdHMlhTMzQ2WFNQTVZERElBIiwiaWF0IjoxNTgzNzg1MTMyLCJpc3MiOiJPQ0RHNk9ZUFdYRlNLTEdTSFBBUkdTUllDS0xKSVFJMklORUtVVkFGMzJNVzU2VlRMTDRGV0o0SSIsIm5hbWUiOiJTVEFOIiwic3ViIjoiQUFZTkZUTVRLV1haRVBQU0VaTEVDTUhFM1ZCVUxNSVVPMlFHVlkzUDRWQ0k3Tk5RQzNUVlgyUEIiLCJ0eXBlIjoiYWNjb3VudCIsIm5hdHMiOnsibGltaXRzIjp7InN1YnMiOi0xLCJjb25uIjotMSwibGVhZiI6LTEsImltcG9ydHMiOi0xLCJleHBvcnRzIjotMSwiZGF0YSI6LTEsInBheWxvYWQiOi0xLCJ3aWxkY2FyZHMiOnRydWV9fX0.SPyQdAFmoON577s-eZP4K3-9QXYhTn9Xqy3aDGeHvHYRE9IVD47Eu7d38ZiySPlxgkdM_WXZn241_59d07axBA
|
|
||||||
|
|
||||||
// Account "SYS"
|
|
||||||
ACLZ6OSWC7BXFT4VNVBDMWUFNBIVGHTUONOXI6TCBP3QHOD34JIDSRYW: eyJ0eXAiOiJqd3QiLCJhbGciOiJlZDI1NTE5In0.eyJqdGkiOiJGSk1TSEROVlVGUEM0U0pSRlcyV0NZT1hRWUFDM1hNNUJaWTRKQUZWUTc1V0lEUkdDN0lBIiwiaWF0IjoxNTgzNzg1MTMyLCJpc3MiOiJPQ0RHNk9ZUFdYRlNLTEdTSFBBUkdTUllDS0xKSVFJMklORUtVVkFGMzJNVzU2VlRMTDRGV0o0SSIsIm5hbWUiOiJTWVMiLCJzdWIiOiJBQ0xaNk9TV0M3QlhGVDRWTlZCRE1XVUZOQklWR0hUVU9OT1hJNlRDQlAzUUhPRDM0SklEU1JZVyIsInR5cGUiOiJhY2NvdW50IiwibmF0cyI6eyJsaW1pdHMiOnsic3VicyI6LTEsImNvbm4iOi0xLCJsZWFmIjotMSwiaW1wb3J0cyI6LTEsImV4cG9ydHMiOi0xLCJkYXRhIjotMSwicGF5bG9hZCI6LTEsIndpbGRjYXJkcyI6dHJ1ZX19fQ.owW08dIa97STqgT0ux-5sD00Ad0I3HstJKTmh1CGVpsQwelaZdrBuia-4XgCgN88zuLokPMfWI_pkxXU_iB0BA
|
|
||||||
|
|
||||||
// Account "B"
|
|
||||||
ADOR7Q5KMWC2XIWRRRC4MZUDCPYG3UMAIWDRX6M2MFDY5SR6HQAAMHJA: eyJ0eXAiOiJqd3QiLCJhbGciOiJlZDI1NTE5In0.eyJqdGkiOiJRQjdIRFg3VUZYN01KUjZPS1E2S1dRSlVUUEpWWENTNkJCWjQ3SDVVTFdVVFNRUU1NQzJRIiwiaWF0IjoxNTgzNzg1MTMyLCJpc3MiOiJPQ0RHNk9ZUFdYRlNLTEdTSFBBUkdTUllDS0xKSVFJMklORUtVVkFGMzJNVzU2VlRMTDRGV0o0SSIsIm5hbWUiOiJCIiwic3ViIjoiQURPUjdRNUtNV0MyWElXUlJSQzRNWlVEQ1BZRzNVTUFJV0RSWDZNMk1GRFk1U1I2SFFBQU1ISkEiLCJ0eXBlIjoiYWNjb3VudCIsIm5hdHMiOnsiaW1wb3J0cyI6W3sibmFtZSI6InRlc3QiLCJzdWJqZWN0IjoidGVzdCIsImFjY291bnQiOiJBQTNOWFRIVFhPSENUUElCS0VESE5BWUFISjRDTzdFUkNPSkZZQ1hPWFZFT1BaVE1XNTVXWDMyWiIsInRvIjoidGVzdCIsInR5cGUiOiJzZXJ2aWNlIn1dLCJsaW1pdHMiOnsic3VicyI6LTEsImNvbm4iOi0xLCJsZWFmIjotMSwiaW1wb3J0cyI6LTEsImV4cG9ydHMiOi0xLCJkYXRhIjotMSwicGF5bG9hZCI6LTEsIndpbGRjYXJkcyI6dHJ1ZX19fQ.r5p_sGt_hmDfWWIJGrLodAM8VfXPeUzsbRtzrMTBGGkcLdi4jqAHXRu09CmFISEzX2VKeGuOonGuAMOFotvICg
|
|
||||||
}
|
|
@ -1,9 +0,0 @@
|
|||||||
|
|
||||||
# Setup memory preload config.
|
|
||||||
auth:
|
|
||||||
enabled: true
|
|
||||||
resolver:
|
|
||||||
type: memory
|
|
||||||
configMap:
|
|
||||||
name: nats-accounts
|
|
||||||
key: resolver.conf
|
|
@ -1,9 +0,0 @@
|
|||||||
|
|
||||||
let accounts = ./accounts.conf as Text
|
|
||||||
|
|
||||||
in
|
|
||||||
''
|
|
||||||
port: 4222
|
|
||||||
|
|
||||||
${accounts}
|
|
||||||
''
|
|
@ -1,21 +0,0 @@
|
|||||||
// Operator "KO"
|
|
||||||
operator: eyJ0eXAiOiJqd3QiLCJhbGciOiJlZDI1NTE5In0.eyJqdGkiOiJKS0E2U0pKUUVOTFpYVDJEWTRWNE00UDZXUFRVUlhIQzNMU1pJWEZWRlFGV0I3U0tKVk9BIiwiaWF0IjoxNTgzODIyNjYwLCJpc3MiOiJPQkZCSEMzVTVXVVRFTVpKTzNYN0hZWTJCNjNQWUpQT0RYS0FWWUdHU0VNQTczTEtGTVg0TEYyQSIsIm5hbWUiOiJLTyIsInN1YiI6Ik9CRkJIQzNVNVdVVEVNWkpPM1g3SFlZMkI2M1BZSlBPRFhLQVZZR0dTRU1BNzNMS0ZNWDRMRjJBIiwidHlwZSI6Im9wZXJhdG9yIiwibmF0cyI6e319.60YToJe3Dz9OZES80jYXVgg7uCB1c3BsX6HglA8tsKKRe-Br3pMpn9yUPUujjB61MGqnA7Zmbx8qWnoj8CkuCw
|
|
||||||
|
|
||||||
system_account: ABL65FFQWUDHHTGMGRFVVSQDBAWHGEJ2CDRCMGBFV6SB4MLKFSUPN7GP
|
|
||||||
|
|
||||||
resolver: MEMORY
|
|
||||||
|
|
||||||
resolver_preload: {
|
|
||||||
// Account "B"
|
|
||||||
AAIJAGRSL2KCEPTRBP6DJCTAMSNOUXRILLZXIY6CTZ4GR27ISCZOP6QH: eyJ0eXAiOiJqd3QiLCJhbGciOiJlZDI1NTE5In0.eyJqdGkiOiJEVTdWV1BXQUtBSVdNNkhNUElDNE43TVRGTFEyV01JUFhFVU5aNVEzRE1YSTRKVkpLQU1BIiwiaWF0IjoxNTgzODIyNjYwLCJpc3MiOiJPQkZCSEMzVTVXVVRFTVpKTzNYN0hZWTJCNjNQWUpQT0RYS0FWWUdHU0VNQTczTEtGTVg0TEYyQSIsIm5hbWUiOiJCIiwic3ViIjoiQUFJSkFHUlNMMktDRVBUUkJQNkRKQ1RBTVNOT1VYUklMTFpYSVk2Q1RaNEdSMjdJU0NaT1A2UUgiLCJ0eXBlIjoiYWNjb3VudCIsIm5hdHMiOnsiaW1wb3J0cyI6W3sibmFtZSI6InRlc3QiLCJzdWJqZWN0IjoidGVzdCIsImFjY291bnQiOiJBQlhXNU9aV09LSzUzWDNWNUhSVkdPMlJXTlVUU1NQSU1HVDZORU9SMjNBQzRNTk1QTlFTUTZWTCIsInRvIjoidGVzdCIsInR5cGUiOiJzZXJ2aWNlIn1dLCJsaW1pdHMiOnsic3VicyI6LTEsImNvbm4iOi0xLCJsZWFmIjotMSwiaW1wb3J0cyI6LTEsImV4cG9ydHMiOi0xLCJkYXRhIjotMSwicGF5bG9hZCI6LTEsIndpbGRjYXJkcyI6dHJ1ZX19fQ.VLv3U7k8jJaIcGpDYXo0XQCYNVMNQd2PHVUOXGMvCU8ifiYpkaRJ4G0UXZHqlQl_0g3M_LEtJw0K-4HwgOeIAA
|
|
||||||
|
|
||||||
// Account "SYS"
|
|
||||||
ABL65FFQWUDHHTGMGRFVVSQDBAWHGEJ2CDRCMGBFV6SB4MLKFSUPN7GP: eyJ0eXAiOiJqd3QiLCJhbGciOiJlZDI1NTE5In0.eyJqdGkiOiJPSUpENkozTjdCVk0zSEY0M0NCTUhLMllUNlpXTlFCWkZBRzQ0VE5RSFA3SlVZT0hZR0dRIiwiaWF0IjoxNTgzODIyNjYwLCJpc3MiOiJPQkZCSEMzVTVXVVRFTVpKTzNYN0hZWTJCNjNQWUpQT0RYS0FWWUdHU0VNQTczTEtGTVg0TEYyQSIsIm5hbWUiOiJTWVMiLCJzdWIiOiJBQkw2NUZGUVdVREhIVEdNR1JGVlZTUURCQVdIR0VKMkNEUkNNR0JGVjZTQjRNTEtGU1VQTjdHUCIsInR5cGUiOiJhY2NvdW50IiwibmF0cyI6eyJsaW1pdHMiOnsic3VicyI6LTEsImNvbm4iOi0xLCJsZWFmIjotMSwiaW1wb3J0cyI6LTEsImV4cG9ydHMiOi0xLCJkYXRhIjotMSwicGF5bG9hZCI6LTEsIndpbGRjYXJkcyI6dHJ1ZX19fQ.Jei8psto5h35bFn4y1Unsk0Noh6MYJxkB8Hs-nnLuUBrkTppSwukEkM_ufNGA_lxsmPki3zBf8y6rsQ13Ec5AA
|
|
||||||
|
|
||||||
// Account "A"
|
|
||||||
ABXW5OZWOKK53X3V5HRVGO2RWNUTSSPIMGT6NEOR23AC4MNMPNQSQ6VL: eyJ0eXAiOiJqd3QiLCJhbGciOiJlZDI1NTE5In0.eyJqdGkiOiJSRFNRTE9GT0gzRUoyUUNLSkkyUEJXNkxLMllUVFJDUUdGV0tJRFJJRVRVMzZTT0RPT1FRIiwiaWF0IjoxNTgzODIyNjYwLCJpc3MiOiJPQkZCSEMzVTVXVVRFTVpKTzNYN0hZWTJCNjNQWUpQT0RYS0FWWUdHU0VNQTczTEtGTVg0TEYyQSIsIm5hbWUiOiJBIiwic3ViIjoiQUJYVzVPWldPS0s1M1gzVjVIUlZHTzJSV05VVFNTUElNR1Q2TkVPUjIzQUM0TU5NUE5RU1E2VkwiLCJ0eXBlIjoiYWNjb3VudCIsIm5hdHMiOnsiZXhwb3J0cyI6W3sibmFtZSI6InRlc3QiLCJzdWJqZWN0IjoidGVzdCIsInR5cGUiOiJzZXJ2aWNlIiwicmVzcG9uc2VfdHlwZSI6IlNpbmdsZXRvbiIsInNlcnZpY2VfbGF0ZW5jeSI6eyJzYW1wbGluZyI6MTAwLCJyZXN1bHRzIjoibGF0ZW5jeS5vbi50ZXN0In19XSwibGltaXRzIjp7InN1YnMiOi0xLCJjb25uIjotMSwibGVhZiI6LTEsImltcG9ydHMiOi0xLCJleHBvcnRzIjotMSwiZGF0YSI6LTEsInBheWxvYWQiOi0xLCJ3aWxkY2FyZHMiOnRydWV9fX0.lJfHHkbXeEf6DbHFju0zktCjWL0kgll17BdYJl6f2hcZxbUtiyf3H1mGfrzELgCuEO7p8X11UpRVy_eTQfnGAA
|
|
||||||
|
|
||||||
// Account "STAN"
|
|
||||||
ACLSVE2AZYTXOBIJXOV5XHAIIM7KLL777F7GAEWW5W5P4IAR2VZJSGID: eyJ0eXAiOiJqd3QiLCJhbGciOiJlZDI1NTE5In0.eyJqdGkiOiJJT1ZPSFBPV1hJRDI2U1JYVEJQTTVUQlVKWDJRU0FSSTJMQjJTM09aRFpMU0paS1BOVU9BIiwiaWF0IjoxNTgzODIyNjYwLCJpc3MiOiJPQkZCSEMzVTVXVVRFTVpKTzNYN0hZWTJCNjNQWUpQT0RYS0FWWUdHU0VNQTczTEtGTVg0TEYyQSIsIm5hbWUiOiJTVEFOIiwic3ViIjoiQUNMU1ZFMkFaWVRYT0JJSlhPVjVYSEFJSU03S0xMNzc3RjdHQUVXVzVXNVA0SUFSMlZaSlNHSUQiLCJ0eXBlIjoiYWNjb3VudCIsIm5hdHMiOnsibGltaXRzIjp7InN1YnMiOi0xLCJjb25uIjotMSwibGVhZiI6LTEsImltcG9ydHMiOi0xLCJleHBvcnRzIjotMSwiZGF0YSI6LTEsInBheWxvYWQiOi0xLCJ3aWxkY2FyZHMiOnRydWV9fX0.CE5_K9kAdAgxesJRiJYh3kK2f74_c7T3bNQhgfaXOMzI8X6VOWqn0_5gH9jOD0xzHXIYiUMwy7a4Ou63PizHCw
|
|
||||||
|
|
||||||
}
|
|
@ -1,26 +0,0 @@
|
|||||||
|
|
||||||
{{- if or .Values.nats.logging.debug .Values.nats.logging.trace }}
|
|
||||||
*WARNING*: Keep in mind that running the server with
|
|
||||||
debug and/or trace enabled significantly affects the
|
|
||||||
performance of the server!
|
|
||||||
{{- end }}
|
|
||||||
|
|
||||||
You can find more information about running NATS on Kubernetes
|
|
||||||
in the NATS documentation website:
|
|
||||||
|
|
||||||
https://docs.nats.io/nats-on-kubernetes/nats-kubernetes
|
|
||||||
|
|
||||||
{{- if .Values.natsbox.enabled }}
|
|
||||||
|
|
||||||
NATS Box has been deployed into your cluster, you can
|
|
||||||
now use the NATS tools within the container as follows:
|
|
||||||
|
|
||||||
kubectl exec -n {{ .Release.Namespace }} -it deployment/{{ template "nats.fullname" . }}-box -- /bin/sh -l
|
|
||||||
|
|
||||||
nats-box:~# nats-sub test &
|
|
||||||
nats-box:~# nats-pub test hi
|
|
||||||
nats-box:~# nc {{ template "nats.fullname" . }} 4222
|
|
||||||
|
|
||||||
{{- end }}
|
|
||||||
|
|
||||||
Thanks for using NATS!
|
|
@ -1,98 +0,0 @@
|
|||||||
{{/*
|
|
||||||
Expand the name of the chart.
|
|
||||||
*/}}
|
|
||||||
{{- define "nats.name" -}}
|
|
||||||
{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
|
|
||||||
{{- end -}}
|
|
||||||
|
|
||||||
|
|
||||||
{{- define "nats.fullname" -}}
|
|
||||||
{{- if .Values.fullnameOverride -}}
|
|
||||||
{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}}
|
|
||||||
{{- else -}}
|
|
||||||
{{- $name := default .Chart.Name .Values.nameOverride -}}
|
|
||||||
{{- if contains $name .Release.Name -}}
|
|
||||||
{{- .Release.Name | trunc 63 | trimSuffix "-" -}}
|
|
||||||
{{- else -}}
|
|
||||||
{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
|
|
||||||
{{- end -}}
|
|
||||||
{{- end -}}
|
|
||||||
{{- end -}}
|
|
||||||
|
|
||||||
{{/*
|
|
||||||
Create chart name and version as used by the chart label.
|
|
||||||
*/}}
|
|
||||||
{{- define "nats.chart" -}}
|
|
||||||
{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }}
|
|
||||||
{{- end }}
|
|
||||||
|
|
||||||
{{/*
|
|
||||||
Common labels
|
|
||||||
*/}}
|
|
||||||
{{- define "nats.labels" -}}
|
|
||||||
helm.sh/chart: {{ include "nats.chart" . }}
|
|
||||||
{{- range $name, $value := .Values.commonLabels }}
|
|
||||||
{{ $name }}: {{ $value }}
|
|
||||||
{{- end }}
|
|
||||||
{{ include "nats.selectorLabels" . }}
|
|
||||||
{{- if .Chart.AppVersion }}
|
|
||||||
app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
|
|
||||||
{{- end }}
|
|
||||||
app.kubernetes.io/managed-by: {{ .Release.Service }}
|
|
||||||
{{- end }}
|
|
||||||
|
|
||||||
{{/*
|
|
||||||
Selector labels
|
|
||||||
*/}}
|
|
||||||
{{- define "nats.selectorLabels" -}}
|
|
||||||
app.kubernetes.io/name: {{ include "nats.name" . }}
|
|
||||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
|
||||||
{{- end }}
|
|
||||||
|
|
||||||
|
|
||||||
{{/*
|
|
||||||
Return the proper NATS image name
|
|
||||||
*/}}
|
|
||||||
{{- define "nats.clusterAdvertise" -}}
|
|
||||||
{{- printf "$(POD_NAME).%s.$(POD_NAMESPACE).svc.%s." (include "nats.fullname" . ) $.Values.k8sClusterDomain }}
|
|
||||||
{{- end }}
|
|
||||||
|
|
||||||
{{/*
|
|
||||||
Return the NATS cluster routes.
|
|
||||||
*/}}
|
|
||||||
{{- define "nats.clusterRoutes" -}}
|
|
||||||
{{- $name := (include "nats.fullname" . ) -}}
|
|
||||||
{{- range $i, $e := until (.Values.cluster.replicas | int) -}}
|
|
||||||
{{- printf "nats://%s-%d.%s.%s.svc.%s.:6222," $name $i $name $.Release.Namespace $.Values.k8sClusterDomain -}}
|
|
||||||
{{- end -}}
|
|
||||||
{{- end }}
|
|
||||||
|
|
||||||
|
|
||||||
{{- define "nats.tlsConfig" -}}
|
|
||||||
tls {
|
|
||||||
{{- if .cert }}
|
|
||||||
cert_file: {{ .secretPath }}/{{ .secret.name }}/{{ .cert }}
|
|
||||||
{{- end }}
|
|
||||||
{{- if .key }}
|
|
||||||
key_file: {{ .secretPath }}/{{ .secret.name }}/{{ .key }}
|
|
||||||
{{- end }}
|
|
||||||
{{- if .ca }}
|
|
||||||
ca_file: {{ .secretPath }}/{{ .secret.name }}/{{ .ca }}
|
|
||||||
{{- end }}
|
|
||||||
{{- if .insecure }}
|
|
||||||
insecure: {{ .insecure }}
|
|
||||||
{{- end }}
|
|
||||||
{{- if .verify }}
|
|
||||||
verify: {{ .verify }}
|
|
||||||
{{- end }}
|
|
||||||
{{- if .verifyAndMap }}
|
|
||||||
verify_and_map: {{ .verifyAndMap }}
|
|
||||||
{{- end }}
|
|
||||||
{{- if .curvePreferences }}
|
|
||||||
curve_preferences: {{ .curvePreferences }}
|
|
||||||
{{- end }}
|
|
||||||
{{- if .timeout }}
|
|
||||||
timeout: {{ .timeout }}
|
|
||||||
{{- end }}
|
|
||||||
}
|
|
||||||
{{- end }}
|
|
@ -1,15 +0,0 @@
|
|||||||
{{- if .Values.auth.enabled }}
|
|
||||||
{{- if eq .Values.auth.resolver.type "memory" }}
|
|
||||||
---
|
|
||||||
apiVersion: v1
|
|
||||||
kind: ConfigMap
|
|
||||||
metadata:
|
|
||||||
name: {{ template "nats.name" . }}-accounts
|
|
||||||
labels:
|
|
||||||
app: {{ template "nats.name" . }}
|
|
||||||
chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
|
|
||||||
data:
|
|
||||||
accounts.conf: |-
|
|
||||||
{{- .Files.Get "accounts.conf" | indent 6 }}
|
|
||||||
{{- end }}
|
|
||||||
{{- end }}
|
|
@ -1,398 +0,0 @@
|
|||||||
---
|
|
||||||
apiVersion: v1
|
|
||||||
kind: ConfigMap
|
|
||||||
metadata:
|
|
||||||
name: {{ include "nats.fullname" . }}-config
|
|
||||||
namespace: {{ .Release.Namespace | quote }}
|
|
||||||
labels:
|
|
||||||
{{- include "nats.labels" . | nindent 4 }}
|
|
||||||
data:
|
|
||||||
nats.conf: |
|
|
||||||
# PID file shared with configuration reloader.
|
|
||||||
pid_file: "/var/run/nats/nats.pid"
|
|
||||||
|
|
||||||
###############
|
|
||||||
# #
|
|
||||||
# Monitoring #
|
|
||||||
# #
|
|
||||||
###############
|
|
||||||
http: 8222
|
|
||||||
server_name: $POD_NAME
|
|
||||||
|
|
||||||
{{- if .Values.nats.tls }}
|
|
||||||
#####################
|
|
||||||
# #
|
|
||||||
# TLS Configuration #
|
|
||||||
# #
|
|
||||||
#####################
|
|
||||||
{{- with .Values.nats.tls }}
|
|
||||||
{{- $nats_tls := merge (dict) . }}
|
|
||||||
{{- $_ := set $nats_tls "secretPath" "/etc/nats-certs/clients" }}
|
|
||||||
{{- include "nats.tlsConfig" $nats_tls | nindent 4}}
|
|
||||||
{{- end }}
|
|
||||||
{{- end }}
|
|
||||||
|
|
||||||
{{- if .Values.nats.jetstream.enabled }}
|
|
||||||
###################################
|
|
||||||
# #
|
|
||||||
# NATS JetStream #
|
|
||||||
# #
|
|
||||||
###################################
|
|
||||||
jetstream {
|
|
||||||
{{- if .Values.nats.jetstream.memStorage.enabled }}
|
|
||||||
max_mem: {{ .Values.nats.jetstream.memStorage.size }}
|
|
||||||
{{- end }}
|
|
||||||
|
|
||||||
{{- if .Values.nats.jetstream.fileStorage.enabled }}
|
|
||||||
store_dir: {{ .Values.nats.jetstream.fileStorage.storageDirectory }}
|
|
||||||
|
|
||||||
max_file:
|
|
||||||
{{- if .Values.nats.jetstream.fileStorage.existingClaim }}
|
|
||||||
{{- .Values.nats.jetstream.fileStorage.claimStorageSize }}
|
|
||||||
{{- else }}
|
|
||||||
{{- .Values.nats.jetstream.fileStorage.size }}
|
|
||||||
{{- end }}
|
|
||||||
|
|
||||||
{{- end }}
|
|
||||||
}
|
|
||||||
{{- end }}
|
|
||||||
{{- if .Values.mqtt.enabled }}
|
|
||||||
###################################
|
|
||||||
# #
|
|
||||||
# NATS MQTT #
|
|
||||||
# #
|
|
||||||
###################################
|
|
||||||
mqtt {
|
|
||||||
port: 1883
|
|
||||||
|
|
||||||
{{- with .Values.mqtt.tls }}
|
|
||||||
{{- $mqtt_tls := merge (dict) . }}
|
|
||||||
{{- $_ := set $mqtt_tls "secretPath" "/etc/nats-certs/mqtt" }}
|
|
||||||
{{- include "nats.tlsConfig" $mqtt_tls | nindent 6}}
|
|
||||||
{{- end }}
|
|
||||||
|
|
||||||
{{- if .Values.mqtt.noAuthUser }}
|
|
||||||
no_auth_user: {{ .Values.mqtt.noAuthUser | quote }}
|
|
||||||
{{- end }}
|
|
||||||
|
|
||||||
ack_wait: {{ .Values.mqtt.ackWait | quote }}
|
|
||||||
max_ack_pending: {{ .Values.mqtt.maxAckPending }}
|
|
||||||
}
|
|
||||||
{{- end }}
|
|
||||||
|
|
||||||
{{- if .Values.cluster.enabled }}
|
|
||||||
###################################
|
|
||||||
# #
|
|
||||||
# NATS Full Mesh Clustering Setup #
|
|
||||||
# #
|
|
||||||
###################################
|
|
||||||
cluster {
|
|
||||||
port: 6222
|
|
||||||
|
|
||||||
{{- if .Values.nats.jetstream.enabled }}
|
|
||||||
{{- if .Values.cluster.name }}
|
|
||||||
name: {{ .Values.cluster.name }}
|
|
||||||
{{- else }}
|
|
||||||
name: {{ template "nats.name" . }}
|
|
||||||
{{- end }}
|
|
||||||
{{- else }}
|
|
||||||
{{- with .Values.cluster.name }}
|
|
||||||
name: {{ . }}
|
|
||||||
{{- end }}
|
|
||||||
{{- end }}
|
|
||||||
|
|
||||||
{{- with .Values.cluster.tls }}
|
|
||||||
{{- $cluster_tls := merge (dict) . }}
|
|
||||||
{{- $_ := set $cluster_tls "secretPath" "/etc/nats-certs/cluster" }}
|
|
||||||
{{- include "nats.tlsConfig" $cluster_tls | nindent 6}}
|
|
||||||
{{- end }}
|
|
||||||
|
|
||||||
{{- if .Values.cluster.authorization }}
|
|
||||||
authorization {
|
|
||||||
{{- with .Values.cluster.authorization.user }}
|
|
||||||
user: {{ . }}
|
|
||||||
{{- end }}
|
|
||||||
{{- with .Values.cluster.authorization.password }}
|
|
||||||
password: {{ . }}
|
|
||||||
{{- end }}
|
|
||||||
{{- with .Values.cluster.authorization.timeout }}
|
|
||||||
timeout: {{ . }}
|
|
||||||
{{- end }}
|
|
||||||
}
|
|
||||||
{{- end }}
|
|
||||||
|
|
||||||
routes = [
|
|
||||||
{{ include "nats.clusterRoutes" . }}
|
|
||||||
]
|
|
||||||
cluster_advertise: $CLUSTER_ADVERTISE
|
|
||||||
|
|
||||||
{{- with .Values.cluster.noAdvertise }}
|
|
||||||
no_advertise: {{ . }}
|
|
||||||
{{- end }}
|
|
||||||
|
|
||||||
connect_retries: {{ .Values.nats.connectRetries }}
|
|
||||||
}
|
|
||||||
{{ end }}
|
|
||||||
|
|
||||||
{{- if and .Values.nats.advertise .Values.nats.externalAccess }}
|
|
||||||
include "advertise/client_advertise.conf"
|
|
||||||
{{- end }}
|
|
||||||
|
|
||||||
{{- if or .Values.leafnodes.enabled .Values.leafnodes.remotes }}
|
|
||||||
#################
|
|
||||||
# #
|
|
||||||
# NATS Leafnode #
|
|
||||||
# #
|
|
||||||
#################
|
|
||||||
leafnodes {
|
|
||||||
{{- if .Values.leafnodes.enabled }}
|
|
||||||
listen: "0.0.0.0:7422"
|
|
||||||
{{- end }}
|
|
||||||
|
|
||||||
{{ if and .Values.nats.advertise .Values.nats.externalAccess }}
|
|
||||||
include "advertise/gateway_advertise.conf"
|
|
||||||
{{ end }}
|
|
||||||
|
|
||||||
{{- with .Values.leafnodes.noAdvertise }}
|
|
||||||
no_advertise: {{ . }}
|
|
||||||
{{- end }}
|
|
||||||
|
|
||||||
{{- with .Values.leafnodes.tls }}
|
|
||||||
{{- $leafnode_tls := merge (dict) . }}
|
|
||||||
{{- $_ := set $leafnode_tls "secretPath" "/etc/nats-certs/leafnodes" }}
|
|
||||||
{{- include "nats.tlsConfig" $leafnode_tls | nindent 6}}
|
|
||||||
{{- end }}
|
|
||||||
|
|
||||||
remotes: [
|
|
||||||
{{- range .Values.leafnodes.remotes }}
|
|
||||||
{
|
|
||||||
{{- with .url }}
|
|
||||||
url: {{ . }}
|
|
||||||
{{- end }}
|
|
||||||
|
|
||||||
{{- with .credentials }}
|
|
||||||
credentials: "/etc/nats-creds/{{ .secret.name }}/{{ .secret.key }}"
|
|
||||||
{{- end }}
|
|
||||||
|
|
||||||
{{- with .tls }}
|
|
||||||
{{ $secretName := .secret.name }}
|
|
||||||
tls: {
|
|
||||||
{{- with .cert }}
|
|
||||||
cert_file: /etc/nats-certs/leafnodes/{{ $secretName }}/{{ . }}
|
|
||||||
{{- end }}
|
|
||||||
|
|
||||||
{{- with .key }}
|
|
||||||
key_file: /etc/nats-certs/leafnodes/{{ $secretName }}/{{ . }}
|
|
||||||
{{- end }}
|
|
||||||
|
|
||||||
{{- with .ca }}
|
|
||||||
ca_file: /etc/nats-certs/leafnodes/{{ $secretName }}/{{ . }}
|
|
||||||
{{- end }}
|
|
||||||
}
|
|
||||||
{{- end }}
|
|
||||||
}
|
|
||||||
{{- end }}
|
|
||||||
]
|
|
||||||
}
|
|
||||||
{{ end }}
|
|
||||||
|
|
||||||
{{- if .Values.gateway.enabled }}
|
|
||||||
#################
|
|
||||||
# #
|
|
||||||
# NATS Gateways #
|
|
||||||
# #
|
|
||||||
#################
|
|
||||||
gateway {
|
|
||||||
name: {{ .Values.gateway.name }}
|
|
||||||
port: 7522
|
|
||||||
|
|
||||||
{{ if and .Values.nats.advertise .Values.nats.externalAccess }}
|
|
||||||
include "advertise/gateway_advertise.conf"
|
|
||||||
{{ end }}
|
|
||||||
|
|
||||||
{{- with .Values.gateway.tls }}
|
|
||||||
{{- $gateway_tls := merge (dict) . }}
|
|
||||||
{{- $_ := set $gateway_tls "secretPath" "/etc/nats-certs/gateway" }}
|
|
||||||
{{- include "nats.tlsConfig" $gateway_tls | nindent 6}}
|
|
||||||
{{- end }}
|
|
||||||
|
|
||||||
# Gateways array here
|
|
||||||
gateways: [
|
|
||||||
{{- range .Values.gateway.gateways }}
|
|
||||||
{
|
|
||||||
{{- with .name }}
|
|
||||||
name: {{ . }}
|
|
||||||
{{- end }}
|
|
||||||
|
|
||||||
{{- with .url }}
|
|
||||||
url: {{ . | quote }}
|
|
||||||
{{- end }}
|
|
||||||
|
|
||||||
{{- with .urls }}
|
|
||||||
urls: [{{ join "," . }}]
|
|
||||||
{{- end }}
|
|
||||||
},
|
|
||||||
{{- end }}
|
|
||||||
]
|
|
||||||
}
|
|
||||||
{{ end }}
|
|
||||||
|
|
||||||
{{- with .Values.nats.logging.debug }}
|
|
||||||
debug: {{ . }}
|
|
||||||
{{- end }}
|
|
||||||
|
|
||||||
{{- with .Values.nats.logging.trace }}
|
|
||||||
trace: {{ . }}
|
|
||||||
{{- end }}
|
|
||||||
|
|
||||||
{{- with .Values.nats.logging.logtime }}
|
|
||||||
logtime: {{ . }}
|
|
||||||
{{- end }}
|
|
||||||
|
|
||||||
{{- with .Values.nats.logging.connectErrorReports }}
|
|
||||||
connect_error_reports: {{ . }}
|
|
||||||
{{- end }}
|
|
||||||
|
|
||||||
{{- with .Values.nats.logging.reconnectErrorReports }}
|
|
||||||
reconnect_error_reports: {{ . }}
|
|
||||||
{{- end }}
|
|
||||||
|
|
||||||
{{- with .Values.nats.limits.maxConnections }}
|
|
||||||
max_connections: {{ . }}
|
|
||||||
{{- end }}
|
|
||||||
{{- with .Values.nats.limits.maxSubscriptions }}
|
|
||||||
max_subscriptions: {{ . }}
|
|
||||||
{{- end }}
|
|
||||||
{{- with .Values.nats.limits.maxPending }}
|
|
||||||
max_pending: {{ . }}
|
|
||||||
{{- end }}
|
|
||||||
{{- with .Values.nats.limits.maxControlLine }}
|
|
||||||
max_control_line: {{ . }}
|
|
||||||
{{- end }}
|
|
||||||
{{- with .Values.nats.limits.maxPayload }}
|
|
||||||
max_payload: {{ . }}
|
|
||||||
{{- end }}
|
|
||||||
{{- with .Values.nats.pingInterval }}
|
|
||||||
ping_interval: {{ . }}
|
|
||||||
{{- end }}
|
|
||||||
{{- with .Values.nats.maxPings }}
|
|
||||||
ping_max: {{ . }}
|
|
||||||
{{- end }}
|
|
||||||
{{- with .Values.nats.writeDeadline }}
|
|
||||||
write_deadline: {{ . | quote }}
|
|
||||||
{{- end }}
|
|
||||||
{{- with .Values.nats.writeDeadline }}
|
|
||||||
lame_duck_duration: {{ . | quote }}
|
|
||||||
{{- end }}
|
|
||||||
|
|
||||||
{{- if .Values.websocket.enabled }}
|
|
||||||
##################
|
|
||||||
# #
|
|
||||||
# Websocket #
|
|
||||||
# #
|
|
||||||
##################
|
|
||||||
websocket {
|
|
||||||
port: {{ .Values.websocket.port }}
|
|
||||||
{{- if .Values.websocket.tls }}
|
|
||||||
{{ $secretName := .secret.name }}
|
|
||||||
tls {
|
|
||||||
{{- with .cert }}
|
|
||||||
cert_file: /etc/nats-certs/ws/{{ $secretName }}/{{ . }}
|
|
||||||
{{- end }}
|
|
||||||
|
|
||||||
{{- with .key }}
|
|
||||||
key_file: /etc/nats-certs/ws/{{ $secretName }}/{{ . }}
|
|
||||||
{{- end }}
|
|
||||||
|
|
||||||
{{- with .ca }}
|
|
||||||
ca_file: /etc/nats-certs/ws/{{ $secretName }}/{{ . }}
|
|
||||||
{{- end }}
|
|
||||||
}
|
|
||||||
{{- else }}
|
|
||||||
no_tls: {{ .Values.websocket.noTLS }}
|
|
||||||
{{- end }}
|
|
||||||
}
|
|
||||||
{{- end }}
|
|
||||||
|
|
||||||
{{- if .Values.auth.enabled }}
|
|
||||||
##################
|
|
||||||
# #
|
|
||||||
# Authorization #
|
|
||||||
# #
|
|
||||||
##################
|
|
||||||
{{- if .Values.auth.resolver }}
|
|
||||||
{{- if eq .Values.auth.resolver.type "memory" }}
|
|
||||||
resolver: MEMORY
|
|
||||||
include "accounts/{{ .Values.auth.resolver.configMap.key }}"
|
|
||||||
{{- end }}
|
|
||||||
|
|
||||||
{{- if eq .Values.auth.resolver.type "full" }}
|
|
||||||
|
|
||||||
{{- if .Values.auth.resolver.configMap }}
|
|
||||||
include "accounts/{{ .Values.auth.resolver.configMap.key }}"
|
|
||||||
{{- else }}
|
|
||||||
|
|
||||||
{{- with .Values.auth.resolver }}
|
|
||||||
operator: {{ .operator }}
|
|
||||||
|
|
||||||
system_account: {{ .systemAccount }}
|
|
||||||
{{- end }}
|
|
||||||
|
|
||||||
resolver: {
|
|
||||||
type: full
|
|
||||||
{{- with .Values.auth.resolver }}
|
|
||||||
dir: {{ .store.dir | quote }}
|
|
||||||
|
|
||||||
allow_delete: {{ .allowDelete }}
|
|
||||||
|
|
||||||
interval: {{ .interval | quote }}
|
|
||||||
{{- end }}
|
|
||||||
}
|
|
||||||
{{- end }}
|
|
||||||
{{- end }}
|
|
||||||
|
|
||||||
{{- if .Values.auth.resolver.resolverPreload }}
|
|
||||||
resolver_preload: {{ toRawJson .Values.auth.resolver.resolverPreload }}
|
|
||||||
{{- end }}
|
|
||||||
|
|
||||||
{{- if eq .Values.auth.resolver.type "URL" }}
|
|
||||||
{{- with .Values.auth.resolver.url }}
|
|
||||||
resolver: URL({{ . }})
|
|
||||||
{{- end }}
|
|
||||||
operator: /etc/nats-config/operator/{{ .Values.auth.operatorjwt.configMap.key }}
|
|
||||||
{{- end }}
|
|
||||||
{{- end }}
|
|
||||||
|
|
||||||
{{- with .Values.auth.systemAccount }}
|
|
||||||
system_account: {{ . }}
|
|
||||||
{{- end }}
|
|
||||||
|
|
||||||
{{- with .Values.auth.basic }}
|
|
||||||
|
|
||||||
{{- with .noAuthUser }}
|
|
||||||
no_auth_user: {{ . }}
|
|
||||||
{{- end }}
|
|
||||||
|
|
||||||
{{- with .users }}
|
|
||||||
authorization {
|
|
||||||
users: [
|
|
||||||
{{- range . }}
|
|
||||||
{{- toRawJson . | nindent 4 }},
|
|
||||||
{{- end }}
|
|
||||||
]
|
|
||||||
}
|
|
||||||
{{- end }}
|
|
||||||
|
|
||||||
{{- if .token }}
|
|
||||||
authorization {
|
|
||||||
token: "{{ .token }}"
|
|
||||||
}
|
|
||||||
{{- end }}
|
|
||||||
|
|
||||||
{{- with .accounts }}
|
|
||||||
accounts: {{- toRawJson . }}
|
|
||||||
{{- end }}
|
|
||||||
|
|
||||||
{{- end }}
|
|
||||||
|
|
||||||
{{- end }}
|
|
@ -1,95 +0,0 @@
|
|||||||
{{- if .Values.natsbox.enabled }}
|
|
||||||
---
|
|
||||||
apiVersion: apps/v1
|
|
||||||
kind: Deployment
|
|
||||||
metadata:
|
|
||||||
name: {{ include "nats.fullname" . }}-box
|
|
||||||
namespace: {{ .Release.Namespace | quote }}
|
|
||||||
labels:
|
|
||||||
app: {{ include "nats.fullname" . }}-box
|
|
||||||
chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
|
|
||||||
spec:
|
|
||||||
replicas: 1
|
|
||||||
selector:
|
|
||||||
matchLabels:
|
|
||||||
app: {{ include "nats.fullname" . }}-box
|
|
||||||
template:
|
|
||||||
metadata:
|
|
||||||
labels:
|
|
||||||
app: {{ include "nats.fullname" . }}-box
|
|
||||||
{{- if .Values.natsbox.podAnnotations }}
|
|
||||||
annotations:
|
|
||||||
{{- range $key, $value := .Values.natsbox.podAnnotations }}
|
|
||||||
{{ $key }}: {{ $value | quote }}
|
|
||||||
{{- end }}
|
|
||||||
{{- end }}
|
|
||||||
spec:
|
|
||||||
{{- with .Values.natsbox.affinity }}
|
|
||||||
affinity:
|
|
||||||
{{- tpl (toYaml .) $ | nindent 8 }}
|
|
||||||
{{- end }}
|
|
||||||
volumes:
|
|
||||||
{{- if .Values.natsbox.credentials }}
|
|
||||||
- name: nats-sys-creds
|
|
||||||
secret:
|
|
||||||
secretName: {{ .Values.natsbox.credentials.secret.name }}
|
|
||||||
{{- end }}
|
|
||||||
{{- with .Values.nats.tls }}
|
|
||||||
{{ $secretName := .secret.name }}
|
|
||||||
- name: {{ $secretName }}-clients-volume
|
|
||||||
secret:
|
|
||||||
secretName: {{ $secretName }}
|
|
||||||
{{- end }}
|
|
||||||
{{- with .Values.imagePullSecrets }}
|
|
||||||
imagePullSecrets:
|
|
||||||
{{- toYaml . | nindent 8 }}
|
|
||||||
{{- end }}
|
|
||||||
containers:
|
|
||||||
- name: nats-box
|
|
||||||
image: {{ .Values.natsbox.image }}
|
|
||||||
imagePullPolicy: {{ .Values.natsbox.pullPolicy }}
|
|
||||||
resources:
|
|
||||||
{{- toYaml .Values.natsbox.resources | nindent 10 }}
|
|
||||||
env:
|
|
||||||
- name: NATS_URL
|
|
||||||
value: {{ template "nats.fullname" . }}
|
|
||||||
{{- if .Values.natsbox.credentials }}
|
|
||||||
- name: USER_CREDS
|
|
||||||
value: /etc/nats-config/creds/{{ .Values.natsbox.credentials.secret.key }}
|
|
||||||
- name: USER2_CREDS
|
|
||||||
value: /etc/nats-config/creds/{{ .Values.natsbox.credentials.secret.key }}
|
|
||||||
{{- end }}
|
|
||||||
{{- with .Values.nats.tls }}
|
|
||||||
{{ $secretName := .secret.name }}
|
|
||||||
lifecycle:
|
|
||||||
postStart:
|
|
||||||
exec:
|
|
||||||
command:
|
|
||||||
- /bin/sh
|
|
||||||
- -c
|
|
||||||
- cp /etc/nats-certs/clients/{{ $secretName }}/* /usr/local/share/ca-certificates && update-ca-certificates
|
|
||||||
{{- end }}
|
|
||||||
command:
|
|
||||||
- "tail"
|
|
||||||
- "-f"
|
|
||||||
- "/dev/null"
|
|
||||||
volumeMounts:
|
|
||||||
{{- if .Values.natsbox.credentials }}
|
|
||||||
- name: nats-sys-creds
|
|
||||||
mountPath: /etc/nats-config/creds
|
|
||||||
{{- end }}
|
|
||||||
{{- with .Values.nats.tls }}
|
|
||||||
#######################
|
|
||||||
# #
|
|
||||||
# TLS Volumes Mounts #
|
|
||||||
# #
|
|
||||||
#######################
|
|
||||||
{{ $secretName := .secret.name }}
|
|
||||||
- name: {{ $secretName }}-clients-volume
|
|
||||||
mountPath: /etc/nats-certs/clients/{{ $secretName }}
|
|
||||||
{{- end }}
|
|
||||||
{{- with .Values.securityContext }}
|
|
||||||
securityContext:
|
|
||||||
{{ toYaml . | indent 8 }}
|
|
||||||
{{- end }}
|
|
||||||
{{- end }}
|
|
@ -1,22 +0,0 @@
|
|||||||
{{- if .Values.podDisruptionBudget }}
|
|
||||||
---
|
|
||||||
apiVersion: policy/v1beta1
|
|
||||||
kind: PodDisruptionBudget
|
|
||||||
metadata:
|
|
||||||
labels:
|
|
||||||
name: {{ include "nats.fullname" . }}
|
|
||||||
namespace: {{ .Release.Namespace | quote }}
|
|
||||||
labels:
|
|
||||||
{{- include "nats.labels" . | nindent 4 }}
|
|
||||||
spec:
|
|
||||||
{{- if .Values.podDisruptionBudget.minAvailable }}
|
|
||||||
minAvailable: {{ .Values.podDisruptionBudget.minAvailable }}
|
|
||||||
{{- end }}
|
|
||||||
{{- if .Values.podDisruptionBudget.maxUnavailable }}
|
|
||||||
maxUnavailable: {{ .Values.podDisruptionBudget.maxUnavailable }}
|
|
||||||
{{- end }}
|
|
||||||
selector:
|
|
||||||
matchLabels:
|
|
||||||
{{- include "nats.selectorLabels" . | nindent 6 }}
|
|
||||||
{{- end }}
|
|
||||||
|
|
@ -1,31 +0,0 @@
|
|||||||
{{ if and .Values.nats.externalAccess .Values.nats.advertise }}
|
|
||||||
---
|
|
||||||
apiVersion: v1
|
|
||||||
kind: ServiceAccount
|
|
||||||
metadata:
|
|
||||||
name: {{ .Values.nats.serviceAccount }}
|
|
||||||
namespace: {{ .Release.Namespace }}
|
|
||||||
---
|
|
||||||
apiVersion: rbac.authorization.k8s.io/v1
|
|
||||||
kind: ClusterRole
|
|
||||||
metadata:
|
|
||||||
name: {{ .Values.nats.serviceAccount }}
|
|
||||||
rules:
|
|
||||||
- apiGroups: [""]
|
|
||||||
resources:
|
|
||||||
- nodes
|
|
||||||
verbs: ["get"]
|
|
||||||
---
|
|
||||||
apiVersion: rbac.authorization.k8s.io/v1
|
|
||||||
kind: ClusterRoleBinding
|
|
||||||
metadata:
|
|
||||||
name: {{ .Values.nats.serviceAccount }}-binding
|
|
||||||
roleRef:
|
|
||||||
apiGroup: rbac.authorization.k8s.io
|
|
||||||
kind: ClusterRole
|
|
||||||
name: {{ .Values.nats.serviceAccount }}
|
|
||||||
subjects:
|
|
||||||
- kind: ServiceAccount
|
|
||||||
name: {{ .Values.nats.serviceAccount }}
|
|
||||||
namespace: {{ .Release.Namespace }}
|
|
||||||
{{ end }}
|
|
@ -1,67 +0,0 @@
|
|||||||
---
|
|
||||||
apiVersion: v1
|
|
||||||
kind: Service
|
|
||||||
metadata:
|
|
||||||
name: {{ include "nats.fullname" . }}
|
|
||||||
namespace: {{ .Release.Namespace | quote }}
|
|
||||||
labels:
|
|
||||||
{{- include "nats.labels" . | nindent 4 }}
|
|
||||||
{{- if .Values.serviceAnnotations}}
|
|
||||||
annotations:
|
|
||||||
{{- range $key, $value := .Values.serviceAnnotations }}
|
|
||||||
{{ $key }}: {{ $value | quote }}
|
|
||||||
{{- end }}
|
|
||||||
{{- end }}
|
|
||||||
spec:
|
|
||||||
selector:
|
|
||||||
{{- include "nats.selectorLabels" . | nindent 4 }}
|
|
||||||
clusterIP: None
|
|
||||||
{{- if .Values.topologyKeys }}
|
|
||||||
topologyKeys:
|
|
||||||
{{- .Values.topologyKeys | toYaml | nindent 4 }}
|
|
||||||
{{- end }}
|
|
||||||
ports:
|
|
||||||
{{- if .Values.websocket.enabled }}
|
|
||||||
- name: websocket
|
|
||||||
port: {{ .Values.websocket.port }}
|
|
||||||
{{- if .Values.appProtocol.enabled }}
|
|
||||||
appProtocol: tcp
|
|
||||||
{{- end }}
|
|
||||||
{{- end }}
|
|
||||||
- name: client
|
|
||||||
port: 4222
|
|
||||||
{{- if .Values.appProtocol.enabled }}
|
|
||||||
appProtocol: tcp
|
|
||||||
{{- end }}
|
|
||||||
- name: cluster
|
|
||||||
port: 6222
|
|
||||||
{{- if .Values.appProtocol.enabled }}
|
|
||||||
appProtocol: tcp
|
|
||||||
{{- end }}
|
|
||||||
- name: monitor
|
|
||||||
port: 8222
|
|
||||||
{{- if .Values.appProtocol.enabled }}
|
|
||||||
appProtocol: http
|
|
||||||
{{- end }}
|
|
||||||
- name: metrics
|
|
||||||
port: 7777
|
|
||||||
{{- if .Values.appProtocol.enabled }}
|
|
||||||
appProtocol: http
|
|
||||||
{{- end }}
|
|
||||||
- name: leafnodes
|
|
||||||
port: 7422
|
|
||||||
{{- if .Values.appProtocol.enabled }}
|
|
||||||
appProtocol: tcp
|
|
||||||
{{- end }}
|
|
||||||
- name: gateways
|
|
||||||
port: 7522
|
|
||||||
{{- if .Values.appProtocol.enabled }}
|
|
||||||
appProtocol: tcp
|
|
||||||
{{- end }}
|
|
||||||
{{- if .Values.mqtt.enabled }}
|
|
||||||
- name: mqtt
|
|
||||||
port: 1883
|
|
||||||
{{- if .Values.appProtocol.enabled }}
|
|
||||||
appProtocol: tcp
|
|
||||||
{{- end }}
|
|
||||||
{{- end }}
|
|
@ -1,40 +0,0 @@
|
|||||||
{{ if and .Values.exporter.enabled .Values.exporter.serviceMonitor.enabled }}
|
|
||||||
apiVersion: monitoring.coreos.com/v1
|
|
||||||
kind: ServiceMonitor
|
|
||||||
metadata:
|
|
||||||
name: {{ template "nats.fullname" . }}
|
|
||||||
{{- if .Values.exporter.serviceMonitor.namespace }}
|
|
||||||
namespace: {{ .Values.exporter.serviceMonitor.namespace }}
|
|
||||||
{{- else }}
|
|
||||||
namespace: {{ .Release.Namespace | quote }}
|
|
||||||
{{- end }}
|
|
||||||
{{- if .Values.exporter.serviceMonitor.labels }}
|
|
||||||
labels:
|
|
||||||
{{- range $key, $value := .Values.exporter.serviceMonitor.labels }}
|
|
||||||
{{ $key }}: {{ $value | quote }}
|
|
||||||
{{- end }}
|
|
||||||
{{- end }}
|
|
||||||
{{- if .Values.exporter.serviceMonitor.annotations }}
|
|
||||||
annotations:
|
|
||||||
{{- range $key, $value := .Values.exporter.serviceMonitor.annotations }}
|
|
||||||
{{ $key }}: {{ $value | quote }}
|
|
||||||
{{- end }}
|
|
||||||
{{- end }}
|
|
||||||
spec:
|
|
||||||
endpoints:
|
|
||||||
- port: metrics
|
|
||||||
{{- if .Values.exporter.serviceMonitor.path }}
|
|
||||||
path: {{ .Values.exporter.serviceMonitor.path }}
|
|
||||||
{{- end }}
|
|
||||||
{{- if .Values.exporter.serviceMonitor.interval }}
|
|
||||||
interval: {{ .Values.exporter.serviceMonitor.interval }}
|
|
||||||
{{- end }}
|
|
||||||
{{- if .Values.exporter.serviceMonitor.scrapeTimeout }}
|
|
||||||
scrapeTimeout: {{ .Values.exporter.serviceMonitor.scrapeTimeout }}
|
|
||||||
{{- end }}
|
|
||||||
namespaceSelector:
|
|
||||||
any: true
|
|
||||||
selector:
|
|
||||||
matchLabels:
|
|
||||||
{{- include "nats.selectorLabels" . | nindent 6 }}
|
|
||||||
{{- end }}
|
|
@ -1,477 +0,0 @@
|
|||||||
---
|
|
||||||
apiVersion: apps/v1
|
|
||||||
kind: StatefulSet
|
|
||||||
metadata:
|
|
||||||
name: {{ include "nats.fullname" . }}
|
|
||||||
namespace: {{ .Release.Namespace | quote }}
|
|
||||||
labels:
|
|
||||||
{{- include "nats.labels" . | nindent 4 }}
|
|
||||||
{{- if .Values.statefulSetAnnotations}}
|
|
||||||
annotations:
|
|
||||||
{{- range $key, $value := .Values.statefulSetAnnotations }}
|
|
||||||
{{ $key }}: {{ $value | quote }}
|
|
||||||
{{- end }}
|
|
||||||
{{- end }}
|
|
||||||
spec:
|
|
||||||
selector:
|
|
||||||
matchLabels:
|
|
||||||
{{- include "nats.selectorLabels" . | nindent 6 }}
|
|
||||||
{{- if .Values.cluster.enabled }}
|
|
||||||
replicas: {{ .Values.cluster.replicas }}
|
|
||||||
{{- else }}
|
|
||||||
replicas: 1
|
|
||||||
{{- end }}
|
|
||||||
serviceName: {{ include "nats.fullname" . }}
|
|
||||||
template:
|
|
||||||
metadata:
|
|
||||||
{{- if or .Values.podAnnotations .Values.exporter.enabled }}
|
|
||||||
annotations:
|
|
||||||
{{- if .Values.exporter.enabled }}
|
|
||||||
prometheus.io/path: /metrics
|
|
||||||
prometheus.io/port: "7777"
|
|
||||||
prometheus.io/scrape: "true"
|
|
||||||
{{- end }}
|
|
||||||
{{- range $key, $value := .Values.podAnnotations }}
|
|
||||||
{{ $key }}: {{ $value | quote }}
|
|
||||||
{{- end }}
|
|
||||||
{{- end }}
|
|
||||||
labels:
|
|
||||||
{{- include "nats.selectorLabels" . | nindent 8 }}
|
|
||||||
spec:
|
|
||||||
{{- with .Values.imagePullSecrets }}
|
|
||||||
imagePullSecrets:
|
|
||||||
{{- toYaml . | nindent 8 }}
|
|
||||||
{{- end }}
|
|
||||||
{{- with .Values.securityContext }}
|
|
||||||
securityContext:
|
|
||||||
{{ toYaml . | indent 8 }}
|
|
||||||
{{- end }}
|
|
||||||
{{- with .Values.affinity }}
|
|
||||||
affinity:
|
|
||||||
{{- tpl (toYaml .) $ | nindent 8 }}
|
|
||||||
{{- end }}
|
|
||||||
{{- if .Values.topologySpreadConstraints }}
|
|
||||||
topologySpreadConstraints:
|
|
||||||
{{- range .Values.topologySpreadConstraints }}
|
|
||||||
{{- if and .maxSkew .topologyKey }}
|
|
||||||
- maxSkew: {{ .maxSkew }}
|
|
||||||
topologyKey: {{ .topologyKey }}
|
|
||||||
{{- if .whenUnsatisfiable }}
|
|
||||||
whenUnsatisfiable: {{ .whenUnsatisfiable }}
|
|
||||||
{{- end }}
|
|
||||||
labelSelector:
|
|
||||||
matchLabels:
|
|
||||||
{{- include "nats.selectorLabels" $ | nindent 12 }}
|
|
||||||
{{- end}}
|
|
||||||
{{- end }}
|
|
||||||
{{- end }}
|
|
||||||
{{- if .Values.priorityClassName }}
|
|
||||||
priorityClassName: {{ .Values.priorityClassName | quote }}
|
|
||||||
{{- end }}
|
|
||||||
# Common volumes for the containers.
|
|
||||||
volumes:
|
|
||||||
- name: config-volume
|
|
||||||
configMap:
|
|
||||||
name: {{ include "nats.fullname" . }}-config
|
|
||||||
|
|
||||||
# Local volume shared with the reloader.
|
|
||||||
- name: pid
|
|
||||||
emptyDir: {}
|
|
||||||
|
|
||||||
{{- if and .Values.auth.enabled .Values.auth.resolver }}
|
|
||||||
{{- if .Values.auth.resolver.configMap }}
|
|
||||||
- name: resolver-volume
|
|
||||||
configMap:
|
|
||||||
name: {{ .Values.auth.resolver.configMap.name }}
|
|
||||||
{{- end }}
|
|
||||||
|
|
||||||
{{- if eq .Values.auth.resolver.type "URL" }}
|
|
||||||
- name: operator-jwt-volume
|
|
||||||
configMap:
|
|
||||||
name: {{ .Values.auth.operatorjwt.configMap.name }}
|
|
||||||
{{- end }}
|
|
||||||
{{- end }}
|
|
||||||
|
|
||||||
{{- if and .Values.nats.externalAccess .Values.nats.advertise }}
|
|
||||||
# Local volume shared with the advertise config initializer.
|
|
||||||
- name: advertiseconfig
|
|
||||||
emptyDir: {}
|
|
||||||
{{- end }}
|
|
||||||
|
|
||||||
{{- if and .Values.nats.jetstream.fileStorage.enabled .Values.nats.jetstream.fileStorage.existingClaim }}
|
|
||||||
# Persistent volume for jetstream running with file storage option
|
|
||||||
- name: {{ include "nats.fullname" . }}-js-pvc
|
|
||||||
persistentVolumeClaim:
|
|
||||||
claimName: {{ .Values.nats.jetstream.fileStorage.existingClaim | quote }}
|
|
||||||
{{- end }}
|
|
||||||
|
|
||||||
#################
|
|
||||||
# #
|
|
||||||
# TLS Volumes #
|
|
||||||
# #
|
|
||||||
#################
|
|
||||||
{{- with .Values.nats.tls }}
|
|
||||||
{{ $secretName := .secret.name }}
|
|
||||||
- name: {{ $secretName }}-clients-volume
|
|
||||||
secret:
|
|
||||||
secretName: {{ $secretName }}
|
|
||||||
{{- end }}
|
|
||||||
{{- with .Values.mqtt.tls }}
|
|
||||||
{{ $secretName := .secret.name }}
|
|
||||||
- name: {{ $secretName }}-mqtt-volume
|
|
||||||
secret:
|
|
||||||
secretName: {{ $secretName }}
|
|
||||||
{{- end }}
|
|
||||||
{{- with .Values.cluster.tls }}
|
|
||||||
{{ $secretName := .secret.name }}
|
|
||||||
- name: {{ $secretName }}-cluster-volume
|
|
||||||
secret:
|
|
||||||
secretName: {{ $secretName }}
|
|
||||||
{{- end }}
|
|
||||||
{{- with .Values.leafnodes.tls }}
|
|
||||||
{{ $secretName := .secret.name }}
|
|
||||||
- name: {{ $secretName }}-leafnodes-volume
|
|
||||||
secret:
|
|
||||||
secretName: {{ $secretName }}
|
|
||||||
{{- end }}
|
|
||||||
{{- with .Values.gateway.tls }}
|
|
||||||
{{ $secretName := .secret.name }}
|
|
||||||
- name: {{ $secretName }}-gateways-volume
|
|
||||||
secret:
|
|
||||||
secretName: {{ $secretName }}
|
|
||||||
{{- end }}
|
|
||||||
{{- with .Values.websocket.tls }}
|
|
||||||
{{ $secretName := .secret.name }}
|
|
||||||
- name: {{ $secretName }}-ws-volume
|
|
||||||
secret:
|
|
||||||
secretName: {{ $secretName }}
|
|
||||||
{{- end }}
|
|
||||||
{{- if .Values.leafnodes.enabled }}
|
|
||||||
#
|
|
||||||
# Leafnode credential volumes
|
|
||||||
#
|
|
||||||
{{- range .Values.leafnodes.remotes }}
|
|
||||||
{{- with .credentials }}
|
|
||||||
- name: {{ .secret.name }}-volume
|
|
||||||
secret:
|
|
||||||
secretName: {{ .secret.name }}
|
|
||||||
{{- end }}
|
|
||||||
{{- end }}
|
|
||||||
{{- end }}
|
|
||||||
|
|
||||||
{{ if and .Values.nats.externalAccess .Values.nats.advertise }}
|
|
||||||
# Assume that we only use the service account in case we want to
|
|
||||||
# figure out what is the current external public IP from the server
|
|
||||||
# in order to be able to advertise correctly.
|
|
||||||
serviceAccountName: {{ .Values.nats.serviceAccount }}
|
|
||||||
{{ end }}
|
|
||||||
|
|
||||||
# Required to be able to HUP signal and apply config
|
|
||||||
# reload to the server without restarting the pod.
|
|
||||||
shareProcessNamespace: true
|
|
||||||
|
|
||||||
{{- if and .Values.nats.externalAccess .Values.nats.advertise }}
|
|
||||||
# Initializer container required to be able to lookup
|
|
||||||
# the external ip on which this node is running.
|
|
||||||
initContainers:
|
|
||||||
- name: bootconfig
|
|
||||||
command:
|
|
||||||
- nats-pod-bootconfig
|
|
||||||
- -f
|
|
||||||
- /etc/nats-config/advertise/client_advertise.conf
|
|
||||||
- -gf
|
|
||||||
- /etc/nats-config/advertise/gateway_advertise.conf
|
|
||||||
env:
|
|
||||||
- name: KUBERNETES_NODE_NAME
|
|
||||||
valueFrom:
|
|
||||||
fieldRef:
|
|
||||||
apiVersion: v1
|
|
||||||
fieldPath: spec.nodeName
|
|
||||||
image: {{ .Values.bootconfig.image }}
|
|
||||||
imagePullPolicy: {{ .Values.bootconfig.pullPolicy }}
|
|
||||||
resources:
|
|
||||||
{{- toYaml .Values.bootconfig.resources | nindent 10 }}
|
|
||||||
volumeMounts:
|
|
||||||
- mountPath: /etc/nats-config/advertise
|
|
||||||
name: advertiseconfig
|
|
||||||
subPath: advertise
|
|
||||||
{{- end }}
|
|
||||||
|
|
||||||
#################
|
|
||||||
# #
|
|
||||||
# NATS Server #
|
|
||||||
# #
|
|
||||||
#################
|
|
||||||
terminationGracePeriodSeconds: {{ .Values.nats.terminationGracePeriodSeconds }}
|
|
||||||
containers:
|
|
||||||
- name: nats
|
|
||||||
image: {{ .Values.nats.image }}
|
|
||||||
imagePullPolicy: {{ .Values.nats.pullPolicy }}
|
|
||||||
resources:
|
|
||||||
{{- toYaml .Values.nats.resources | nindent 10 }}
|
|
||||||
ports:
|
|
||||||
- containerPort: 4222
|
|
||||||
name: client
|
|
||||||
{{- if .Values.nats.externalAccess }}
|
|
||||||
hostPort: 4222
|
|
||||||
{{- end }}
|
|
||||||
- containerPort: 7422
|
|
||||||
name: leafnodes
|
|
||||||
{{- if .Values.nats.externalAccess }}
|
|
||||||
hostPort: 7422
|
|
||||||
{{- end }}
|
|
||||||
- containerPort: 7522
|
|
||||||
name: gateways
|
|
||||||
{{- if .Values.nats.externalAccess }}
|
|
||||||
hostPort: 7522
|
|
||||||
{{- end }}
|
|
||||||
- containerPort: 6222
|
|
||||||
name: cluster
|
|
||||||
- containerPort: 8222
|
|
||||||
name: monitor
|
|
||||||
- containerPort: 7777
|
|
||||||
name: metrics
|
|
||||||
{{- if .Values.mqtt.enabled }}
|
|
||||||
- containerPort: 1883
|
|
||||||
name: mqtt
|
|
||||||
{{- if .Values.nats.externalAccess }}
|
|
||||||
hostPort: 1883
|
|
||||||
{{- end }}
|
|
||||||
{{- end }}
|
|
||||||
{{- if .Values.websocket.enabled }}
|
|
||||||
- containerPort: {{ .Values.websocket.port }}
|
|
||||||
name: websocket
|
|
||||||
{{- if .Values.nats.externalAccess }}
|
|
||||||
hostPort: {{ .Values.websocket.port }}
|
|
||||||
{{- end }}
|
|
||||||
{{- end }}
|
|
||||||
command:
|
|
||||||
- "nats-server"
|
|
||||||
- "--config"
|
|
||||||
- "/etc/nats-config/nats.conf"
|
|
||||||
|
|
||||||
# Required to be able to define an environment variable
|
|
||||||
# that refers to other environment variables. This env var
|
|
||||||
# is later used as part of the configuration file.
|
|
||||||
env:
|
|
||||||
- name: POD_NAME
|
|
||||||
valueFrom:
|
|
||||||
fieldRef:
|
|
||||||
fieldPath: metadata.name
|
|
||||||
- name: POD_NAMESPACE
|
|
||||||
valueFrom:
|
|
||||||
fieldRef:
|
|
||||||
fieldPath: metadata.namespace
|
|
||||||
- name: CLUSTER_ADVERTISE
|
|
||||||
value: {{ include "nats.clusterAdvertise" . }}
|
|
||||||
volumeMounts:
|
|
||||||
- name: config-volume
|
|
||||||
mountPath: /etc/nats-config
|
|
||||||
- name: pid
|
|
||||||
mountPath: /var/run/nats
|
|
||||||
{{- if and .Values.nats.externalAccess .Values.nats.advertise }}
|
|
||||||
- mountPath: /etc/nats-config/advertise
|
|
||||||
name: advertiseconfig
|
|
||||||
subPath: advertise
|
|
||||||
{{- end }}
|
|
||||||
|
|
||||||
{{- if and .Values.auth.enabled .Values.auth.resolver }}
|
|
||||||
{{- if eq .Values.auth.resolver.type "memory" }}
|
|
||||||
- name: resolver-volume
|
|
||||||
mountPath: /etc/nats-config/accounts
|
|
||||||
{{- end }}
|
|
||||||
|
|
||||||
{{- if eq .Values.auth.resolver.type "full" }}
|
|
||||||
{{- if .Values.auth.resolver.configMap }}
|
|
||||||
- name: resolver-volume
|
|
||||||
mountPath: /etc/nats-config/accounts
|
|
||||||
{{- end }}
|
|
||||||
{{- if and .Values.auth.resolver .Values.auth.resolver.store }}
|
|
||||||
- name: nats-jwt-pvc
|
|
||||||
mountPath: {{ .Values.auth.resolver.store.dir }}
|
|
||||||
{{- end }}
|
|
||||||
{{- end }}
|
|
||||||
|
|
||||||
{{- if eq .Values.auth.resolver.type "URL" }}
|
|
||||||
- name: operator-jwt-volume
|
|
||||||
mountPath: /etc/nats-config/operator
|
|
||||||
{{- end }}
|
|
||||||
{{- end }}
|
|
||||||
|
|
||||||
{{- if .Values.nats.jetstream.fileStorage.enabled }}
|
|
||||||
- name: {{ include "nats.fullname" . }}-js-pvc
|
|
||||||
mountPath: {{ .Values.nats.jetstream.fileStorage.storageDirectory }}
|
|
||||||
{{- end }}
|
|
||||||
|
|
||||||
{{- with .Values.nats.tls }}
|
|
||||||
#######################
|
|
||||||
# #
|
|
||||||
# TLS Volumes Mounts #
|
|
||||||
# #
|
|
||||||
#######################
|
|
||||||
{{ $secretName := .secret.name }}
|
|
||||||
- name: {{ $secretName }}-clients-volume
|
|
||||||
mountPath: /etc/nats-certs/clients/{{ $secretName }}
|
|
||||||
{{- end }}
|
|
||||||
{{- with .Values.mqtt.tls }}
|
|
||||||
{{ $secretName := .secret.name }}
|
|
||||||
- name: {{ $secretName }}-mqtt-volume
|
|
||||||
mountPath: /etc/nats-certs/mqtt/{{ $secretName }}
|
|
||||||
{{- end }}
|
|
||||||
{{- with .Values.cluster.tls }}
|
|
||||||
{{ $secretName := .secret.name }}
|
|
||||||
- name: {{ $secretName }}-cluster-volume
|
|
||||||
mountPath: /etc/nats-certs/cluster/{{ $secretName }}
|
|
||||||
{{- end }}
|
|
||||||
{{- with .Values.leafnodes.tls }}
|
|
||||||
{{ $secretName := .secret.name }}
|
|
||||||
- name: {{ $secretName }}-leafnodes-volume
|
|
||||||
mountPath: /etc/nats-certs/leafnodes/{{ $secretName }}
|
|
||||||
{{- end }}
|
|
||||||
{{- with .Values.gateway.tls }}
|
|
||||||
{{ $secretName := .secret.name }}
|
|
||||||
- name: {{ $secretName }}-gateways-volume
|
|
||||||
mountPath: /etc/nats-certs/gateways/{{ $secretName }}
|
|
||||||
{{- end }}
|
|
||||||
|
|
||||||
{{- with .Values.websocket.tls }}
|
|
||||||
{{ $secretName := .secret.name }}
|
|
||||||
- name: {{ $secretName }}-ws-volume
|
|
||||||
mountPath: /etc/nats-certs/ws/{{ $secretName }}
|
|
||||||
{{- end }}
|
|
||||||
|
|
||||||
{{- if .Values.leafnodes.enabled }}
|
|
||||||
#
|
|
||||||
# Leafnode credential volumes
|
|
||||||
#
|
|
||||||
{{- range .Values.leafnodes.remotes }}
|
|
||||||
{{- with .credentials }}
|
|
||||||
- name: {{ .secret.name }}-volume
|
|
||||||
mountPath: /etc/nats-creds/{{ .secret.name }}
|
|
||||||
{{- end }}
|
|
||||||
{{- end }}
|
|
||||||
{{- end }}
|
|
||||||
|
|
||||||
# Liveness/Readiness probes against the monitoring.
|
|
||||||
#
|
|
||||||
livenessProbe:
|
|
||||||
httpGet:
|
|
||||||
path: /
|
|
||||||
port: 8222
|
|
||||||
initialDelaySeconds: 10
|
|
||||||
timeoutSeconds: 5
|
|
||||||
readinessProbe:
|
|
||||||
httpGet:
|
|
||||||
path: /
|
|
||||||
port: 8222
|
|
||||||
initialDelaySeconds: 10
|
|
||||||
timeoutSeconds: 5
|
|
||||||
|
|
||||||
# Gracefully stop NATS Server on pod deletion or image upgrade.
|
|
||||||
#
|
|
||||||
lifecycle:
|
|
||||||
preStop:
|
|
||||||
exec:
|
|
||||||
# Using the alpine based NATS image, we add an extra sleep that is
|
|
||||||
# the same amount as the terminationGracePeriodSeconds to allow
|
|
||||||
# the NATS Server to gracefully terminate the client connections.
|
|
||||||
#
|
|
||||||
command:
|
|
||||||
- "/bin/sh"
|
|
||||||
- "-c"
|
|
||||||
- "nats-server -sl=ldm=/var/run/nats/nats.pid && /bin/sleep {{ .Values.nats.terminationGracePeriodSeconds }}"
|
|
||||||
|
|
||||||
#################################
|
|
||||||
# #
|
|
||||||
# NATS Configuration Reloader #
|
|
||||||
# #
|
|
||||||
#################################
|
|
||||||
{{ if .Values.reloader.enabled }}
|
|
||||||
- name: reloader
|
|
||||||
image: {{ .Values.reloader.image }}
|
|
||||||
imagePullPolicy: {{ .Values.reloader.pullPolicy }}
|
|
||||||
resources:
|
|
||||||
{{- toYaml .Values.reloader.resources | nindent 10 }}
|
|
||||||
command:
|
|
||||||
- "nats-server-config-reloader"
|
|
||||||
- "-pid"
|
|
||||||
- "/var/run/nats/nats.pid"
|
|
||||||
- "-config"
|
|
||||||
- "/etc/nats-config/nats.conf"
|
|
||||||
volumeMounts:
|
|
||||||
- name: config-volume
|
|
||||||
mountPath: /etc/nats-config
|
|
||||||
- name: pid
|
|
||||||
mountPath: /var/run/nats
|
|
||||||
{{ end }}
|
|
||||||
|
|
||||||
##############################
|
|
||||||
# #
|
|
||||||
# NATS Prometheus Exporter #
|
|
||||||
# #
|
|
||||||
##############################
|
|
||||||
{{ if .Values.exporter.enabled }}
|
|
||||||
- name: metrics
|
|
||||||
image: {{ .Values.exporter.image }}
|
|
||||||
imagePullPolicy: {{ .Values.exporter.pullPolicy }}
|
|
||||||
resources:
|
|
||||||
{{- toYaml .Values.exporter.resources | nindent 10 }}
|
|
||||||
args:
|
|
||||||
- -connz
|
|
||||||
- -routez
|
|
||||||
- -subz
|
|
||||||
- -varz
|
|
||||||
- -prefix=nats
|
|
||||||
- -use_internal_server_id
|
|
||||||
{{- if .Values.nats.jetstream.enabled }}
|
|
||||||
- -jsz=all
|
|
||||||
{{- end }}
|
|
||||||
- http://localhost:8222/
|
|
||||||
ports:
|
|
||||||
- containerPort: 7777
|
|
||||||
name: metrics
|
|
||||||
{{ end }}
|
|
||||||
|
|
||||||
volumeClaimTemplates:
|
|
||||||
{{- if eq .Values.auth.resolver.type "full" }}
|
|
||||||
{{- if and .Values.auth.resolver .Values.auth.resolver.store }}
|
|
||||||
#####################################
|
|
||||||
# #
|
|
||||||
# Account Server Embedded JWT #
|
|
||||||
# #
|
|
||||||
#####################################
|
|
||||||
- metadata:
|
|
||||||
name: nats-jwt-pvc
|
|
||||||
spec:
|
|
||||||
accessModes:
|
|
||||||
- ReadWriteOnce
|
|
||||||
resources:
|
|
||||||
requests:
|
|
||||||
storage: {{ .Values.auth.resolver.store.size }}
|
|
||||||
{{- end }}
|
|
||||||
{{- end }}
|
|
||||||
|
|
||||||
{{- if and .Values.nats.jetstream.fileStorage.enabled (not .Values.nats.jetstream.fileStorage.existingClaim) }}
|
|
||||||
#####################################
|
|
||||||
# #
|
|
||||||
# Jetstream New Persistent Volume #
|
|
||||||
# #
|
|
||||||
#####################################
|
|
||||||
- metadata:
|
|
||||||
name: {{ include "nats.fullname" . }}-js-pvc
|
|
||||||
{{- if .Values.nats.jetstream.fileStorage.annotations }}
|
|
||||||
annotations:
|
|
||||||
{{- range $key, $value := .Values.nats.jetstream.fileStorage.annotations }}
|
|
||||||
{{ $key }}: {{ $value | quote }}
|
|
||||||
{{- end }}
|
|
||||||
{{- end }}
|
|
||||||
spec:
|
|
||||||
accessModes:
|
|
||||||
{{- range .Values.nats.jetstream.fileStorage.accessModes }}
|
|
||||||
- {{ . | quote }}
|
|
||||||
{{- end }}
|
|
||||||
resources:
|
|
||||||
requests:
|
|
||||||
storage: {{ .Values.nats.jetstream.fileStorage.size }}
|
|
||||||
storageClassName: {{ .Values.nats.jetstream.fileStorage.storageClassName | quote }}
|
|
||||||
{{- end }}
|
|
@ -1,405 +0,0 @@
|
|||||||
###############################
|
|
||||||
# #
|
|
||||||
# NATS Server Configuration #
|
|
||||||
# #
|
|
||||||
###############################
|
|
||||||
nats:
|
|
||||||
image: nats:2.3.2-alpine
|
|
||||||
pullPolicy: IfNotPresent
|
|
||||||
|
|
||||||
# Toggle whether to enable external access.
|
|
||||||
# This binds a host port for clients, gateways and leafnodes.
|
|
||||||
externalAccess: false
|
|
||||||
|
|
||||||
# Toggle to disable client advertisements (connect_urls),
|
|
||||||
# in case of running behind a load balancer (which is not recommended)
|
|
||||||
# it might be required to disable advertisements.
|
|
||||||
advertise: true
|
|
||||||
|
|
||||||
# In case both external access and advertise are enabled
|
|
||||||
# then a service account would be required to be able to
|
|
||||||
# gather the public ip from a node.
|
|
||||||
serviceAccount: "nats-server"
|
|
||||||
|
|
||||||
# The number of connect attempts against discovered routes.
|
|
||||||
connectRetries: 30
|
|
||||||
|
|
||||||
# How many seconds should pass before sending a PING
|
|
||||||
# to a client that has no activity.
|
|
||||||
pingInterval:
|
|
||||||
|
|
||||||
resources: {}
|
|
||||||
|
|
||||||
# Server settings.
|
|
||||||
limits:
|
|
||||||
maxConnections:
|
|
||||||
maxSubscriptions:
|
|
||||||
maxControlLine:
|
|
||||||
maxPayload:
|
|
||||||
|
|
||||||
writeDeadline:
|
|
||||||
maxPending:
|
|
||||||
maxPings:
|
|
||||||
lameDuckDuration:
|
|
||||||
|
|
||||||
terminationGracePeriodSeconds: 60
|
|
||||||
|
|
||||||
logging:
|
|
||||||
debug:
|
|
||||||
trace:
|
|
||||||
logtime:
|
|
||||||
connectErrorReports:
|
|
||||||
reconnectErrorReports:
|
|
||||||
|
|
||||||
jetstream:
|
|
||||||
enabled: false
|
|
||||||
|
|
||||||
#############################
|
|
||||||
# #
|
|
||||||
# Jetstream Memory Storage #
|
|
||||||
# #
|
|
||||||
#############################
|
|
||||||
memStorage:
|
|
||||||
enabled: true
|
|
||||||
size: 1Gi
|
|
||||||
|
|
||||||
############################
|
|
||||||
# #
|
|
||||||
# Jetstream File Storage #
|
|
||||||
# #
|
|
||||||
############################
|
|
||||||
fileStorage:
|
|
||||||
enabled: false
|
|
||||||
storageDirectory: /data
|
|
||||||
|
|
||||||
# Set for use with existing PVC
|
|
||||||
# existingClaim: jetstream-pvc
|
|
||||||
# claimStorageSize: 1Gi
|
|
||||||
|
|
||||||
# Use below block to create new persistent volume
|
|
||||||
# only used if existingClaim is not specified
|
|
||||||
size: 1Gi
|
|
||||||
storageClassName: default
|
|
||||||
accessModes:
|
|
||||||
- ReadWriteOnce
|
|
||||||
annotations:
|
|
||||||
# key: "value"
|
|
||||||
|
|
||||||
#######################
|
|
||||||
# #
|
|
||||||
# TLS Configuration #
|
|
||||||
# #
|
|
||||||
#######################
|
|
||||||
#
|
|
||||||
# # You can find more on how to setup and trouble shoot TLS connnections at:
|
|
||||||
#
|
|
||||||
# # https://docs.nats.io/nats-server/configuration/securing_nats/tls
|
|
||||||
#
|
|
||||||
|
|
||||||
# tls:
|
|
||||||
# secret:
|
|
||||||
# name: nats-client-tls
|
|
||||||
# ca: "ca.crt"
|
|
||||||
# cert: "tls.crt"
|
|
||||||
# key: "tls.key"
|
|
||||||
|
|
||||||
mqtt:
|
|
||||||
enabled: false
|
|
||||||
ackWait: 1m
|
|
||||||
maxAckPending: 100
|
|
||||||
|
|
||||||
#######################
|
|
||||||
# #
|
|
||||||
# TLS Configuration #
|
|
||||||
# #
|
|
||||||
#######################
|
|
||||||
#
|
|
||||||
# # You can find more on how to setup and trouble shoot TLS connnections at:
|
|
||||||
#
|
|
||||||
# # https://docs.nats.io/nats-server/configuration/securing_nats/tls
|
|
||||||
#
|
|
||||||
|
|
||||||
#
|
|
||||||
# tls:
|
|
||||||
# secret:
|
|
||||||
# name: nats-mqtt-tls
|
|
||||||
# ca: "ca.crt"
|
|
||||||
# cert: "tls.crt"
|
|
||||||
# key: "tls.key"
|
|
||||||
|
|
||||||
nameOverride: ""
|
|
||||||
# An array of imagePullSecrets, and they have to be created manually in the same namespace
|
|
||||||
# ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
|
|
||||||
imagePullSecrets: []
|
|
||||||
|
|
||||||
# Toggle whether to use setup a Pod Security Context
|
|
||||||
# ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/
|
|
||||||
securityContext: {}
|
|
||||||
# securityContext:
|
|
||||||
# fsGroup: 1000
|
|
||||||
# runAsUser: 1000
|
|
||||||
# runAsNonRoot: true
|
|
||||||
|
|
||||||
# Affinity for pod assignment
|
|
||||||
# ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity
|
|
||||||
affinity: {}
|
|
||||||
|
|
||||||
## Pod priority class name
|
|
||||||
## ref: https://kubernetes.io/docs/concepts/configuration/pod-priority-preemption/#priorityclass
|
|
||||||
priorityClassName: null
|
|
||||||
|
|
||||||
# Service topology
|
|
||||||
# ref: https://kubernetes.io/docs/concepts/services-networking/service-topology/
|
|
||||||
topologyKeys: []
|
|
||||||
|
|
||||||
# Pod Topology Spread Constraints
|
|
||||||
# ref https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/
|
|
||||||
topologySpreadConstraints: []
|
|
||||||
# - maxSkew: 1
|
|
||||||
# topologyKey: zone
|
|
||||||
# whenUnsatisfiable: DoNotSchedule
|
|
||||||
|
|
||||||
# Annotations to add to the NATS pods
|
|
||||||
# ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/
|
|
||||||
podAnnotations: {}
|
|
||||||
# key: "value"
|
|
||||||
|
|
||||||
## Define a Pod Disruption Budget for the stateful set
|
|
||||||
## ref: https://kubernetes.io/docs/concepts/workloads/pods/disruptions/
|
|
||||||
podDisruptionBudget: null
|
|
||||||
# minAvailable: 1
|
|
||||||
# maxUnavailable: 1
|
|
||||||
|
|
||||||
# Annotations to add to the NATS StatefulSet
|
|
||||||
statefulSetAnnotations: {}
|
|
||||||
|
|
||||||
# Annotations to add to the NATS Service
|
|
||||||
serviceAnnotations: {}
|
|
||||||
|
|
||||||
cluster:
|
|
||||||
enabled: false
|
|
||||||
replicas: 3
|
|
||||||
noAdvertise: false
|
|
||||||
# authorization:
|
|
||||||
# user: foo
|
|
||||||
# password: pwd
|
|
||||||
# timeout: 0.5
|
|
||||||
|
|
||||||
# Leafnode connections to extend a cluster:
|
|
||||||
#
|
|
||||||
# https://docs.nats.io/nats-server/configuration/leafnodes
|
|
||||||
#
|
|
||||||
leafnodes:
|
|
||||||
enabled: false
|
|
||||||
noAdvertise: false
|
|
||||||
# remotes:
|
|
||||||
# - url: "tls://connect.ngs.global:7422"
|
|
||||||
|
|
||||||
#######################
|
|
||||||
# #
|
|
||||||
# TLS Configuration #
|
|
||||||
# #
|
|
||||||
#######################
|
|
||||||
#
|
|
||||||
# # You can find more on how to setup and trouble shoot TLS connnections at:
|
|
||||||
#
|
|
||||||
# # https://docs.nats.io/nats-server/configuration/securing_nats/tls
|
|
||||||
#
|
|
||||||
|
|
||||||
#
|
|
||||||
# tls:
|
|
||||||
# secret:
|
|
||||||
# name: nats-client-tls
|
|
||||||
# ca: "ca.crt"
|
|
||||||
# cert: "tls.crt"
|
|
||||||
# key: "tls.key"
|
|
||||||
|
|
||||||
# Gateway connections to create a super cluster
|
|
||||||
#
|
|
||||||
# https://docs.nats.io/nats-server/configuration/gateways
|
|
||||||
#
|
|
||||||
gateway:
|
|
||||||
enabled: false
|
|
||||||
name: 'default'
|
|
||||||
|
|
||||||
#############################
|
|
||||||
# #
|
|
||||||
# List of remote gateways #
|
|
||||||
# #
|
|
||||||
#############################
|
|
||||||
# gateways:
|
|
||||||
# - name: other
|
|
||||||
# url: nats://my-gateway-url:7522
|
|
||||||
|
|
||||||
#######################
|
|
||||||
# #
|
|
||||||
# TLS Configuration #
|
|
||||||
# #
|
|
||||||
#######################
|
|
||||||
#
|
|
||||||
# # You can find more on how to setup and trouble shoot TLS connnections at:
|
|
||||||
#
|
|
||||||
# # https://docs.nats.io/nats-server/configuration/securing_nats/tls
|
|
||||||
#
|
|
||||||
# tls:
|
|
||||||
# secret:
|
|
||||||
# name: nats-client-tls
|
|
||||||
# ca: "ca.crt"
|
|
||||||
# cert: "tls.crt"
|
|
||||||
# key: "tls.key"
|
|
||||||
|
|
||||||
# In case of both external access and advertisements being
|
|
||||||
# enabled, an initializer container will be used to gather
|
|
||||||
# the public ips.
|
|
||||||
bootconfig:
|
|
||||||
image: natsio/nats-boot-config:0.5.3
|
|
||||||
pullPolicy: IfNotPresent
|
|
||||||
|
|
||||||
# NATS Box
|
|
||||||
#
|
|
||||||
# https://github.com/nats-io/nats-box
|
|
||||||
#
|
|
||||||
natsbox:
|
|
||||||
enabled: true
|
|
||||||
image: natsio/nats-box:0.6.0
|
|
||||||
pullPolicy: IfNotPresent
|
|
||||||
|
|
||||||
# An array of imagePullSecrets, and they have to be created manually in the same namespace
|
|
||||||
# ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
|
|
||||||
imagePullSecrets: []
|
|
||||||
# - name: dockerhub
|
|
||||||
|
|
||||||
# credentials:
|
|
||||||
# secret:
|
|
||||||
# name: nats-sys-creds
|
|
||||||
# key: sys.creds
|
|
||||||
|
|
||||||
# Annotations to add to the box pods
|
|
||||||
# ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/
|
|
||||||
podAnnotations: {}
|
|
||||||
# key: "value"
|
|
||||||
|
|
||||||
# Affinity for nats box pod assignment
|
|
||||||
# ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity
|
|
||||||
affinity: {}
|
|
||||||
|
|
||||||
# The NATS config reloader image to use.
|
|
||||||
reloader:
|
|
||||||
enabled: true
|
|
||||||
image: natsio/nats-server-config-reloader:0.6.1
|
|
||||||
pullPolicy: IfNotPresent
|
|
||||||
|
|
||||||
# Prometheus NATS Exporter configuration.
|
|
||||||
exporter:
|
|
||||||
enabled: true
|
|
||||||
image: natsio/prometheus-nats-exporter:0.8.0
|
|
||||||
pullPolicy: IfNotPresent
|
|
||||||
resources: {}
|
|
||||||
# Prometheus operator ServiceMonitor support. Exporter has to be enabled
|
|
||||||
serviceMonitor:
|
|
||||||
enabled: false
|
|
||||||
## Specify the namespace where Prometheus Operator is running
|
|
||||||
##
|
|
||||||
# namespace: monitoring
|
|
||||||
labels: {}
|
|
||||||
annotations: {}
|
|
||||||
path: /metrics
|
|
||||||
# interval:
|
|
||||||
# scrapeTimeout:
|
|
||||||
|
|
||||||
# Authentication setup
|
|
||||||
auth:
|
|
||||||
enabled: false
|
|
||||||
|
|
||||||
# basic:
|
|
||||||
# noAuthUser:
|
|
||||||
# # List of users that can connect with basic auth,
|
|
||||||
# # that belong to the global account.
|
|
||||||
# users:
|
|
||||||
|
|
||||||
# # List of accounts with users that can connect
|
|
||||||
# # using basic auth.
|
|
||||||
# accounts:
|
|
||||||
|
|
||||||
# Reference to the Operator JWT.
|
|
||||||
# operatorjwt:
|
|
||||||
# configMap:
|
|
||||||
# name: operator-jwt
|
|
||||||
# key: KO.jwt
|
|
||||||
|
|
||||||
# Token authentication
|
|
||||||
# token:
|
|
||||||
|
|
||||||
# Public key of the System Account
|
|
||||||
# systemAccount:
|
|
||||||
|
|
||||||
resolver:
|
|
||||||
# Disables the resolver by default
|
|
||||||
type: none
|
|
||||||
|
|
||||||
##########################################
|
|
||||||
# #
|
|
||||||
# Embedded NATS Account Server Resolver #
|
|
||||||
# #
|
|
||||||
##########################################
|
|
||||||
# type: full
|
|
||||||
|
|
||||||
# If the resolver type is 'full', delete when enabled will rename the jwt.
|
|
||||||
allowDelete: false
|
|
||||||
|
|
||||||
# Interval at which a nats-server with a nats based account resolver will compare
|
|
||||||
# it's state with one random nats based account resolver in the cluster and if needed,
|
|
||||||
# exchange jwt and converge on the same set of jwt.
|
|
||||||
interval: 2m
|
|
||||||
|
|
||||||
# Operator JWT
|
|
||||||
operator:
|
|
||||||
|
|
||||||
# System Account Public NKEY
|
|
||||||
systemAccount:
|
|
||||||
|
|
||||||
# resolverPreload:
|
|
||||||
# <ACCOUNT>: <JWT>
|
|
||||||
|
|
||||||
# Directory in which the account JWTs will be stored.
|
|
||||||
store:
|
|
||||||
dir: "/accounts/jwt"
|
|
||||||
|
|
||||||
# Size of the account JWT storage.
|
|
||||||
size: 1Gi
|
|
||||||
|
|
||||||
##############################
|
|
||||||
# #
|
|
||||||
# Memory resolver settings #
|
|
||||||
# #
|
|
||||||
##############################
|
|
||||||
# type: memory
|
|
||||||
#
|
|
||||||
# Use a configmap reference which will be mounted
|
|
||||||
# into the container.
|
|
||||||
#
|
|
||||||
# configMap:
|
|
||||||
# name: nats-accounts
|
|
||||||
# key: resolver.conf
|
|
||||||
|
|
||||||
##########################
|
|
||||||
# #
|
|
||||||
# URL resolver settings #
|
|
||||||
# #
|
|
||||||
##########################
|
|
||||||
# type: URL
|
|
||||||
# url: "http://nats-account-server:9090/jwt/v1/accounts/"
|
|
||||||
|
|
||||||
websocket:
|
|
||||||
enabled: false
|
|
||||||
port: 443
|
|
||||||
|
|
||||||
appProtocol:
|
|
||||||
enabled: false
|
|
||||||
|
|
||||||
# Cluster Domain configured on the kubelets
|
|
||||||
# https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/
|
|
||||||
k8sClusterDomain: cluster.local
|
|
||||||
|
|
||||||
# Add labels to all the deployed resources
|
|
||||||
commonLabels: {}
|
|
@ -1,4 +1,4 @@
|
|||||||
{{- if .Values.nats.exporter.serviceMonitor.enabled }}
|
{{- if .Values.nats.promExporter.podMonitor.enabled }}
|
||||||
apiVersion: v1
|
apiVersion: v1
|
||||||
kind: ConfigMap
|
kind: ConfigMap
|
||||||
metadata:
|
metadata:
|
||||||
|
@ -1,13 +1,13 @@
|
|||||||
#!/bin/bash
|
##!/bin/bash
|
||||||
set -ex
|
set -ex
|
||||||
|
|
||||||
helm dep update
|
. ../../scripts/lib-update.sh
|
||||||
|
|
||||||
## NATS
|
#login_ecr_public
|
||||||
|
update_helm
|
||||||
NATS_VERSION=0.8.4
|
|
||||||
rm -rf charts/nats && curl -L -s -o - https://github.com/nats-io/k8s/releases/download/v$NATS_VERSION/nats-$NATS_VERSION.tgz | tar xfz - -C charts
|
|
||||||
|
|
||||||
# Fetch dashboards
|
# Fetch dashboards
|
||||||
../kubezero-metrics/sync_grafana_dashboards.py dashboards-nats.yaml templates/nats/grafana-dashboards.yaml
|
../kubezero-metrics/sync_grafana_dashboards.py dashboards-nats.yaml templates/nats/grafana-dashboards.yaml
|
||||||
../kubezero-metrics/sync_grafana_dashboards.py dashboards-rabbitmq.yaml templates/rabbitmq/grafana-dashboards.yaml
|
../kubezero-metrics/sync_grafana_dashboards.py dashboards-rabbitmq.yaml templates/rabbitmq/grafana-dashboards.yaml
|
||||||
|
|
||||||
|
update_docs
|
||||||
|
@ -2,17 +2,16 @@
|
|||||||
nats:
|
nats:
|
||||||
enabled: false
|
enabled: false
|
||||||
|
|
||||||
nats:
|
config:
|
||||||
advertise: false
|
|
||||||
|
|
||||||
jetstream:
|
jetstream:
|
||||||
enabled: true
|
enabled: true
|
||||||
|
|
||||||
natsbox:
|
natsBox:
|
||||||
enabled: false
|
enabled: false
|
||||||
|
|
||||||
exporter:
|
promExporter:
|
||||||
serviceMonitor:
|
enabled: false
|
||||||
|
podMonitor:
|
||||||
enabled: false
|
enabled: false
|
||||||
|
|
||||||
mqtt:
|
mqtt:
|
||||||
@ -71,18 +70,18 @@ rabbitmq:
|
|||||||
failIfNoPeerCert: false
|
failIfNoPeerCert: false
|
||||||
existingSecret: rabbitmq-server-certificate
|
existingSecret: rabbitmq-server-certificate
|
||||||
existingSecretFullChain: true
|
existingSecretFullChain: true
|
||||||
|
|
||||||
clustering:
|
clustering:
|
||||||
enabled: false
|
enabled: false
|
||||||
forceBoot: false
|
forceBoot: false
|
||||||
|
|
||||||
resources:
|
resources:
|
||||||
requests:
|
requests:
|
||||||
memory: 512Mi
|
memory: 512Mi
|
||||||
cpu: 100m
|
cpu: 100m
|
||||||
|
|
||||||
replicaCount: 1
|
replicaCount: 1
|
||||||
|
|
||||||
persistence:
|
persistence:
|
||||||
size: 2Gi
|
size: 2Gi
|
||||||
|
|
||||||
@ -98,10 +97,10 @@ rabbitmq:
|
|||||||
whenUnsatisfiable: DoNotSchedule
|
whenUnsatisfiable: DoNotSchedule
|
||||||
labelSelector:
|
labelSelector:
|
||||||
matchLabels: {{- include "common.labels.matchLabels" . | nindent 6 }}
|
matchLabels: {{- include "common.labels.matchLabels" . | nindent 6 }}
|
||||||
|
|
||||||
pdb:
|
pdb:
|
||||||
create: false
|
create: false
|
||||||
|
|
||||||
metrics:
|
metrics:
|
||||||
enabled: false
|
enabled: false
|
||||||
serviceMonitor:
|
serviceMonitor:
|
||||||
|
Loading…
Reference in New Issue
Block a user