From 13628ace58e135eb1b9ed7b25abf43c104d44f1e Mon Sep 17 00:00:00 2001 From: Stefan Reimer Date: Thu, 22 Jul 2021 22:15:12 +0200 Subject: [PATCH] feat: kubezero-mq NATS version bump --- charts/kubezero-mq/Chart.yaml | 4 +- charts/kubezero-mq/charts/nats/.helmignore | 22 +++ charts/kubezero-mq/charts/nats/Chart.yaml | 34 +++-- charts/kubezero-mq/charts/nats/README.md | 26 ++-- charts/kubezero-mq/charts/nats/accounts.conf | 21 +++ charts/kubezero-mq/charts/nats/deploy.yaml | 24 ++++ charts/kubezero-mq/charts/nats/deploy2.yaml | 9 ++ charts/kubezero-mq/charts/nats/foo.conf | 0 charts/kubezero-mq/charts/nats/foo.dhall | 9 ++ charts/kubezero-mq/charts/nats/resolver.conf | 21 +++ .../charts/nats/templates/_helpers.tpl | 11 +- .../charts/nats/templates/_mem_resolver.yaml | 15 ++ .../charts/nats/templates/configmap.yaml | 75 +++++++++- .../charts/nats/templates/nats-box.yaml | 22 ++- .../charts/nats/templates/pdb.yaml | 1 + .../charts/nats/templates/service.yaml | 29 ++++ .../charts/nats/templates/statefulset.yaml | 48 +++++-- charts/kubezero-mq/charts/nats/values.yaml | 130 +++++++++++++----- charts/kubezero-mq/update.sh | 10 +- charts/kubezero-mq/values.yaml | 5 +- 20 files changed, 421 insertions(+), 95 deletions(-) create mode 100644 charts/kubezero-mq/charts/nats/.helmignore create mode 100644 charts/kubezero-mq/charts/nats/accounts.conf create mode 100644 charts/kubezero-mq/charts/nats/deploy.yaml create mode 100644 charts/kubezero-mq/charts/nats/deploy2.yaml create mode 100644 charts/kubezero-mq/charts/nats/foo.conf create mode 100644 charts/kubezero-mq/charts/nats/foo.dhall create mode 100644 charts/kubezero-mq/charts/nats/resolver.conf create mode 100644 charts/kubezero-mq/charts/nats/templates/_mem_resolver.yaml diff --git a/charts/kubezero-mq/Chart.yaml b/charts/kubezero-mq/Chart.yaml index b8d74fd..0f65f56 100644 --- a/charts/kubezero-mq/Chart.yaml +++ b/charts/kubezero-mq/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v2 name: kubezero-mq description: KubeZero umbrella chart for MQ systems like NATS, RabbitMQ type: application -version: 0.2.0 +version: 0.2.1 home: https://kubezero.com icon: https://cdn.zero-downtime.net/assets/kubezero/logo-small-64.png keywords: @@ -16,7 +16,7 @@ dependencies: version: ">= 0.1.3" repository: https://zero-down-time.github.io/kubezero/ - name: nats - version: 0.8.3 + version: 0.8.4 #repository: https://nats-io.github.io/k8s/helm/charts/ condition: nats.enabled - name: rabbitmq diff --git a/charts/kubezero-mq/charts/nats/.helmignore b/charts/kubezero-mq/charts/nats/.helmignore new file mode 100644 index 0000000..50af031 --- /dev/null +++ b/charts/kubezero-mq/charts/nats/.helmignore @@ -0,0 +1,22 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*~ +# Various IDEs +.project +.idea/ +*.tmproj +.vscode/ diff --git a/charts/kubezero-mq/charts/nats/Chart.yaml b/charts/kubezero-mq/charts/nats/Chart.yaml index 9684e5a..f17a122 100644 --- a/charts/kubezero-mq/charts/nats/Chart.yaml +++ b/charts/kubezero-mq/charts/nats/Chart.yaml @@ -1,21 +1,19 @@ apiVersion: v2 -appVersion: "2.1.9" -description: A Helm chart for the NATS.io High Speed Cloud Native Distributed Communications Technology. -name: nats -keywords: - - nats - - messaging - - cncf -version: 0.8.3 +appVersion: 2.3.2 +description: A Helm chart for the NATS.io High Speed Cloud Native Distributed Communications + Technology. home: http://github.com/nats-io/k8s -maintainers: - - name: Waldemar Quevedo - github: https://github.com/wallyqs - email: wally@nats.io - - name: Colin Sullivan - github: https://github.com/ColinSullivan1 - email: colin@nats.io - - name: Jaime Piña - github: https://github.com/variadico - email: jaime@nats.io icon: https://nats.io/img/nats-icon-color.png +keywords: +- nats +- messaging +- cncf +maintainers: +- email: wally@nats.io + name: Waldemar Quevedo +- email: colin@nats.io + name: Colin Sullivan +- email: jaime@nats.io + name: Jaime Piña +name: nats +version: 0.8.4 diff --git a/charts/kubezero-mq/charts/nats/README.md b/charts/kubezero-mq/charts/nats/README.md index d358961..1107176 100644 --- a/charts/kubezero-mq/charts/nats/README.md +++ b/charts/kubezero-mq/charts/nats/README.md @@ -109,6 +109,16 @@ leafnodes: enabled: true remotes: - url: "tls://connect.ngs.global:7422" + # credentials: + # secret: + # name: leafnode-creds + # key: TA.creds + # tls: + # secret: + # name: nats-leafnode-tls + # ca: "ca.crt" + # cert: "tls.crt" + # key: "tls.key" ####################### # # @@ -194,7 +204,7 @@ The container image of the initializer can be customized via: ```yaml bootconfig: - image: connecteverything/nats-boot-config:0.5.2 + image: natsio/nats-boot-config:latest pullPolicy: IfNotPresent ``` @@ -230,7 +240,7 @@ metadata: spec: type: LoadBalancer selector: - app: nats + app.kubernetes.io/name: nats ports: - protocol: TCP port: 4222 @@ -349,7 +359,7 @@ auth: ```yaml nats: - image: synadia/nats-server:nightly + image: nats:alpine jetstream: enabled: true @@ -389,7 +399,7 @@ You can start JetStream so that one pod is bounded to it: ```yaml nats: - image: synadia/nats-server:nightly + image: nats:alpine jetstream: enabled: true @@ -406,7 +416,7 @@ nats: ```yaml nats: - image: synadia/nats-server:nightly + image: nats:alpine jetstream: enabled: true @@ -438,7 +448,7 @@ You can find the image at: https://github.com/nats-io/nats-box ```yaml natsbox: enabled: true - image: synadia/nats-box:latest + image: nats:alpine pullPolicy: IfNotPresent # credentials: @@ -454,7 +464,7 @@ The NATS config reloader image to use: ```yaml reloader: enabled: true - image: connecteverything/nats-server-config-reloader:0.6.0 + image: natsio/nats-server-config-reloader:latest pullPolicy: IfNotPresent ``` @@ -465,7 +475,7 @@ You can toggle whether to start the sidecar that can be used to feed metrics to ```yaml exporter: enabled: true - image: synadia/prometheus-nats-exporter:0.5.0 + image: natsio/prometheus-nats-exporter:latest pullPolicy: IfNotPresent ``` diff --git a/charts/kubezero-mq/charts/nats/accounts.conf b/charts/kubezero-mq/charts/nats/accounts.conf new file mode 100644 index 0000000..1241ad6 --- /dev/null +++ b/charts/kubezero-mq/charts/nats/accounts.conf @@ -0,0 +1,21 @@ +// Operator "KO" +operator: eyJ0eXAiOiJqd3QiLCJhbGciOiJlZDI1NTE5In0.eyJqdGkiOiI0U09OUjZLT05FMzNFRFhRWE5IR1JUSEg2TEhPM0dFU0xXWlJYNlNENTQ2MjQyTE80QlVRIiwiaWF0IjoxNTgzNzg1MTMyLCJpc3MiOiJPQ0RHNk9ZUFdYRlNLTEdTSFBBUkdTUllDS0xKSVFJMklORUtVVkFGMzJNVzU2VlRMTDRGV0o0SSIsIm5hbWUiOiJLTyIsInN1YiI6Ik9DREc2T1lQV1hGU0tMR1NIUEFSR1NSWUNLTEpJUUkySU5FS1VWQUYzMk1XNTZWVExMNEZXSjRJIiwidHlwZSI6Im9wZXJhdG9yIiwibmF0cyI6e319.0039eTgLj-uyYFoWB3rivGP0WyIZkb_vrrE6tnqcNgIDM59o92nw_Rvb-hrvsK30QWqwm_W8BpVZHDMEY-CiBQ + +system_account: ACLZ6OSWC7BXFT4VNVBDMWUFNBIVGHTUONOXI6TCBP3QHOD34JIDSRYW + +resolver: MEMORY + +resolver_preload: { + // Account "A" + AA3NXTHTXOHCTPIBKEDHNAYAHJ4CO7ERCOJFYCXOXVEOPZTMW55WX32Z: eyJ0eXAiOiJqd3QiLCJhbGciOiJlZDI1NTE5In0.eyJqdGkiOiJSM0QyWUM1UVlJWk4zS0hYR1FFRTZNQTRCRVU3WkFWQk5LSElJNTNOM0tLRVRTTVZEVVRRIiwiaWF0IjoxNTgzNzg1MTMyLCJpc3MiOiJPQ0RHNk9ZUFdYRlNLTEdTSFBBUkdTUllDS0xKSVFJMklORUtVVkFGMzJNVzU2VlRMTDRGV0o0SSIsIm5hbWUiOiJBIiwic3ViIjoiQUEzTlhUSFRYT0hDVFBJQktFREhOQVlBSEo0Q083RVJDT0pGWUNYT1hWRU9QWlRNVzU1V1gzMloiLCJ0eXBlIjoiYWNjb3VudCIsIm5hdHMiOnsiZXhwb3J0cyI6W3sibmFtZSI6InRlc3QiLCJzdWJqZWN0IjoidGVzdCIsInR5cGUiOiJzZXJ2aWNlIiwicmVzcG9uc2VfdHlwZSI6IlNpbmdsZXRvbiIsInNlcnZpY2VfbGF0ZW5jeSI6eyJzYW1wbGluZyI6MTAwLCJyZXN1bHRzIjoibGF0ZW5jeS5vbi50ZXN0In19XSwibGltaXRzIjp7InN1YnMiOi0xLCJjb25uIjotMSwibGVhZiI6LTEsImltcG9ydHMiOi0xLCJleHBvcnRzIjotMSwiZGF0YSI6LTEsInBheWxvYWQiOi0xLCJ3aWxkY2FyZHMiOnRydWV9fX0.W7oEjpQA986Hai3t8UOiJwCcVDYm2sj7L545oYZhQtYbydh_ragPn8pc0f1pA1krMz_ZDuBwKHLZRgXuNSysDQ + + // Account "STAN" + AAYNFTMTKWXZEPPSEZLECMHE3VBULMIUO2QGVY3P4VCI7NNQC3TVX2PB: eyJ0eXAiOiJqd3QiLCJhbGciOiJlZDI1NTE5In0.eyJqdGkiOiJRSUozV0I0MjdSVU5RSlZFM1dRVEs3TlNaVlpaNkRQT01KWkdHMlhTMzQ2WFNQTVZERElBIiwiaWF0IjoxNTgzNzg1MTMyLCJpc3MiOiJPQ0RHNk9ZUFdYRlNLTEdTSFBBUkdTUllDS0xKSVFJMklORUtVVkFGMzJNVzU2VlRMTDRGV0o0SSIsIm5hbWUiOiJTVEFOIiwic3ViIjoiQUFZTkZUTVRLV1haRVBQU0VaTEVDTUhFM1ZCVUxNSVVPMlFHVlkzUDRWQ0k3Tk5RQzNUVlgyUEIiLCJ0eXBlIjoiYWNjb3VudCIsIm5hdHMiOnsibGltaXRzIjp7InN1YnMiOi0xLCJjb25uIjotMSwibGVhZiI6LTEsImltcG9ydHMiOi0xLCJleHBvcnRzIjotMSwiZGF0YSI6LTEsInBheWxvYWQiOi0xLCJ3aWxkY2FyZHMiOnRydWV9fX0.SPyQdAFmoON577s-eZP4K3-9QXYhTn9Xqy3aDGeHvHYRE9IVD47Eu7d38ZiySPlxgkdM_WXZn241_59d07axBA + + // Account "SYS" + ACLZ6OSWC7BXFT4VNVBDMWUFNBIVGHTUONOXI6TCBP3QHOD34JIDSRYW: eyJ0eXAiOiJqd3QiLCJhbGciOiJlZDI1NTE5In0.eyJqdGkiOiJGSk1TSEROVlVGUEM0U0pSRlcyV0NZT1hRWUFDM1hNNUJaWTRKQUZWUTc1V0lEUkdDN0lBIiwiaWF0IjoxNTgzNzg1MTMyLCJpc3MiOiJPQ0RHNk9ZUFdYRlNLTEdTSFBBUkdTUllDS0xKSVFJMklORUtVVkFGMzJNVzU2VlRMTDRGV0o0SSIsIm5hbWUiOiJTWVMiLCJzdWIiOiJBQ0xaNk9TV0M3QlhGVDRWTlZCRE1XVUZOQklWR0hUVU9OT1hJNlRDQlAzUUhPRDM0SklEU1JZVyIsInR5cGUiOiJhY2NvdW50IiwibmF0cyI6eyJsaW1pdHMiOnsic3VicyI6LTEsImNvbm4iOi0xLCJsZWFmIjotMSwiaW1wb3J0cyI6LTEsImV4cG9ydHMiOi0xLCJkYXRhIjotMSwicGF5bG9hZCI6LTEsIndpbGRjYXJkcyI6dHJ1ZX19fQ.owW08dIa97STqgT0ux-5sD00Ad0I3HstJKTmh1CGVpsQwelaZdrBuia-4XgCgN88zuLokPMfWI_pkxXU_iB0BA + + // Account "B" + ADOR7Q5KMWC2XIWRRRC4MZUDCPYG3UMAIWDRX6M2MFDY5SR6HQAAMHJA: eyJ0eXAiOiJqd3QiLCJhbGciOiJlZDI1NTE5In0.eyJqdGkiOiJRQjdIRFg3VUZYN01KUjZPS1E2S1dRSlVUUEpWWENTNkJCWjQ3SDVVTFdVVFNRUU1NQzJRIiwiaWF0IjoxNTgzNzg1MTMyLCJpc3MiOiJPQ0RHNk9ZUFdYRlNLTEdTSFBBUkdTUllDS0xKSVFJMklORUtVVkFGMzJNVzU2VlRMTDRGV0o0SSIsIm5hbWUiOiJCIiwic3ViIjoiQURPUjdRNUtNV0MyWElXUlJSQzRNWlVEQ1BZRzNVTUFJV0RSWDZNMk1GRFk1U1I2SFFBQU1ISkEiLCJ0eXBlIjoiYWNjb3VudCIsIm5hdHMiOnsiaW1wb3J0cyI6W3sibmFtZSI6InRlc3QiLCJzdWJqZWN0IjoidGVzdCIsImFjY291bnQiOiJBQTNOWFRIVFhPSENUUElCS0VESE5BWUFISjRDTzdFUkNPSkZZQ1hPWFZFT1BaVE1XNTVXWDMyWiIsInRvIjoidGVzdCIsInR5cGUiOiJzZXJ2aWNlIn1dLCJsaW1pdHMiOnsic3VicyI6LTEsImNvbm4iOi0xLCJsZWFmIjotMSwiaW1wb3J0cyI6LTEsImV4cG9ydHMiOi0xLCJkYXRhIjotMSwicGF5bG9hZCI6LTEsIndpbGRjYXJkcyI6dHJ1ZX19fQ.r5p_sGt_hmDfWWIJGrLodAM8VfXPeUzsbRtzrMTBGGkcLdi4jqAHXRu09CmFISEzX2VKeGuOonGuAMOFotvICg + +} diff --git a/charts/kubezero-mq/charts/nats/deploy.yaml b/charts/kubezero-mq/charts/nats/deploy.yaml new file mode 100644 index 0000000..0c7e44d --- /dev/null +++ b/charts/kubezero-mq/charts/nats/deploy.yaml @@ -0,0 +1,24 @@ +# Setup memory preload config. +auth: + enabled: true + resolver: + type: memory + preload: | + // Operator "KO" + operator: eyJ0eXAiOiJqd3QiLCJhbGciOiJlZDI1NTE5In0.eyJqdGkiOiI0U09OUjZLT05FMzNFRFhRWE5IR1JUSEg2TEhPM0dFU0xXWlJYNlNENTQ2MjQyTE80QlVRIiwiaWF0IjoxNTgzNzg1MTMyLCJpc3MiOiJPQ0RHNk9ZUFdYRlNLTEdTSFBBUkdTUllDS0xKSVFJMklORUtVVkFGMzJNVzU2VlRMTDRGV0o0SSIsIm5hbWUiOiJLTyIsInN1YiI6Ik9DREc2T1lQV1hGU0tMR1NIUEFSR1NSWUNLTEpJUUkySU5FS1VWQUYzMk1XNTZWVExMNEZXSjRJIiwidHlwZSI6Im9wZXJhdG9yIiwibmF0cyI6e319.0039eTgLj-uyYFoWB3rivGP0WyIZkb_vrrE6tnqcNgIDM59o92nw_Rvb-hrvsK30QWqwm_W8BpVZHDMEY-CiBQ + + system_account: ACLZ6OSWC7BXFT4VNVBDMWUFNBIVGHTUONOXI6TCBP3QHOD34JIDSRYW + + resolver_preload: { + // Account "A" + AA3NXTHTXOHCTPIBKEDHNAYAHJ4CO7ERCOJFYCXOXVEOPZTMW55WX32Z: eyJ0eXAiOiJqd3QiLCJhbGciOiJlZDI1NTE5In0.eyJqdGkiOiJSM0QyWUM1UVlJWk4zS0hYR1FFRTZNQTRCRVU3WkFWQk5LSElJNTNOM0tLRVRTTVZEVVRRIiwiaWF0IjoxNTgzNzg1MTMyLCJpc3MiOiJPQ0RHNk9ZUFdYRlNLTEdTSFBBUkdTUllDS0xKSVFJMklORUtVVkFGMzJNVzU2VlRMTDRGV0o0SSIsIm5hbWUiOiJBIiwic3ViIjoiQUEzTlhUSFRYT0hDVFBJQktFREhOQVlBSEo0Q083RVJDT0pGWUNYT1hWRU9QWlRNVzU1V1gzMloiLCJ0eXBlIjoiYWNjb3VudCIsIm5hdHMiOnsiZXhwb3J0cyI6W3sibmFtZSI6InRlc3QiLCJzdWJqZWN0IjoidGVzdCIsInR5cGUiOiJzZXJ2aWNlIiwicmVzcG9uc2VfdHlwZSI6IlNpbmdsZXRvbiIsInNlcnZpY2VfbGF0ZW5jeSI6eyJzYW1wbGluZyI6MTAwLCJyZXN1bHRzIjoibGF0ZW5jeS5vbi50ZXN0In19XSwibGltaXRzIjp7InN1YnMiOi0xLCJjb25uIjotMSwibGVhZiI6LTEsImltcG9ydHMiOi0xLCJleHBvcnRzIjotMSwiZGF0YSI6LTEsInBheWxvYWQiOi0xLCJ3aWxkY2FyZHMiOnRydWV9fX0.W7oEjpQA986Hai3t8UOiJwCcVDYm2sj7L545oYZhQtYbydh_ragPn8pc0f1pA1krMz_ZDuBwKHLZRgXuNSysDQ + + // Account "STAN" + AAYNFTMTKWXZEPPSEZLECMHE3VBULMIUO2QGVY3P4VCI7NNQC3TVX2PB: eyJ0eXAiOiJqd3QiLCJhbGciOiJlZDI1NTE5In0.eyJqdGkiOiJRSUozV0I0MjdSVU5RSlZFM1dRVEs3TlNaVlpaNkRQT01KWkdHMlhTMzQ2WFNQTVZERElBIiwiaWF0IjoxNTgzNzg1MTMyLCJpc3MiOiJPQ0RHNk9ZUFdYRlNLTEdTSFBBUkdTUllDS0xKSVFJMklORUtVVkFGMzJNVzU2VlRMTDRGV0o0SSIsIm5hbWUiOiJTVEFOIiwic3ViIjoiQUFZTkZUTVRLV1haRVBQU0VaTEVDTUhFM1ZCVUxNSVVPMlFHVlkzUDRWQ0k3Tk5RQzNUVlgyUEIiLCJ0eXBlIjoiYWNjb3VudCIsIm5hdHMiOnsibGltaXRzIjp7InN1YnMiOi0xLCJjb25uIjotMSwibGVhZiI6LTEsImltcG9ydHMiOi0xLCJleHBvcnRzIjotMSwiZGF0YSI6LTEsInBheWxvYWQiOi0xLCJ3aWxkY2FyZHMiOnRydWV9fX0.SPyQdAFmoON577s-eZP4K3-9QXYhTn9Xqy3aDGeHvHYRE9IVD47Eu7d38ZiySPlxgkdM_WXZn241_59d07axBA + + // Account "SYS" + ACLZ6OSWC7BXFT4VNVBDMWUFNBIVGHTUONOXI6TCBP3QHOD34JIDSRYW: eyJ0eXAiOiJqd3QiLCJhbGciOiJlZDI1NTE5In0.eyJqdGkiOiJGSk1TSEROVlVGUEM0U0pSRlcyV0NZT1hRWUFDM1hNNUJaWTRKQUZWUTc1V0lEUkdDN0lBIiwiaWF0IjoxNTgzNzg1MTMyLCJpc3MiOiJPQ0RHNk9ZUFdYRlNLTEdTSFBBUkdTUllDS0xKSVFJMklORUtVVkFGMzJNVzU2VlRMTDRGV0o0SSIsIm5hbWUiOiJTWVMiLCJzdWIiOiJBQ0xaNk9TV0M3QlhGVDRWTlZCRE1XVUZOQklWR0hUVU9OT1hJNlRDQlAzUUhPRDM0SklEU1JZVyIsInR5cGUiOiJhY2NvdW50IiwibmF0cyI6eyJsaW1pdHMiOnsic3VicyI6LTEsImNvbm4iOi0xLCJsZWFmIjotMSwiaW1wb3J0cyI6LTEsImV4cG9ydHMiOi0xLCJkYXRhIjotMSwicGF5bG9hZCI6LTEsIndpbGRjYXJkcyI6dHJ1ZX19fQ.owW08dIa97STqgT0ux-5sD00Ad0I3HstJKTmh1CGVpsQwelaZdrBuia-4XgCgN88zuLokPMfWI_pkxXU_iB0BA + + // Account "B" + ADOR7Q5KMWC2XIWRRRC4MZUDCPYG3UMAIWDRX6M2MFDY5SR6HQAAMHJA: eyJ0eXAiOiJqd3QiLCJhbGciOiJlZDI1NTE5In0.eyJqdGkiOiJRQjdIRFg3VUZYN01KUjZPS1E2S1dRSlVUUEpWWENTNkJCWjQ3SDVVTFdVVFNRUU1NQzJRIiwiaWF0IjoxNTgzNzg1MTMyLCJpc3MiOiJPQ0RHNk9ZUFdYRlNLTEdTSFBBUkdTUllDS0xKSVFJMklORUtVVkFGMzJNVzU2VlRMTDRGV0o0SSIsIm5hbWUiOiJCIiwic3ViIjoiQURPUjdRNUtNV0MyWElXUlJSQzRNWlVEQ1BZRzNVTUFJV0RSWDZNMk1GRFk1U1I2SFFBQU1ISkEiLCJ0eXBlIjoiYWNjb3VudCIsIm5hdHMiOnsiaW1wb3J0cyI6W3sibmFtZSI6InRlc3QiLCJzdWJqZWN0IjoidGVzdCIsImFjY291bnQiOiJBQTNOWFRIVFhPSENUUElCS0VESE5BWUFISjRDTzdFUkNPSkZZQ1hPWFZFT1BaVE1XNTVXWDMyWiIsInRvIjoidGVzdCIsInR5cGUiOiJzZXJ2aWNlIn1dLCJsaW1pdHMiOnsic3VicyI6LTEsImNvbm4iOi0xLCJsZWFmIjotMSwiaW1wb3J0cyI6LTEsImV4cG9ydHMiOi0xLCJkYXRhIjotMSwicGF5bG9hZCI6LTEsIndpbGRjYXJkcyI6dHJ1ZX19fQ.r5p_sGt_hmDfWWIJGrLodAM8VfXPeUzsbRtzrMTBGGkcLdi4jqAHXRu09CmFISEzX2VKeGuOonGuAMOFotvICg + } diff --git a/charts/kubezero-mq/charts/nats/deploy2.yaml b/charts/kubezero-mq/charts/nats/deploy2.yaml new file mode 100644 index 0000000..380ff6b --- /dev/null +++ b/charts/kubezero-mq/charts/nats/deploy2.yaml @@ -0,0 +1,9 @@ + +# Setup memory preload config. +auth: + enabled: true + resolver: + type: memory + configMap: + name: nats-accounts + key: resolver.conf diff --git a/charts/kubezero-mq/charts/nats/foo.conf b/charts/kubezero-mq/charts/nats/foo.conf new file mode 100644 index 0000000..e69de29 diff --git a/charts/kubezero-mq/charts/nats/foo.dhall b/charts/kubezero-mq/charts/nats/foo.dhall new file mode 100644 index 0000000..86f3644 --- /dev/null +++ b/charts/kubezero-mq/charts/nats/foo.dhall @@ -0,0 +1,9 @@ + +let accounts = ./accounts.conf as Text + +in +'' +port: 4222 + +${accounts} +'' diff --git a/charts/kubezero-mq/charts/nats/resolver.conf b/charts/kubezero-mq/charts/nats/resolver.conf new file mode 100644 index 0000000..5f09ef2 --- /dev/null +++ b/charts/kubezero-mq/charts/nats/resolver.conf @@ -0,0 +1,21 @@ +// Operator "KO" +operator: eyJ0eXAiOiJqd3QiLCJhbGciOiJlZDI1NTE5In0.eyJqdGkiOiJKS0E2U0pKUUVOTFpYVDJEWTRWNE00UDZXUFRVUlhIQzNMU1pJWEZWRlFGV0I3U0tKVk9BIiwiaWF0IjoxNTgzODIyNjYwLCJpc3MiOiJPQkZCSEMzVTVXVVRFTVpKTzNYN0hZWTJCNjNQWUpQT0RYS0FWWUdHU0VNQTczTEtGTVg0TEYyQSIsIm5hbWUiOiJLTyIsInN1YiI6Ik9CRkJIQzNVNVdVVEVNWkpPM1g3SFlZMkI2M1BZSlBPRFhLQVZZR0dTRU1BNzNMS0ZNWDRMRjJBIiwidHlwZSI6Im9wZXJhdG9yIiwibmF0cyI6e319.60YToJe3Dz9OZES80jYXVgg7uCB1c3BsX6HglA8tsKKRe-Br3pMpn9yUPUujjB61MGqnA7Zmbx8qWnoj8CkuCw + +system_account: ABL65FFQWUDHHTGMGRFVVSQDBAWHGEJ2CDRCMGBFV6SB4MLKFSUPN7GP + +resolver: MEMORY + +resolver_preload: { + // Account "B" + AAIJAGRSL2KCEPTRBP6DJCTAMSNOUXRILLZXIY6CTZ4GR27ISCZOP6QH: eyJ0eXAiOiJqd3QiLCJhbGciOiJlZDI1NTE5In0.eyJqdGkiOiJEVTdWV1BXQUtBSVdNNkhNUElDNE43TVRGTFEyV01JUFhFVU5aNVEzRE1YSTRKVkpLQU1BIiwiaWF0IjoxNTgzODIyNjYwLCJpc3MiOiJPQkZCSEMzVTVXVVRFTVpKTzNYN0hZWTJCNjNQWUpQT0RYS0FWWUdHU0VNQTczTEtGTVg0TEYyQSIsIm5hbWUiOiJCIiwic3ViIjoiQUFJSkFHUlNMMktDRVBUUkJQNkRKQ1RBTVNOT1VYUklMTFpYSVk2Q1RaNEdSMjdJU0NaT1A2UUgiLCJ0eXBlIjoiYWNjb3VudCIsIm5hdHMiOnsiaW1wb3J0cyI6W3sibmFtZSI6InRlc3QiLCJzdWJqZWN0IjoidGVzdCIsImFjY291bnQiOiJBQlhXNU9aV09LSzUzWDNWNUhSVkdPMlJXTlVUU1NQSU1HVDZORU9SMjNBQzRNTk1QTlFTUTZWTCIsInRvIjoidGVzdCIsInR5cGUiOiJzZXJ2aWNlIn1dLCJsaW1pdHMiOnsic3VicyI6LTEsImNvbm4iOi0xLCJsZWFmIjotMSwiaW1wb3J0cyI6LTEsImV4cG9ydHMiOi0xLCJkYXRhIjotMSwicGF5bG9hZCI6LTEsIndpbGRjYXJkcyI6dHJ1ZX19fQ.VLv3U7k8jJaIcGpDYXo0XQCYNVMNQd2PHVUOXGMvCU8ifiYpkaRJ4G0UXZHqlQl_0g3M_LEtJw0K-4HwgOeIAA + + // Account "SYS" + ABL65FFQWUDHHTGMGRFVVSQDBAWHGEJ2CDRCMGBFV6SB4MLKFSUPN7GP: eyJ0eXAiOiJqd3QiLCJhbGciOiJlZDI1NTE5In0.eyJqdGkiOiJPSUpENkozTjdCVk0zSEY0M0NCTUhLMllUNlpXTlFCWkZBRzQ0VE5RSFA3SlVZT0hZR0dRIiwiaWF0IjoxNTgzODIyNjYwLCJpc3MiOiJPQkZCSEMzVTVXVVRFTVpKTzNYN0hZWTJCNjNQWUpQT0RYS0FWWUdHU0VNQTczTEtGTVg0TEYyQSIsIm5hbWUiOiJTWVMiLCJzdWIiOiJBQkw2NUZGUVdVREhIVEdNR1JGVlZTUURCQVdIR0VKMkNEUkNNR0JGVjZTQjRNTEtGU1VQTjdHUCIsInR5cGUiOiJhY2NvdW50IiwibmF0cyI6eyJsaW1pdHMiOnsic3VicyI6LTEsImNvbm4iOi0xLCJsZWFmIjotMSwiaW1wb3J0cyI6LTEsImV4cG9ydHMiOi0xLCJkYXRhIjotMSwicGF5bG9hZCI6LTEsIndpbGRjYXJkcyI6dHJ1ZX19fQ.Jei8psto5h35bFn4y1Unsk0Noh6MYJxkB8Hs-nnLuUBrkTppSwukEkM_ufNGA_lxsmPki3zBf8y6rsQ13Ec5AA + + // Account "A" + ABXW5OZWOKK53X3V5HRVGO2RWNUTSSPIMGT6NEOR23AC4MNMPNQSQ6VL: eyJ0eXAiOiJqd3QiLCJhbGciOiJlZDI1NTE5In0.eyJqdGkiOiJSRFNRTE9GT0gzRUoyUUNLSkkyUEJXNkxLMllUVFJDUUdGV0tJRFJJRVRVMzZTT0RPT1FRIiwiaWF0IjoxNTgzODIyNjYwLCJpc3MiOiJPQkZCSEMzVTVXVVRFTVpKTzNYN0hZWTJCNjNQWUpQT0RYS0FWWUdHU0VNQTczTEtGTVg0TEYyQSIsIm5hbWUiOiJBIiwic3ViIjoiQUJYVzVPWldPS0s1M1gzVjVIUlZHTzJSV05VVFNTUElNR1Q2TkVPUjIzQUM0TU5NUE5RU1E2VkwiLCJ0eXBlIjoiYWNjb3VudCIsIm5hdHMiOnsiZXhwb3J0cyI6W3sibmFtZSI6InRlc3QiLCJzdWJqZWN0IjoidGVzdCIsInR5cGUiOiJzZXJ2aWNlIiwicmVzcG9uc2VfdHlwZSI6IlNpbmdsZXRvbiIsInNlcnZpY2VfbGF0ZW5jeSI6eyJzYW1wbGluZyI6MTAwLCJyZXN1bHRzIjoibGF0ZW5jeS5vbi50ZXN0In19XSwibGltaXRzIjp7InN1YnMiOi0xLCJjb25uIjotMSwibGVhZiI6LTEsImltcG9ydHMiOi0xLCJleHBvcnRzIjotMSwiZGF0YSI6LTEsInBheWxvYWQiOi0xLCJ3aWxkY2FyZHMiOnRydWV9fX0.lJfHHkbXeEf6DbHFju0zktCjWL0kgll17BdYJl6f2hcZxbUtiyf3H1mGfrzELgCuEO7p8X11UpRVy_eTQfnGAA + + // Account "STAN" + ACLSVE2AZYTXOBIJXOV5XHAIIM7KLL777F7GAEWW5W5P4IAR2VZJSGID: eyJ0eXAiOiJqd3QiLCJhbGciOiJlZDI1NTE5In0.eyJqdGkiOiJJT1ZPSFBPV1hJRDI2U1JYVEJQTTVUQlVKWDJRU0FSSTJMQjJTM09aRFpMU0paS1BOVU9BIiwiaWF0IjoxNTgzODIyNjYwLCJpc3MiOiJPQkZCSEMzVTVXVVRFTVpKTzNYN0hZWTJCNjNQWUpQT0RYS0FWWUdHU0VNQTczTEtGTVg0TEYyQSIsIm5hbWUiOiJTVEFOIiwic3ViIjoiQUNMU1ZFMkFaWVRYT0JJSlhPVjVYSEFJSU03S0xMNzc3RjdHQUVXVzVXNVA0SUFSMlZaSlNHSUQiLCJ0eXBlIjoiYWNjb3VudCIsIm5hdHMiOnsibGltaXRzIjp7InN1YnMiOi0xLCJjb25uIjotMSwibGVhZiI6LTEsImltcG9ydHMiOi0xLCJleHBvcnRzIjotMSwiZGF0YSI6LTEsInBheWxvYWQiOi0xLCJ3aWxkY2FyZHMiOnRydWV9fX0.CE5_K9kAdAgxesJRiJYh3kK2f74_c7T3bNQhgfaXOMzI8X6VOWqn0_5gH9jOD0xzHXIYiUMwy7a4Ou63PizHCw + +} diff --git a/charts/kubezero-mq/charts/nats/templates/_helpers.tpl b/charts/kubezero-mq/charts/nats/templates/_helpers.tpl index 9a55091..df08753 100644 --- a/charts/kubezero-mq/charts/nats/templates/_helpers.tpl +++ b/charts/kubezero-mq/charts/nats/templates/_helpers.tpl @@ -31,6 +31,9 @@ Common labels */}} {{- define "nats.labels" -}} helm.sh/chart: {{ include "nats.chart" . }} +{{- range $name, $value := .Values.commonLabels }} +{{ $name }}: {{ $value }} +{{- end }} {{ include "nats.selectorLabels" . }} {{- if .Chart.AppVersion }} app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} @@ -51,16 +54,16 @@ app.kubernetes.io/instance: {{ .Release.Name }} Return the proper NATS image name */}} {{- define "nats.clusterAdvertise" -}} -{{- printf "$(POD_NAME).%s.$(POD_NAMESPACE).svc" (include "nats.fullname" . ) }} +{{- printf "$(POD_NAME).%s.$(POD_NAMESPACE).svc.%s." (include "nats.fullname" . ) $.Values.k8sClusterDomain }} {{- end }} {{/* Return the NATS cluster routes. */}} {{- define "nats.clusterRoutes" -}} -{{- $name := default .Release.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} +{{- $name := (include "nats.fullname" . ) -}} {{- range $i, $e := until (.Values.cluster.replicas | int) -}} -{{- printf "nats://%s-%d.%s.%s.svc:6222," $name $i $name $.Release.Namespace -}} +{{- printf "nats://%s-%d.%s.%s.svc.%s.:6222," $name $i $name $.Release.Namespace $.Values.k8sClusterDomain -}} {{- end -}} {{- end }} @@ -92,4 +95,4 @@ tls { timeout: {{ .timeout }} {{- end }} } -{{- end }} \ No newline at end of file +{{- end }} diff --git a/charts/kubezero-mq/charts/nats/templates/_mem_resolver.yaml b/charts/kubezero-mq/charts/nats/templates/_mem_resolver.yaml new file mode 100644 index 0000000..c58134c --- /dev/null +++ b/charts/kubezero-mq/charts/nats/templates/_mem_resolver.yaml @@ -0,0 +1,15 @@ +{{- if .Values.auth.enabled }} +{{- if eq .Values.auth.resolver.type "memory" }} +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ template "nats.name" . }}-accounts + labels: + app: {{ template "nats.name" . }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} +data: + accounts.conf: |- + {{- .Files.Get "accounts.conf" | indent 6 }} +{{- end }} +{{- end }} diff --git a/charts/kubezero-mq/charts/nats/templates/configmap.yaml b/charts/kubezero-mq/charts/nats/templates/configmap.yaml index 0c7d797..1e6b44c 100644 --- a/charts/kubezero-mq/charts/nats/templates/configmap.yaml +++ b/charts/kubezero-mq/charts/nats/templates/configmap.yaml @@ -3,6 +3,7 @@ apiVersion: v1 kind: ConfigMap metadata: name: {{ include "nats.fullname" . }}-config + namespace: {{ .Release.Namespace | quote }} labels: {{- include "nats.labels" . | nindent 4 }} data: @@ -44,8 +45,8 @@ data: {{- if .Values.nats.jetstream.fileStorage.enabled }} store_dir: {{ .Values.nats.jetstream.fileStorage.storageDirectory }} - - max_file: + + max_file: {{- if .Values.nats.jetstream.fileStorage.existingClaim }} {{- .Values.nats.jetstream.fileStorage.claimStorageSize }} {{- else }} @@ -55,6 +56,29 @@ data: {{- end }} } {{- end }} + {{- if .Values.mqtt.enabled }} + ################################### + # # + # NATS MQTT # + # # + ################################### + mqtt { + port: 1883 + + {{- with .Values.mqtt.tls }} + {{- $mqtt_tls := merge (dict) . }} + {{- $_ := set $mqtt_tls "secretPath" "/etc/nats-certs/mqtt" }} + {{- include "nats.tlsConfig" $mqtt_tls | nindent 6}} + {{- end }} + + {{- if .Values.mqtt.noAuthUser }} + no_auth_user: {{ .Values.mqtt.noAuthUser | quote }} + {{- end }} + + ack_wait: {{ .Values.mqtt.ackWait | quote }} + max_ack_pending: {{ .Values.mqtt.maxAckPending }} + } + {{- end }} {{- if .Values.cluster.enabled }} ################################### @@ -83,12 +107,26 @@ data: {{- include "nats.tlsConfig" $cluster_tls | nindent 6}} {{- end }} + {{- if .Values.cluster.authorization }} + authorization { + {{- with .Values.cluster.authorization.user }} + user: {{ . }} + {{- end }} + {{- with .Values.cluster.authorization.password }} + password: {{ . }} + {{- end }} + {{- with .Values.cluster.authorization.timeout }} + timeout: {{ . }} + {{- end }} + } + {{- end }} + routes = [ {{ include "nats.clusterRoutes" . }} ] cluster_advertise: $CLUSTER_ADVERTISE - {{- with .Values.cluster.noAdvertise }} + {{- with .Values.cluster.noAdvertise }} no_advertise: {{ . }} {{- end }} @@ -101,7 +139,7 @@ data: {{- end }} {{- if or .Values.leafnodes.enabled .Values.leafnodes.remotes }} - ################# + ################# # # # NATS Leafnode # # # @@ -115,7 +153,7 @@ data: include "advertise/gateway_advertise.conf" {{ end }} - {{- with .Values.leafnodes.noAdvertise }} + {{- with .Values.leafnodes.noAdvertise }} no_advertise: {{ . }} {{- end }} @@ -135,6 +173,23 @@ data: {{- with .credentials }} credentials: "/etc/nats-creds/{{ .secret.name }}/{{ .secret.key }}" {{- end }} + + {{- with .tls }} + {{ $secretName := .secret.name }} + tls: { + {{- with .cert }} + cert_file: /etc/nats-certs/leafnodes/{{ $secretName }}/{{ . }} + {{- end }} + + {{- with .key }} + key_file: /etc/nats-certs/leafnodes/{{ $secretName }}/{{ . }} + {{- end }} + + {{- with .ca }} + ca_file: /etc/nats-certs/leafnodes/{{ $secretName }}/{{ . }} + {{- end }} + } + {{- end }} } {{- end }} ] @@ -142,7 +197,7 @@ data: {{ end }} {{- if .Values.gateway.enabled }} - ################# + ################# # # # NATS Gateways # # # @@ -236,7 +291,7 @@ data: # Websocket # # # ################## - ws { + websocket { port: {{ .Values.websocket.port }} {{- if .Values.websocket.tls }} {{ $secretName := .secret.name }} @@ -328,6 +383,12 @@ data: } {{- end }} + {{- if .token }} + authorization { + token: "{{ .token }}" + } + {{- end }} + {{- with .accounts }} accounts: {{- toRawJson . }} {{- end }} diff --git a/charts/kubezero-mq/charts/nats/templates/nats-box.yaml b/charts/kubezero-mq/charts/nats/templates/nats-box.yaml index 60e61d1..c0a510d 100644 --- a/charts/kubezero-mq/charts/nats/templates/nats-box.yaml +++ b/charts/kubezero-mq/charts/nats/templates/nats-box.yaml @@ -4,6 +4,7 @@ apiVersion: apps/v1 kind: Deployment metadata: name: {{ include "nats.fullname" . }}-box + namespace: {{ .Release.Namespace | quote }} labels: app: {{ include "nats.fullname" . }}-box chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} @@ -16,7 +17,17 @@ spec: metadata: labels: app: {{ include "nats.fullname" . }}-box + {{- if .Values.natsbox.podAnnotations }} + annotations: + {{- range $key, $value := .Values.natsbox.podAnnotations }} + {{ $key }}: {{ $value | quote }} + {{- end }} + {{- end }} spec: + {{- with .Values.natsbox.affinity }} + affinity: + {{- tpl (toYaml .) $ | nindent 8 }} + {{- end }} volumes: {{- if .Values.natsbox.credentials }} - name: nats-sys-creds @@ -29,11 +40,16 @@ spec: secret: secretName: {{ $secretName }} {{- end }} - + {{- with .Values.imagePullSecrets }} + imagePullSecrets: + {{- toYaml . | nindent 8 }} + {{- end }} containers: - name: nats-box image: {{ .Values.natsbox.image }} imagePullPolicy: {{ .Values.natsbox.pullPolicy }} + resources: + {{- toYaml .Values.natsbox.resources | nindent 10 }} env: - name: NATS_URL value: {{ template "nats.fullname" . }} @@ -72,4 +88,8 @@ spec: - name: {{ $secretName }}-clients-volume mountPath: /etc/nats-certs/clients/{{ $secretName }} {{- end }} +{{- with .Values.securityContext }} + securityContext: +{{ toYaml . | indent 8 }} +{{- end }} {{- end }} diff --git a/charts/kubezero-mq/charts/nats/templates/pdb.yaml b/charts/kubezero-mq/charts/nats/templates/pdb.yaml index f901734..b08d782 100644 --- a/charts/kubezero-mq/charts/nats/templates/pdb.yaml +++ b/charts/kubezero-mq/charts/nats/templates/pdb.yaml @@ -5,6 +5,7 @@ kind: PodDisruptionBudget metadata: labels: name: {{ include "nats.fullname" . }} + namespace: {{ .Release.Namespace | quote }} labels: {{- include "nats.labels" . | nindent 4 }} spec: diff --git a/charts/kubezero-mq/charts/nats/templates/service.yaml b/charts/kubezero-mq/charts/nats/templates/service.yaml index f165b4e..b38ffcb 100644 --- a/charts/kubezero-mq/charts/nats/templates/service.yaml +++ b/charts/kubezero-mq/charts/nats/templates/service.yaml @@ -3,6 +3,7 @@ apiVersion: v1 kind: Service metadata: name: {{ include "nats.fullname" . }} + namespace: {{ .Release.Namespace | quote }} labels: {{- include "nats.labels" . | nindent 4 }} {{- if .Values.serviceAnnotations}} @@ -23,16 +24,44 @@ spec: {{- if .Values.websocket.enabled }} - name: websocket port: {{ .Values.websocket.port }} + {{- if .Values.appProtocol.enabled }} + appProtocol: tcp + {{- end }} {{- end }} - name: client port: 4222 + {{- if .Values.appProtocol.enabled }} + appProtocol: tcp + {{- end }} - name: cluster port: 6222 + {{- if .Values.appProtocol.enabled }} + appProtocol: tcp + {{- end }} - name: monitor port: 8222 + {{- if .Values.appProtocol.enabled }} + appProtocol: http + {{- end }} - name: metrics port: 7777 + {{- if .Values.appProtocol.enabled }} + appProtocol: http + {{- end }} - name: leafnodes port: 7422 + {{- if .Values.appProtocol.enabled }} + appProtocol: tcp + {{- end }} - name: gateways port: 7522 + {{- if .Values.appProtocol.enabled }} + appProtocol: tcp + {{- end }} + {{- if .Values.mqtt.enabled }} + - name: mqtt + port: 1883 + {{- if .Values.appProtocol.enabled }} + appProtocol: tcp + {{- end }} + {{- end }} diff --git a/charts/kubezero-mq/charts/nats/templates/statefulset.yaml b/charts/kubezero-mq/charts/nats/templates/statefulset.yaml index 3159c74..0c6a340 100644 --- a/charts/kubezero-mq/charts/nats/templates/statefulset.yaml +++ b/charts/kubezero-mq/charts/nats/templates/statefulset.yaml @@ -3,14 +3,15 @@ apiVersion: apps/v1 kind: StatefulSet metadata: name: {{ include "nats.fullname" . }} + namespace: {{ .Release.Namespace | quote }} labels: {{- include "nats.labels" . | nindent 4 }} {{- if .Values.statefulSetAnnotations}} - annotations: - {{- range $key, $value := .Values.statefulSetAnnotations }} - {{ $key }}: {{ $value | quote }} - {{- end }} - {{- end }} + annotations: + {{- range $key, $value := .Values.statefulSetAnnotations }} + {{ $key }}: {{ $value | quote }} + {{- end }} + {{- end }} spec: selector: matchLabels: @@ -115,6 +116,12 @@ spec: secret: secretName: {{ $secretName }} {{- end }} + {{- with .Values.mqtt.tls }} + {{ $secretName := .secret.name }} + - name: {{ $secretName }}-mqtt-volume + secret: + secretName: {{ $secretName }} + {{- end }} {{- with .Values.cluster.tls }} {{ $secretName := .secret.name }} - name: {{ $secretName }}-cluster-volume @@ -140,9 +147,9 @@ spec: secretName: {{ $secretName }} {{- end }} {{- if .Values.leafnodes.enabled }} - # + # # Leafnode credential volumes - # + # {{- range .Values.leafnodes.remotes }} {{- with .credentials }} - name: {{ .secret.name }}-volume @@ -182,6 +189,8 @@ spec: fieldPath: spec.nodeName image: {{ .Values.bootconfig.image }} imagePullPolicy: {{ .Values.bootconfig.pullPolicy }} + resources: + {{- toYaml .Values.bootconfig.resources | nindent 10 }} volumeMounts: - mountPath: /etc/nats-config/advertise name: advertiseconfig @@ -222,6 +231,13 @@ spec: name: monitor - containerPort: 7777 name: metrics + {{- if .Values.mqtt.enabled }} + - containerPort: 1883 + name: mqtt + {{- if .Values.nats.externalAccess }} + hostPort: 1883 + {{- end }} + {{- end }} {{- if .Values.websocket.enabled }} - containerPort: {{ .Values.websocket.port }} name: websocket @@ -297,6 +313,11 @@ spec: - name: {{ $secretName }}-clients-volume mountPath: /etc/nats-certs/clients/{{ $secretName }} {{- end }} + {{- with .Values.mqtt.tls }} + {{ $secretName := .secret.name }} + - name: {{ $secretName }}-mqtt-volume + mountPath: /etc/nats-certs/mqtt/{{ $secretName }} + {{- end }} {{- with .Values.cluster.tls }} {{ $secretName := .secret.name }} - name: {{ $secretName }}-cluster-volume @@ -320,9 +341,9 @@ spec: {{- end }} {{- if .Values.leafnodes.enabled }} - # + # # Leafnode credential volumes - # + # {{- range .Values.leafnodes.remotes }} {{- with .credentials }} - name: {{ .secret.name }}-volume @@ -369,6 +390,8 @@ spec: - name: reloader image: {{ .Values.reloader.image }} imagePullPolicy: {{ .Values.reloader.pullPolicy }} + resources: + {{- toYaml .Values.reloader.resources | nindent 10 }} command: - "nats-server-config-reloader" - "-pid" @@ -391,6 +414,8 @@ spec: - name: metrics image: {{ .Values.exporter.image }} imagePullPolicy: {{ .Values.exporter.pullPolicy }} + resources: + {{- toYaml .Values.exporter.resources | nindent 10 }} args: - -connz - -routez @@ -398,6 +423,9 @@ spec: - -varz - -prefix=nats - -use_internal_server_id + {{- if .Values.nats.jetstream.enabled }} + - -jsz=all + {{- end }} - http://localhost:8222/ ports: - containerPort: 7777 @@ -415,7 +443,7 @@ spec: - metadata: name: nats-jwt-pvc spec: - accessModes: + accessModes: - ReadWriteOnce resources: requests: diff --git a/charts/kubezero-mq/charts/nats/values.yaml b/charts/kubezero-mq/charts/nats/values.yaml index 9121e81..ff8b453 100644 --- a/charts/kubezero-mq/charts/nats/values.yaml +++ b/charts/kubezero-mq/charts/nats/values.yaml @@ -4,7 +4,7 @@ # # ############################### nats: - image: nats:2.1.9-alpine3.12 + image: nats:2.3.2-alpine pullPolicy: IfNotPresent # Toggle whether to enable external access. @@ -32,24 +32,24 @@ nats: # Server settings. limits: - maxConnections: - maxSubscriptions: - maxControlLine: - maxPayload: + maxConnections: + maxSubscriptions: + maxControlLine: + maxPayload: - writeDeadline: - maxPending: - maxPings: - lameDuckDuration: + writeDeadline: + maxPending: + maxPings: + lameDuckDuration: terminationGracePeriodSeconds: 60 logging: - debug: - trace: - logtime: - connectErrorReports: - reconnectErrorReports: + debug: + trace: + logtime: + connectErrorReports: + reconnectErrorReports: jetstream: enabled: false @@ -75,7 +75,7 @@ nats: # Set for use with existing PVC # existingClaim: jetstream-pvc # claimStorageSize: 1Gi - + # Use below block to create new persistent volume # only used if existingClaim is not specified size: 1Gi @@ -90,11 +90,11 @@ nats: # TLS Configuration # # # ####################### - # + # # # You can find more on how to setup and trouble shoot TLS connnections at: - # + # # # https://docs.nats.io/nats-server/configuration/securing_nats/tls - # + # # tls: # secret: @@ -103,13 +103,39 @@ nats: # cert: "tls.crt" # key: "tls.key" +mqtt: + enabled: false + ackWait: 1m + maxAckPending: 100 + + ####################### + # # + # TLS Configuration # + # # + ####################### + # + # # You can find more on how to setup and trouble shoot TLS connnections at: + # + # # https://docs.nats.io/nats-server/configuration/securing_nats/tls + # + + # + # tls: + # secret: + # name: nats-mqtt-tls + # ca: "ca.crt" + # cert: "tls.crt" + # key: "tls.key" + nameOverride: "" +# An array of imagePullSecrets, and they have to be created manually in the same namespace +# ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ imagePullSecrets: [] # Toggle whether to use setup a Pod Security Context # ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ securityContext: {} -# securityContext: +# securityContext: # fsGroup: 1000 # runAsUser: 1000 # runAsNonRoot: true @@ -154,6 +180,10 @@ cluster: enabled: false replicas: 3 noAdvertise: false + # authorization: + # user: foo + # password: pwd + # timeout: 0.5 # Leafnode connections to extend a cluster: # @@ -170,11 +200,11 @@ leafnodes: # TLS Configuration # # # ####################### - # + # # # You can find more on how to setup and trouble shoot TLS connnections at: - # + # # # https://docs.nats.io/nats-server/configuration/securing_nats/tls - # + # # # tls: @@ -206,9 +236,9 @@ gateway: # TLS Configuration # # # ####################### - # + # # # You can find more on how to setup and trouble shoot TLS connnections at: - # + # # # https://docs.nats.io/nats-server/configuration/securing_nats/tls # # tls: @@ -217,39 +247,54 @@ gateway: # ca: "ca.crt" # cert: "tls.crt" # key: "tls.key" - + # In case of both external access and advertisements being # enabled, an initializer container will be used to gather # the public ips. bootconfig: - image: connecteverything/nats-boot-config:0.5.2 + image: natsio/nats-boot-config:0.5.3 pullPolicy: IfNotPresent # NATS Box # # https://github.com/nats-io/nats-box -# +# natsbox: enabled: true - image: synadia/nats-box:0.4.0 + image: natsio/nats-box:0.6.0 pullPolicy: IfNotPresent + # An array of imagePullSecrets, and they have to be created manually in the same namespace + # ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ + imagePullSecrets: [] + # - name: dockerhub + # credentials: # secret: # name: nats-sys-creds # key: sys.creds + # Annotations to add to the box pods + # ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/ + podAnnotations: {} + # key: "value" + + # Affinity for nats box pod assignment + # ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity + affinity: {} + # The NATS config reloader image to use. reloader: enabled: true - image: connecteverything/nats-server-config-reloader:0.6.0 + image: natsio/nats-server-config-reloader:0.6.1 pullPolicy: IfNotPresent # Prometheus NATS Exporter configuration. exporter: enabled: true - image: synadia/prometheus-nats-exporter:0.5.0 + image: natsio/prometheus-nats-exporter:0.8.0 pullPolicy: IfNotPresent + resources: {} # Prometheus operator ServiceMonitor support. Exporter has to be enabled serviceMonitor: enabled: false @@ -282,6 +327,9 @@ auth: # name: operator-jwt # key: KO.jwt + # Token authentication + # token: + # Public key of the System Account # systemAccount: @@ -300,15 +348,15 @@ auth: allowDelete: false # Interval at which a nats-server with a nats based account resolver will compare - # it's state with one random nats based account resolver in the cluster and if needed, + # it's state with one random nats based account resolver in the cluster and if needed, # exchange jwt and converge on the same set of jwt. interval: 2m # Operator JWT - operator: + operator: # System Account Public NKEY - systemAccount: + systemAccount: # resolverPreload: # : @@ -326,14 +374,14 @@ auth: # # ############################## # type: memory - # + # # Use a configmap reference which will be mounted # into the container. - # + # # configMap: # name: nats-accounts # key: resolver.conf - + ########################## # # # URL resolver settings # @@ -345,3 +393,13 @@ auth: websocket: enabled: false port: 443 + +appProtocol: + enabled: false + +# Cluster Domain configured on the kubelets +# https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/ +k8sClusterDomain: cluster.local + +# Add labels to all the deployed resources +commonLabels: {} diff --git a/charts/kubezero-mq/update.sh b/charts/kubezero-mq/update.sh index c875b71..37ff223 100755 --- a/charts/kubezero-mq/update.sh +++ b/charts/kubezero-mq/update.sh @@ -1,14 +1,10 @@ #!/bin/bash set -ex -### NATS +## NATS -# get latest chart until they have upstream repo fixed -rm -rf charts/nats && mkdir -p charts/nats - -git clone --depth=1 https://github.com/nats-io/k8s.git -cp -r k8s/helm/charts/nats/* charts/nats/ -rm -rf k8s +NATS_VERSION=0.8.4 +rm -rf charts/nats && curl -L -s -o - https://github.com/nats-io/k8s/releases/download/v$NATS_VERSION/nats-$NATS_VERSION.tgz | tar xfz - -C charts # Fetch dashboards ../kubezero-metrics/sync_grafana_dashboards.py dashboards-nats.yaml templates/nats/grafana-dashboards.yaml diff --git a/charts/kubezero-mq/values.yaml b/charts/kubezero-mq/values.yaml index 8f0ba34..ae0b0fb 100644 --- a/charts/kubezero-mq/values.yaml +++ b/charts/kubezero-mq/values.yaml @@ -3,8 +3,6 @@ nats: enabled: false nats: - image: nats:2.2.1-alpine3.13 - advertise: false jetstream: @@ -17,6 +15,9 @@ nats: serviceMonitor: enabled: false + mqtt: + enabled: false + # rabbitmq rabbitmq: enabled: false