diff --git a/charts/kubezero-mq/Chart.yaml b/charts/kubezero-mq/Chart.yaml index 3ffce92d..7894ff33 100644 --- a/charts/kubezero-mq/Chart.yaml +++ b/charts/kubezero-mq/Chart.yaml @@ -18,8 +18,8 @@ dependencies: version: ">= 0.1.6" repository: https://cdn.zero-downtime.net/charts/ - name: nats - version: 0.8.4 - #repository: https://nats-io.github.io/k8s/helm/charts/ + version: 1.2.2 + repository: https://nats-io.github.io/k8s/helm/charts/ condition: nats.enabled - name: rabbitmq version: 14.6.6 @@ -29,4 +29,4 @@ dependencies: version: 4.3.19 repository: https://charts.bitnami.com/bitnami condition: rabbitmq-cluster-operator.enabled -kubeVersion: ">= 1.25.0" +kubeVersion: ">= 1.26.0" diff --git a/charts/kubezero-mq/README.md b/charts/kubezero-mq/README.md index 53d4a057..d83bb941 100644 --- a/charts/kubezero-mq/README.md +++ b/charts/kubezero-mq/README.md @@ -1,6 +1,6 @@ # kubezero-mq -![Version: 0.3.5](https://img.shields.io/badge/Version-0.3.5-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) +![Version: 0.3.10](https://img.shields.io/badge/Version-0.3.10-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) KubeZero umbrella chart for MQ systems like NATS, RabbitMQ @@ -14,14 +14,14 @@ KubeZero umbrella chart for MQ systems like NATS, RabbitMQ ## Requirements -Kubernetes: `>= 1.20.0` +Kubernetes: `>= 1.25.0` | Repository | Name | Version | |------------|------|---------| -| | nats | 0.8.4 | | https://cdn.zero-downtime.net/charts/ | kubezero-lib | >= 0.1.6 | -| https://charts.bitnami.com/bitnami | rabbitmq | 11.3.2 | -| https://charts.bitnami.com/bitnami | rabbitmq-cluster-operator | 3.1.4 | +| https://charts.bitnami.com/bitnami | rabbitmq | 14.6.6 | +| https://charts.bitnami.com/bitnami | rabbitmq-cluster-operator | 4.3.19 | +| https://nats-io.github.io/k8s/helm/charts/ | nats | 1.2.2 | ## Values @@ -64,7 +64,7 @@ Kubernetes: `>= 1.20.0` | rabbitmq.podAntiAffinityPreset | string | `""` | | | rabbitmq.replicaCount | int | `1` | | | rabbitmq.resources.requests.cpu | string | `"100m"` | | -| rabbitmq.resources.requests.memory | string | `"256Mi"` | | +| rabbitmq.resources.requests.memory | string | `"512Mi"` | | | rabbitmq.topologySpreadConstraints | string | `"- maxSkew: 1\n topologyKey: topology.kubernetes.io/zone\n whenUnsatisfiable: DoNotSchedule\n labelSelector:\n matchLabels: {{- include \"common.labels.matchLabels\" . | nindent 6 }}\n- maxSkew: 1\n topologyKey: kubernetes.io/hostname\n whenUnsatisfiable: DoNotSchedule\n labelSelector:\n matchLabels: {{- include \"common.labels.matchLabels\" . | nindent 6 }}"` | | | rabbitmq.ulimitNofiles | string | `""` | | diff --git a/charts/kubezero-mq/charts/nats/.helmignore b/charts/kubezero-mq/charts/nats/.helmignore deleted file mode 100644 index 50af0317..00000000 --- a/charts/kubezero-mq/charts/nats/.helmignore +++ /dev/null @@ -1,22 +0,0 @@ -# Patterns to ignore when building packages. -# This supports shell glob matching, relative path matching, and -# negation (prefixed with !). Only one pattern per line. -.DS_Store -# Common VCS dirs -.git/ -.gitignore -.bzr/ -.bzrignore -.hg/ -.hgignore -.svn/ -# Common backup files -*.swp -*.bak -*.tmp -*~ -# Various IDEs -.project -.idea/ -*.tmproj -.vscode/ diff --git a/charts/kubezero-mq/charts/nats/Chart.yaml b/charts/kubezero-mq/charts/nats/Chart.yaml deleted file mode 100644 index f17a122b..00000000 --- a/charts/kubezero-mq/charts/nats/Chart.yaml +++ /dev/null @@ -1,19 +0,0 @@ -apiVersion: v2 -appVersion: 2.3.2 -description: A Helm chart for the NATS.io High Speed Cloud Native Distributed Communications - Technology. -home: http://github.com/nats-io/k8s -icon: https://nats.io/img/nats-icon-color.png -keywords: -- nats -- messaging -- cncf -maintainers: -- email: wally@nats.io - name: Waldemar Quevedo -- email: colin@nats.io - name: Colin Sullivan -- email: jaime@nats.io - name: Jaime PiƱa -name: nats -version: 0.8.4 diff --git a/charts/kubezero-mq/charts/nats/README.md b/charts/kubezero-mq/charts/nats/README.md deleted file mode 100644 index 1107176e..00000000 --- a/charts/kubezero-mq/charts/nats/README.md +++ /dev/null @@ -1,596 +0,0 @@ -# NATS Server - -[NATS](https://nats.io) is a simple, secure and performant communications system for digital systems, services and devices. NATS is part of the Cloud Native Computing Foundation ([CNCF](https://cncf.io)). NATS has over [30 client language implementations](https://nats.io/download/), and its server can run on-premise, in the cloud, at the edge, and even on a Raspberry Pi. NATS can secure and simplify design and operation of modern distributed systems. - -## TL;DR; - -```console -helm repo add nats https://nats-io.github.io/k8s/helm/charts/ -helm install my-nats nats/nats -``` - -## Configuration - -### Server Image - -```yaml -nats: - image: nats:2.1.7-alpine3.11 - pullPolicy: IfNotPresent -``` - -### Limits - -```yaml -nats: - # The number of connect attempts against discovered routes. - connectRetries: 30 - - # How many seconds should pass before sending a PING - # to a client that has no activity. - pingInterval: - - # Server settings. - limits: - maxConnections: - maxSubscriptions: - maxControlLine: - maxPayload: - - writeDeadline: - maxPending: - maxPings: - lameDuckDuration: - - # Number of seconds to wait for client connections to end after the pod termination is requested - terminationGracePeriodSeconds: 60 -``` - -### Logging - -*Note*: It is not recommended to enable trace or debug in production since enabling it will significantly degrade performance. - -```yaml -nats: - logging: - debug: - trace: - logtime: - connectErrorReports: - reconnectErrorReports: -``` - -### TLS setup for client connections - -You can find more on how to setup and trouble shoot TLS connnections at: -https://docs.nats.io/nats-server/configuration/securing_nats/tls - -```yaml -nats: - tls: - secret: - name: nats-client-tls - ca: "ca.crt" - cert: "tls.crt" - key: "tls.key" -``` - -## Clustering - -If clustering is enabled, then a 3-node cluster will be setup. More info at: -https://docs.nats.io/nats-server/configuration/clustering#nats-server-clustering - -```yaml -cluster: - enabled: true - replicas: 3 - - tls: - secret: - name: nats-server-tls - ca: "ca.crt" - cert: "tls.crt" - key: "tls.key" -``` - -Example: - -```sh -$ helm install nats nats/nats --set cluster.enabled=true -``` - -## Leafnodes - -Leafnode connections to extend a cluster. More info at: -https://docs.nats.io/nats-server/configuration/leafnodes - -```yaml -leafnodes: - enabled: true - remotes: - - url: "tls://connect.ngs.global:7422" - # credentials: - # secret: - # name: leafnode-creds - # key: TA.creds - # tls: - # secret: - # name: nats-leafnode-tls - # ca: "ca.crt" - # cert: "tls.crt" - # key: "tls.key" - - ####################### - # # - # TLS Configuration # - # # - ####################### - # - # # You can find more on how to setup and trouble shoot TLS connnections at: - # - # # https://docs.nats.io/nats-server/configuration/securing_nats/tls - # - tls: - secret: - name: nats-client-tls - ca: "ca.crt" - cert: "tls.crt" - key: "tls.key" -``` - -## Setting up External Access - -### Using HostPorts - -In case of both external access and advertisements being enabled, an -initializer container will be used to gather the public ips. This -container will required to have enough RBAC policy to be able to make a -look up of the public ip of the node where it is running. - -For example, to setup external access for a cluster and advertise the public ip to clients: - -```yaml -nats: - # Toggle whether to enable external access. - # This binds a host port for clients, gateways and leafnodes. - externalAccess: true - - # Toggle to disable client advertisements (connect_urls), - # in case of running behind a load balancer (which is not recommended) - # it might be required to disable advertisements. - advertise: true - - # In case both external access and advertise are enabled - # then a service account would be required to be able to - # gather the public ip from a node. - serviceAccount: "nats-server" -``` - -Where the service account named `nats-server` has the following RBAC policy for example: - -```yaml ---- -apiVersion: v1 -kind: ServiceAccount -metadata: - name: nats-server - namespace: default ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: nats-server -rules: -- apiGroups: [""] - resources: - - nodes - verbs: ["get"] ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: nats-server-binding -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: nats-server -subjects: -- kind: ServiceAccount - name: nats-server - namespace: default -``` - -The container image of the initializer can be customized via: - -```yaml -bootconfig: - image: natsio/nats-boot-config:latest - pullPolicy: IfNotPresent -``` - -### Using LoadBalancers - -In case of using a load balancer for external access, it is recommended to disable no advertise -so that internal ips from the NATS Servers are not advertised to the clients connecting through -the load balancer. - -```yaml -nats: - image: nats:alpine - -cluster: - enabled: true - noAdvertise: true - -leafnodes: - enabled: true - noAdvertise: true - -natsbox: - enabled: true -``` - -Then could use an L4 enabled load balancer to connect to NATS, for example: - -```yaml -apiVersion: v1 -kind: Service -metadata: - name: nats-lb -spec: - type: LoadBalancer - selector: - app.kubernetes.io/name: nats - ports: - - protocol: TCP - port: 4222 - targetPort: 4222 - name: nats - - protocol: TCP - port: 7422 - targetPort: 7422 - name: leafnodes - - protocol: TCP - port: 7522 - targetPort: 7522 - name: gateways -``` - -## Gateways - -A super cluster can be formed by pointing to remote gateways. -You can find more about gateways in the NATS documentation: -https://docs.nats.io/nats-server/configuration/gateways - -```yaml -gateway: - enabled: false - name: 'default' - - ############################# - # # - # List of remote gateways # - # # - ############################# - # gateways: - # - name: other - # url: nats://my-gateway-url:7522 - - ####################### - # # - # TLS Configuration # - # # - ####################### - # - # # You can find more on how to setup and trouble shoot TLS connnections at: - # - # # https://docs.nats.io/nats-server/configuration/securing_nats/tls - # - # tls: - # secret: - # name: nats-client-tls - # ca: "ca.crt" - # cert: "tls.crt" - # key: "tls.key" -``` - -## Auth setup - -### Auth with a Memory Resolver - -```yaml -auth: - enabled: true - - # Reference to the Operator JWT. - operatorjwt: - configMap: - name: operator-jwt - key: KO.jwt - - # Public key of the System Account - systemAccount: - - resolver: - ############################ - # # - # Memory resolver settings # - # # - ############################## - type: memory - - # - # Use a configmap reference which will be mounted - # into the container. - # - configMap: - name: nats-accounts - key: resolver.conf -``` - -### Auth using an Account Server Resolver - -```yaml -auth: - enabled: true - - # Reference to the Operator JWT. - operatorjwt: - configMap: - name: operator-jwt - key: KO.jwt - - # Public key of the System Account - systemAccount: - - resolver: - ########################## - # # - # URL resolver settings # - # # - ########################## - type: URL - url: "http://nats-account-server:9090/jwt/v1/accounts/" -``` - -## JetStream - -### Setting up Memory and File Storage - -```yaml -nats: - image: nats:alpine - - jetstream: - enabled: true - - memStorage: - enabled: true - size: 2Gi - - fileStorage: - enabled: true - size: 1Gi - storageDirectory: /data/ - storageClassName: default -``` - -### Using with an existing PersistentVolumeClaim - -For example, given the following `PersistentVolumeClaim`: - -```yaml ---- -kind: PersistentVolumeClaim -apiVersion: v1 -metadata: - name: nats-js-disk - annotations: - volume.beta.kubernetes.io/storage-class: "default" -spec: - accessModes: - - ReadWriteOnce - resources: - requests: - storage: 3Gi -``` - -You can start JetStream so that one pod is bounded to it: - -```yaml -nats: - image: nats:alpine - - jetstream: - enabled: true - - fileStorage: - enabled: true - storageDirectory: /data/ - existingClaim: nats-js-disk - claimStorageSize: 3Gi -``` - -### Clustering example - -```yaml - -nats: - image: nats:alpine - - jetstream: - enabled: true - - memStorage: - enabled: true - size: "2Gi" - - fileStorage: - enabled: true - size: "1Gi" - storageDirectory: /data/ - storageClassName: default - -cluster: - enabled: true - # Cluster name is required, by default will be release name. - # name: "nats" - replicas: 3 -``` - -## Misc - -### NATS Box - -A lightweight container with NATS and NATS Streaming utilities that is deployed along the cluster to confirm the setup. -You can find the image at: https://github.com/nats-io/nats-box - -```yaml -natsbox: - enabled: true - image: nats:alpine - pullPolicy: IfNotPresent - - # credentials: - # secret: - # name: nats-sys-creds - # key: sys.creds -``` - -### Configuration Reload sidecar - -The NATS config reloader image to use: - -```yaml -reloader: - enabled: true - image: natsio/nats-server-config-reloader:latest - pullPolicy: IfNotPresent -``` - -### Prometheus Exporter sidecar - -You can toggle whether to start the sidecar that can be used to feed metrics to Prometheus: - -```yaml -exporter: - enabled: true - image: natsio/prometheus-nats-exporter:latest - pullPolicy: IfNotPresent -``` - -### Prometheus operator ServiceMonitor support - -You can enable prometheus operator ServiceMonitor: - -```yaml -exporter: - # You have to enable exporter first - enabled: true - serviceMonitor: - enabled: true - ## Specify the namespace where Prometheus Operator is running - # namespace: monitoring - # ... -``` - -### Pod Customizations - -#### Security Context - -```yaml - # Toggle whether to use setup a Pod Security Context - # ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ -securityContext: - fsGroup: 1000 - runAsUser: 1000 - runAsNonRoot: true -``` - -#### Affinity - - - -`matchExpressions` must be configured according to your setup - -```yaml -affinity: - nodeAffinity: - requiredDuringSchedulingIgnoredDuringExecution: - nodeSelectorTerms: - - matchExpressions: - - key: node.kubernetes.io/purpose - operator: In - values: - - nats - podAntiAffinity: - requiredDuringSchedulingIgnoredDuringExecution: - - labelSelector: - matchExpressions: - - key: app - operator: In - values: - - nats - - stan - topologyKey: "kubernetes.io/hostname" -``` - -#### Service topology - -[Service topology](https://kubernetes.io/docs/concepts/services-networking/service-topology/) is disabled by default, but can be enabled by setting `topologyKeys`. For example: - -```yaml -topologyKeys: - - "kubernetes.io/hostname" - - "topology.kubernetes.io/zone" - - "topology.kubernetes.io/region" -``` - -#### CPU/Memory Resource Requests/Limits -Sets the pods cpu/memory requests/limits - -```yaml -nats: - resources: - requests: - cpu: 2 - memory: 4Gi - limits: - cpu: 4 - memory: 6Gi -``` - -No resources are set by default. - -#### Annotations - - - -```yaml -podAnnotations: - key1 : "value1", - key2 : "value2" -``` - -### Name Overides - -Can change the name of the resources as needed with: - -```yaml -nameOverride: "my-nats" -``` - -### Image Pull Secrets - -```yaml -imagePullSecrets: -- name: myRegistry -``` - -Adds this to the StatefulSet: - -```yaml -spec: - imagePullSecrets: - - name: myRegistry -``` diff --git a/charts/kubezero-mq/charts/nats/accounts.conf b/charts/kubezero-mq/charts/nats/accounts.conf deleted file mode 100644 index 1241ad68..00000000 --- a/charts/kubezero-mq/charts/nats/accounts.conf +++ /dev/null @@ -1,21 +0,0 @@ -// Operator "KO" -operator: eyJ0eXAiOiJqd3QiLCJhbGciOiJlZDI1NTE5In0.eyJqdGkiOiI0U09OUjZLT05FMzNFRFhRWE5IR1JUSEg2TEhPM0dFU0xXWlJYNlNENTQ2MjQyTE80QlVRIiwiaWF0IjoxNTgzNzg1MTMyLCJpc3MiOiJPQ0RHNk9ZUFdYRlNLTEdTSFBBUkdTUllDS0xKSVFJMklORUtVVkFGMzJNVzU2VlRMTDRGV0o0SSIsIm5hbWUiOiJLTyIsInN1YiI6Ik9DREc2T1lQV1hGU0tMR1NIUEFSR1NSWUNLTEpJUUkySU5FS1VWQUYzMk1XNTZWVExMNEZXSjRJIiwidHlwZSI6Im9wZXJhdG9yIiwibmF0cyI6e319.0039eTgLj-uyYFoWB3rivGP0WyIZkb_vrrE6tnqcNgIDM59o92nw_Rvb-hrvsK30QWqwm_W8BpVZHDMEY-CiBQ - -system_account: ACLZ6OSWC7BXFT4VNVBDMWUFNBIVGHTUONOXI6TCBP3QHOD34JIDSRYW - -resolver: MEMORY - -resolver_preload: { - // Account "A" - AA3NXTHTXOHCTPIBKEDHNAYAHJ4CO7ERCOJFYCXOXVEOPZTMW55WX32Z: eyJ0eXAiOiJqd3QiLCJhbGciOiJlZDI1NTE5In0.eyJqdGkiOiJSM0QyWUM1UVlJWk4zS0hYR1FFRTZNQTRCRVU3WkFWQk5LSElJNTNOM0tLRVRTTVZEVVRRIiwiaWF0IjoxNTgzNzg1MTMyLCJpc3MiOiJPQ0RHNk9ZUFdYRlNLTEdTSFBBUkdTUllDS0xKSVFJMklORUtVVkFGMzJNVzU2VlRMTDRGV0o0SSIsIm5hbWUiOiJBIiwic3ViIjoiQUEzTlhUSFRYT0hDVFBJQktFREhOQVlBSEo0Q083RVJDT0pGWUNYT1hWRU9QWlRNVzU1V1gzMloiLCJ0eXBlIjoiYWNjb3VudCIsIm5hdHMiOnsiZXhwb3J0cyI6W3sibmFtZSI6InRlc3QiLCJzdWJqZWN0IjoidGVzdCIsInR5cGUiOiJzZXJ2aWNlIiwicmVzcG9uc2VfdHlwZSI6IlNpbmdsZXRvbiIsInNlcnZpY2VfbGF0ZW5jeSI6eyJzYW1wbGluZyI6MTAwLCJyZXN1bHRzIjoibGF0ZW5jeS5vbi50ZXN0In19XSwibGltaXRzIjp7InN1YnMiOi0xLCJjb25uIjotMSwibGVhZiI6LTEsImltcG9ydHMiOi0xLCJleHBvcnRzIjotMSwiZGF0YSI6LTEsInBheWxvYWQiOi0xLCJ3aWxkY2FyZHMiOnRydWV9fX0.W7oEjpQA986Hai3t8UOiJwCcVDYm2sj7L545oYZhQtYbydh_ragPn8pc0f1pA1krMz_ZDuBwKHLZRgXuNSysDQ - - // Account "STAN" - AAYNFTMTKWXZEPPSEZLECMHE3VBULMIUO2QGVY3P4VCI7NNQC3TVX2PB: eyJ0eXAiOiJqd3QiLCJhbGciOiJlZDI1NTE5In0.eyJqdGkiOiJRSUozV0I0MjdSVU5RSlZFM1dRVEs3TlNaVlpaNkRQT01KWkdHMlhTMzQ2WFNQTVZERElBIiwiaWF0IjoxNTgzNzg1MTMyLCJpc3MiOiJPQ0RHNk9ZUFdYRlNLTEdTSFBBUkdTUllDS0xKSVFJMklORUtVVkFGMzJNVzU2VlRMTDRGV0o0SSIsIm5hbWUiOiJTVEFOIiwic3ViIjoiQUFZTkZUTVRLV1haRVBQU0VaTEVDTUhFM1ZCVUxNSVVPMlFHVlkzUDRWQ0k3Tk5RQzNUVlgyUEIiLCJ0eXBlIjoiYWNjb3VudCIsIm5hdHMiOnsibGltaXRzIjp7InN1YnMiOi0xLCJjb25uIjotMSwibGVhZiI6LTEsImltcG9ydHMiOi0xLCJleHBvcnRzIjotMSwiZGF0YSI6LTEsInBheWxvYWQiOi0xLCJ3aWxkY2FyZHMiOnRydWV9fX0.SPyQdAFmoON577s-eZP4K3-9QXYhTn9Xqy3aDGeHvHYRE9IVD47Eu7d38ZiySPlxgkdM_WXZn241_59d07axBA - - // Account "SYS" - ACLZ6OSWC7BXFT4VNVBDMWUFNBIVGHTUONOXI6TCBP3QHOD34JIDSRYW: eyJ0eXAiOiJqd3QiLCJhbGciOiJlZDI1NTE5In0.eyJqdGkiOiJGSk1TSEROVlVGUEM0U0pSRlcyV0NZT1hRWUFDM1hNNUJaWTRKQUZWUTc1V0lEUkdDN0lBIiwiaWF0IjoxNTgzNzg1MTMyLCJpc3MiOiJPQ0RHNk9ZUFdYRlNLTEdTSFBBUkdTUllDS0xKSVFJMklORUtVVkFGMzJNVzU2VlRMTDRGV0o0SSIsIm5hbWUiOiJTWVMiLCJzdWIiOiJBQ0xaNk9TV0M3QlhGVDRWTlZCRE1XVUZOQklWR0hUVU9OT1hJNlRDQlAzUUhPRDM0SklEU1JZVyIsInR5cGUiOiJhY2NvdW50IiwibmF0cyI6eyJsaW1pdHMiOnsic3VicyI6LTEsImNvbm4iOi0xLCJsZWFmIjotMSwiaW1wb3J0cyI6LTEsImV4cG9ydHMiOi0xLCJkYXRhIjotMSwicGF5bG9hZCI6LTEsIndpbGRjYXJkcyI6dHJ1ZX19fQ.owW08dIa97STqgT0ux-5sD00Ad0I3HstJKTmh1CGVpsQwelaZdrBuia-4XgCgN88zuLokPMfWI_pkxXU_iB0BA - - // Account "B" - ADOR7Q5KMWC2XIWRRRC4MZUDCPYG3UMAIWDRX6M2MFDY5SR6HQAAMHJA: eyJ0eXAiOiJqd3QiLCJhbGciOiJlZDI1NTE5In0.eyJqdGkiOiJRQjdIRFg3VUZYN01KUjZPS1E2S1dRSlVUUEpWWENTNkJCWjQ3SDVVTFdVVFNRUU1NQzJRIiwiaWF0IjoxNTgzNzg1MTMyLCJpc3MiOiJPQ0RHNk9ZUFdYRlNLTEdTSFBBUkdTUllDS0xKSVFJMklORUtVVkFGMzJNVzU2VlRMTDRGV0o0SSIsIm5hbWUiOiJCIiwic3ViIjoiQURPUjdRNUtNV0MyWElXUlJSQzRNWlVEQ1BZRzNVTUFJV0RSWDZNMk1GRFk1U1I2SFFBQU1ISkEiLCJ0eXBlIjoiYWNjb3VudCIsIm5hdHMiOnsiaW1wb3J0cyI6W3sibmFtZSI6InRlc3QiLCJzdWJqZWN0IjoidGVzdCIsImFjY291bnQiOiJBQTNOWFRIVFhPSENUUElCS0VESE5BWUFISjRDTzdFUkNPSkZZQ1hPWFZFT1BaVE1XNTVXWDMyWiIsInRvIjoidGVzdCIsInR5cGUiOiJzZXJ2aWNlIn1dLCJsaW1pdHMiOnsic3VicyI6LTEsImNvbm4iOi0xLCJsZWFmIjotMSwiaW1wb3J0cyI6LTEsImV4cG9ydHMiOi0xLCJkYXRhIjotMSwicGF5bG9hZCI6LTEsIndpbGRjYXJkcyI6dHJ1ZX19fQ.r5p_sGt_hmDfWWIJGrLodAM8VfXPeUzsbRtzrMTBGGkcLdi4jqAHXRu09CmFISEzX2VKeGuOonGuAMOFotvICg - -} diff --git a/charts/kubezero-mq/charts/nats/deploy.yaml b/charts/kubezero-mq/charts/nats/deploy.yaml deleted file mode 100644 index 0c7e44d4..00000000 --- a/charts/kubezero-mq/charts/nats/deploy.yaml +++ /dev/null @@ -1,24 +0,0 @@ -# Setup memory preload config. -auth: - enabled: true - resolver: - type: memory - preload: | - // Operator "KO" - operator: eyJ0eXAiOiJqd3QiLCJhbGciOiJlZDI1NTE5In0.eyJqdGkiOiI0U09OUjZLT05FMzNFRFhRWE5IR1JUSEg2TEhPM0dFU0xXWlJYNlNENTQ2MjQyTE80QlVRIiwiaWF0IjoxNTgzNzg1MTMyLCJpc3MiOiJPQ0RHNk9ZUFdYRlNLTEdTSFBBUkdTUllDS0xKSVFJMklORUtVVkFGMzJNVzU2VlRMTDRGV0o0SSIsIm5hbWUiOiJLTyIsInN1YiI6Ik9DREc2T1lQV1hGU0tMR1NIUEFSR1NSWUNLTEpJUUkySU5FS1VWQUYzMk1XNTZWVExMNEZXSjRJIiwidHlwZSI6Im9wZXJhdG9yIiwibmF0cyI6e319.0039eTgLj-uyYFoWB3rivGP0WyIZkb_vrrE6tnqcNgIDM59o92nw_Rvb-hrvsK30QWqwm_W8BpVZHDMEY-CiBQ - - system_account: ACLZ6OSWC7BXFT4VNVBDMWUFNBIVGHTUONOXI6TCBP3QHOD34JIDSRYW - - resolver_preload: { - // Account "A" - AA3NXTHTXOHCTPIBKEDHNAYAHJ4CO7ERCOJFYCXOXVEOPZTMW55WX32Z: eyJ0eXAiOiJqd3QiLCJhbGciOiJlZDI1NTE5In0.eyJqdGkiOiJSM0QyWUM1UVlJWk4zS0hYR1FFRTZNQTRCRVU3WkFWQk5LSElJNTNOM0tLRVRTTVZEVVRRIiwiaWF0IjoxNTgzNzg1MTMyLCJpc3MiOiJPQ0RHNk9ZUFdYRlNLTEdTSFBBUkdTUllDS0xKSVFJMklORUtVVkFGMzJNVzU2VlRMTDRGV0o0SSIsIm5hbWUiOiJBIiwic3ViIjoiQUEzTlhUSFRYT0hDVFBJQktFREhOQVlBSEo0Q083RVJDT0pGWUNYT1hWRU9QWlRNVzU1V1gzMloiLCJ0eXBlIjoiYWNjb3VudCIsIm5hdHMiOnsiZXhwb3J0cyI6W3sibmFtZSI6InRlc3QiLCJzdWJqZWN0IjoidGVzdCIsInR5cGUiOiJzZXJ2aWNlIiwicmVzcG9uc2VfdHlwZSI6IlNpbmdsZXRvbiIsInNlcnZpY2VfbGF0ZW5jeSI6eyJzYW1wbGluZyI6MTAwLCJyZXN1bHRzIjoibGF0ZW5jeS5vbi50ZXN0In19XSwibGltaXRzIjp7InN1YnMiOi0xLCJjb25uIjotMSwibGVhZiI6LTEsImltcG9ydHMiOi0xLCJleHBvcnRzIjotMSwiZGF0YSI6LTEsInBheWxvYWQiOi0xLCJ3aWxkY2FyZHMiOnRydWV9fX0.W7oEjpQA986Hai3t8UOiJwCcVDYm2sj7L545oYZhQtYbydh_ragPn8pc0f1pA1krMz_ZDuBwKHLZRgXuNSysDQ - - // Account "STAN" - AAYNFTMTKWXZEPPSEZLECMHE3VBULMIUO2QGVY3P4VCI7NNQC3TVX2PB: eyJ0eXAiOiJqd3QiLCJhbGciOiJlZDI1NTE5In0.eyJqdGkiOiJRSUozV0I0MjdSVU5RSlZFM1dRVEs3TlNaVlpaNkRQT01KWkdHMlhTMzQ2WFNQTVZERElBIiwiaWF0IjoxNTgzNzg1MTMyLCJpc3MiOiJPQ0RHNk9ZUFdYRlNLTEdTSFBBUkdTUllDS0xKSVFJMklORUtVVkFGMzJNVzU2VlRMTDRGV0o0SSIsIm5hbWUiOiJTVEFOIiwic3ViIjoiQUFZTkZUTVRLV1haRVBQU0VaTEVDTUhFM1ZCVUxNSVVPMlFHVlkzUDRWQ0k3Tk5RQzNUVlgyUEIiLCJ0eXBlIjoiYWNjb3VudCIsIm5hdHMiOnsibGltaXRzIjp7InN1YnMiOi0xLCJjb25uIjotMSwibGVhZiI6LTEsImltcG9ydHMiOi0xLCJleHBvcnRzIjotMSwiZGF0YSI6LTEsInBheWxvYWQiOi0xLCJ3aWxkY2FyZHMiOnRydWV9fX0.SPyQdAFmoON577s-eZP4K3-9QXYhTn9Xqy3aDGeHvHYRE9IVD47Eu7d38ZiySPlxgkdM_WXZn241_59d07axBA - - // Account "SYS" - ACLZ6OSWC7BXFT4VNVBDMWUFNBIVGHTUONOXI6TCBP3QHOD34JIDSRYW: eyJ0eXAiOiJqd3QiLCJhbGciOiJlZDI1NTE5In0.eyJqdGkiOiJGSk1TSEROVlVGUEM0U0pSRlcyV0NZT1hRWUFDM1hNNUJaWTRKQUZWUTc1V0lEUkdDN0lBIiwiaWF0IjoxNTgzNzg1MTMyLCJpc3MiOiJPQ0RHNk9ZUFdYRlNLTEdTSFBBUkdTUllDS0xKSVFJMklORUtVVkFGMzJNVzU2VlRMTDRGV0o0SSIsIm5hbWUiOiJTWVMiLCJzdWIiOiJBQ0xaNk9TV0M3QlhGVDRWTlZCRE1XVUZOQklWR0hUVU9OT1hJNlRDQlAzUUhPRDM0SklEU1JZVyIsInR5cGUiOiJhY2NvdW50IiwibmF0cyI6eyJsaW1pdHMiOnsic3VicyI6LTEsImNvbm4iOi0xLCJsZWFmIjotMSwiaW1wb3J0cyI6LTEsImV4cG9ydHMiOi0xLCJkYXRhIjotMSwicGF5bG9hZCI6LTEsIndpbGRjYXJkcyI6dHJ1ZX19fQ.owW08dIa97STqgT0ux-5sD00Ad0I3HstJKTmh1CGVpsQwelaZdrBuia-4XgCgN88zuLokPMfWI_pkxXU_iB0BA - - // Account "B" - ADOR7Q5KMWC2XIWRRRC4MZUDCPYG3UMAIWDRX6M2MFDY5SR6HQAAMHJA: eyJ0eXAiOiJqd3QiLCJhbGciOiJlZDI1NTE5In0.eyJqdGkiOiJRQjdIRFg3VUZYN01KUjZPS1E2S1dRSlVUUEpWWENTNkJCWjQ3SDVVTFdVVFNRUU1NQzJRIiwiaWF0IjoxNTgzNzg1MTMyLCJpc3MiOiJPQ0RHNk9ZUFdYRlNLTEdTSFBBUkdTUllDS0xKSVFJMklORUtVVkFGMzJNVzU2VlRMTDRGV0o0SSIsIm5hbWUiOiJCIiwic3ViIjoiQURPUjdRNUtNV0MyWElXUlJSQzRNWlVEQ1BZRzNVTUFJV0RSWDZNMk1GRFk1U1I2SFFBQU1ISkEiLCJ0eXBlIjoiYWNjb3VudCIsIm5hdHMiOnsiaW1wb3J0cyI6W3sibmFtZSI6InRlc3QiLCJzdWJqZWN0IjoidGVzdCIsImFjY291bnQiOiJBQTNOWFRIVFhPSENUUElCS0VESE5BWUFISjRDTzdFUkNPSkZZQ1hPWFZFT1BaVE1XNTVXWDMyWiIsInRvIjoidGVzdCIsInR5cGUiOiJzZXJ2aWNlIn1dLCJsaW1pdHMiOnsic3VicyI6LTEsImNvbm4iOi0xLCJsZWFmIjotMSwiaW1wb3J0cyI6LTEsImV4cG9ydHMiOi0xLCJkYXRhIjotMSwicGF5bG9hZCI6LTEsIndpbGRjYXJkcyI6dHJ1ZX19fQ.r5p_sGt_hmDfWWIJGrLodAM8VfXPeUzsbRtzrMTBGGkcLdi4jqAHXRu09CmFISEzX2VKeGuOonGuAMOFotvICg - } diff --git a/charts/kubezero-mq/charts/nats/deploy2.yaml b/charts/kubezero-mq/charts/nats/deploy2.yaml deleted file mode 100644 index 380ff6bc..00000000 --- a/charts/kubezero-mq/charts/nats/deploy2.yaml +++ /dev/null @@ -1,9 +0,0 @@ - -# Setup memory preload config. -auth: - enabled: true - resolver: - type: memory - configMap: - name: nats-accounts - key: resolver.conf diff --git a/charts/kubezero-mq/charts/nats/foo.conf b/charts/kubezero-mq/charts/nats/foo.conf deleted file mode 100644 index e69de29b..00000000 diff --git a/charts/kubezero-mq/charts/nats/foo.dhall b/charts/kubezero-mq/charts/nats/foo.dhall deleted file mode 100644 index 86f3644a..00000000 --- a/charts/kubezero-mq/charts/nats/foo.dhall +++ /dev/null @@ -1,9 +0,0 @@ - -let accounts = ./accounts.conf as Text - -in -'' -port: 4222 - -${accounts} -'' diff --git a/charts/kubezero-mq/charts/nats/resolver.conf b/charts/kubezero-mq/charts/nats/resolver.conf deleted file mode 100644 index 5f09ef21..00000000 --- a/charts/kubezero-mq/charts/nats/resolver.conf +++ /dev/null @@ -1,21 +0,0 @@ -// Operator "KO" -operator: eyJ0eXAiOiJqd3QiLCJhbGciOiJlZDI1NTE5In0.eyJqdGkiOiJKS0E2U0pKUUVOTFpYVDJEWTRWNE00UDZXUFRVUlhIQzNMU1pJWEZWRlFGV0I3U0tKVk9BIiwiaWF0IjoxNTgzODIyNjYwLCJpc3MiOiJPQkZCSEMzVTVXVVRFTVpKTzNYN0hZWTJCNjNQWUpQT0RYS0FWWUdHU0VNQTczTEtGTVg0TEYyQSIsIm5hbWUiOiJLTyIsInN1YiI6Ik9CRkJIQzNVNVdVVEVNWkpPM1g3SFlZMkI2M1BZSlBPRFhLQVZZR0dTRU1BNzNMS0ZNWDRMRjJBIiwidHlwZSI6Im9wZXJhdG9yIiwibmF0cyI6e319.60YToJe3Dz9OZES80jYXVgg7uCB1c3BsX6HglA8tsKKRe-Br3pMpn9yUPUujjB61MGqnA7Zmbx8qWnoj8CkuCw - -system_account: ABL65FFQWUDHHTGMGRFVVSQDBAWHGEJ2CDRCMGBFV6SB4MLKFSUPN7GP - -resolver: MEMORY - -resolver_preload: { - // Account "B" - AAIJAGRSL2KCEPTRBP6DJCTAMSNOUXRILLZXIY6CTZ4GR27ISCZOP6QH: eyJ0eXAiOiJqd3QiLCJhbGciOiJlZDI1NTE5In0.eyJqdGkiOiJEVTdWV1BXQUtBSVdNNkhNUElDNE43TVRGTFEyV01JUFhFVU5aNVEzRE1YSTRKVkpLQU1BIiwiaWF0IjoxNTgzODIyNjYwLCJpc3MiOiJPQkZCSEMzVTVXVVRFTVpKTzNYN0hZWTJCNjNQWUpQT0RYS0FWWUdHU0VNQTczTEtGTVg0TEYyQSIsIm5hbWUiOiJCIiwic3ViIjoiQUFJSkFHUlNMMktDRVBUUkJQNkRKQ1RBTVNOT1VYUklMTFpYSVk2Q1RaNEdSMjdJU0NaT1A2UUgiLCJ0eXBlIjoiYWNjb3VudCIsIm5hdHMiOnsiaW1wb3J0cyI6W3sibmFtZSI6InRlc3QiLCJzdWJqZWN0IjoidGVzdCIsImFjY291bnQiOiJBQlhXNU9aV09LSzUzWDNWNUhSVkdPMlJXTlVUU1NQSU1HVDZORU9SMjNBQzRNTk1QTlFTUTZWTCIsInRvIjoidGVzdCIsInR5cGUiOiJzZXJ2aWNlIn1dLCJsaW1pdHMiOnsic3VicyI6LTEsImNvbm4iOi0xLCJsZWFmIjotMSwiaW1wb3J0cyI6LTEsImV4cG9ydHMiOi0xLCJkYXRhIjotMSwicGF5bG9hZCI6LTEsIndpbGRjYXJkcyI6dHJ1ZX19fQ.VLv3U7k8jJaIcGpDYXo0XQCYNVMNQd2PHVUOXGMvCU8ifiYpkaRJ4G0UXZHqlQl_0g3M_LEtJw0K-4HwgOeIAA - - // Account "SYS" - ABL65FFQWUDHHTGMGRFVVSQDBAWHGEJ2CDRCMGBFV6SB4MLKFSUPN7GP: eyJ0eXAiOiJqd3QiLCJhbGciOiJlZDI1NTE5In0.eyJqdGkiOiJPSUpENkozTjdCVk0zSEY0M0NCTUhLMllUNlpXTlFCWkZBRzQ0VE5RSFA3SlVZT0hZR0dRIiwiaWF0IjoxNTgzODIyNjYwLCJpc3MiOiJPQkZCSEMzVTVXVVRFTVpKTzNYN0hZWTJCNjNQWUpQT0RYS0FWWUdHU0VNQTczTEtGTVg0TEYyQSIsIm5hbWUiOiJTWVMiLCJzdWIiOiJBQkw2NUZGUVdVREhIVEdNR1JGVlZTUURCQVdIR0VKMkNEUkNNR0JGVjZTQjRNTEtGU1VQTjdHUCIsInR5cGUiOiJhY2NvdW50IiwibmF0cyI6eyJsaW1pdHMiOnsic3VicyI6LTEsImNvbm4iOi0xLCJsZWFmIjotMSwiaW1wb3J0cyI6LTEsImV4cG9ydHMiOi0xLCJkYXRhIjotMSwicGF5bG9hZCI6LTEsIndpbGRjYXJkcyI6dHJ1ZX19fQ.Jei8psto5h35bFn4y1Unsk0Noh6MYJxkB8Hs-nnLuUBrkTppSwukEkM_ufNGA_lxsmPki3zBf8y6rsQ13Ec5AA - - // Account "A" - ABXW5OZWOKK53X3V5HRVGO2RWNUTSSPIMGT6NEOR23AC4MNMPNQSQ6VL: eyJ0eXAiOiJqd3QiLCJhbGciOiJlZDI1NTE5In0.eyJqdGkiOiJSRFNRTE9GT0gzRUoyUUNLSkkyUEJXNkxLMllUVFJDUUdGV0tJRFJJRVRVMzZTT0RPT1FRIiwiaWF0IjoxNTgzODIyNjYwLCJpc3MiOiJPQkZCSEMzVTVXVVRFTVpKTzNYN0hZWTJCNjNQWUpQT0RYS0FWWUdHU0VNQTczTEtGTVg0TEYyQSIsIm5hbWUiOiJBIiwic3ViIjoiQUJYVzVPWldPS0s1M1gzVjVIUlZHTzJSV05VVFNTUElNR1Q2TkVPUjIzQUM0TU5NUE5RU1E2VkwiLCJ0eXBlIjoiYWNjb3VudCIsIm5hdHMiOnsiZXhwb3J0cyI6W3sibmFtZSI6InRlc3QiLCJzdWJqZWN0IjoidGVzdCIsInR5cGUiOiJzZXJ2aWNlIiwicmVzcG9uc2VfdHlwZSI6IlNpbmdsZXRvbiIsInNlcnZpY2VfbGF0ZW5jeSI6eyJzYW1wbGluZyI6MTAwLCJyZXN1bHRzIjoibGF0ZW5jeS5vbi50ZXN0In19XSwibGltaXRzIjp7InN1YnMiOi0xLCJjb25uIjotMSwibGVhZiI6LTEsImltcG9ydHMiOi0xLCJleHBvcnRzIjotMSwiZGF0YSI6LTEsInBheWxvYWQiOi0xLCJ3aWxkY2FyZHMiOnRydWV9fX0.lJfHHkbXeEf6DbHFju0zktCjWL0kgll17BdYJl6f2hcZxbUtiyf3H1mGfrzELgCuEO7p8X11UpRVy_eTQfnGAA - - // Account "STAN" - ACLSVE2AZYTXOBIJXOV5XHAIIM7KLL777F7GAEWW5W5P4IAR2VZJSGID: eyJ0eXAiOiJqd3QiLCJhbGciOiJlZDI1NTE5In0.eyJqdGkiOiJJT1ZPSFBPV1hJRDI2U1JYVEJQTTVUQlVKWDJRU0FSSTJMQjJTM09aRFpMU0paS1BOVU9BIiwiaWF0IjoxNTgzODIyNjYwLCJpc3MiOiJPQkZCSEMzVTVXVVRFTVpKTzNYN0hZWTJCNjNQWUpQT0RYS0FWWUdHU0VNQTczTEtGTVg0TEYyQSIsIm5hbWUiOiJTVEFOIiwic3ViIjoiQUNMU1ZFMkFaWVRYT0JJSlhPVjVYSEFJSU03S0xMNzc3RjdHQUVXVzVXNVA0SUFSMlZaSlNHSUQiLCJ0eXBlIjoiYWNjb3VudCIsIm5hdHMiOnsibGltaXRzIjp7InN1YnMiOi0xLCJjb25uIjotMSwibGVhZiI6LTEsImltcG9ydHMiOi0xLCJleHBvcnRzIjotMSwiZGF0YSI6LTEsInBheWxvYWQiOi0xLCJ3aWxkY2FyZHMiOnRydWV9fX0.CE5_K9kAdAgxesJRiJYh3kK2f74_c7T3bNQhgfaXOMzI8X6VOWqn0_5gH9jOD0xzHXIYiUMwy7a4Ou63PizHCw - -} diff --git a/charts/kubezero-mq/charts/nats/templates/NOTES.txt b/charts/kubezero-mq/charts/nats/templates/NOTES.txt deleted file mode 100644 index 313886a7..00000000 --- a/charts/kubezero-mq/charts/nats/templates/NOTES.txt +++ /dev/null @@ -1,26 +0,0 @@ - -{{- if or .Values.nats.logging.debug .Values.nats.logging.trace }} -*WARNING*: Keep in mind that running the server with -debug and/or trace enabled significantly affects the -performance of the server! -{{- end }} - -You can find more information about running NATS on Kubernetes -in the NATS documentation website: - - https://docs.nats.io/nats-on-kubernetes/nats-kubernetes - -{{- if .Values.natsbox.enabled }} - -NATS Box has been deployed into your cluster, you can -now use the NATS tools within the container as follows: - - kubectl exec -n {{ .Release.Namespace }} -it deployment/{{ template "nats.fullname" . }}-box -- /bin/sh -l - - nats-box:~# nats-sub test & - nats-box:~# nats-pub test hi - nats-box:~# nc {{ template "nats.fullname" . }} 4222 - -{{- end }} - -Thanks for using NATS! diff --git a/charts/kubezero-mq/charts/nats/templates/_helpers.tpl b/charts/kubezero-mq/charts/nats/templates/_helpers.tpl deleted file mode 100644 index df08753c..00000000 --- a/charts/kubezero-mq/charts/nats/templates/_helpers.tpl +++ /dev/null @@ -1,98 +0,0 @@ -{{/* -Expand the name of the chart. -*/}} -{{- define "nats.name" -}} -{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} -{{- end -}} - - -{{- define "nats.fullname" -}} -{{- if .Values.fullnameOverride -}} -{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- $name := default .Chart.Name .Values.nameOverride -}} -{{- if contains $name .Release.Name -}} -{{- .Release.Name | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} -{{- end -}} -{{- end -}} -{{- end -}} - -{{/* -Create chart name and version as used by the chart label. -*/}} -{{- define "nats.chart" -}} -{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} -{{- end }} - -{{/* -Common labels -*/}} -{{- define "nats.labels" -}} -helm.sh/chart: {{ include "nats.chart" . }} -{{- range $name, $value := .Values.commonLabels }} -{{ $name }}: {{ $value }} -{{- end }} -{{ include "nats.selectorLabels" . }} -{{- if .Chart.AppVersion }} -app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} -{{- end }} -app.kubernetes.io/managed-by: {{ .Release.Service }} -{{- end }} - -{{/* -Selector labels -*/}} -{{- define "nats.selectorLabels" -}} -app.kubernetes.io/name: {{ include "nats.name" . }} -app.kubernetes.io/instance: {{ .Release.Name }} -{{- end }} - - -{{/* -Return the proper NATS image name -*/}} -{{- define "nats.clusterAdvertise" -}} -{{- printf "$(POD_NAME).%s.$(POD_NAMESPACE).svc.%s." (include "nats.fullname" . ) $.Values.k8sClusterDomain }} -{{- end }} - -{{/* -Return the NATS cluster routes. -*/}} -{{- define "nats.clusterRoutes" -}} -{{- $name := (include "nats.fullname" . ) -}} -{{- range $i, $e := until (.Values.cluster.replicas | int) -}} -{{- printf "nats://%s-%d.%s.%s.svc.%s.:6222," $name $i $name $.Release.Namespace $.Values.k8sClusterDomain -}} -{{- end -}} -{{- end }} - - -{{- define "nats.tlsConfig" -}} -tls { -{{- if .cert }} - cert_file: {{ .secretPath }}/{{ .secret.name }}/{{ .cert }} -{{- end }} -{{- if .key }} - key_file: {{ .secretPath }}/{{ .secret.name }}/{{ .key }} -{{- end }} -{{- if .ca }} - ca_file: {{ .secretPath }}/{{ .secret.name }}/{{ .ca }} -{{- end }} -{{- if .insecure }} - insecure: {{ .insecure }} -{{- end }} -{{- if .verify }} - verify: {{ .verify }} -{{- end }} -{{- if .verifyAndMap }} - verify_and_map: {{ .verifyAndMap }} -{{- end }} -{{- if .curvePreferences }} - curve_preferences: {{ .curvePreferences }} -{{- end }} -{{- if .timeout }} - timeout: {{ .timeout }} -{{- end }} -} -{{- end }} diff --git a/charts/kubezero-mq/charts/nats/templates/_mem_resolver.yaml b/charts/kubezero-mq/charts/nats/templates/_mem_resolver.yaml deleted file mode 100644 index c58134cb..00000000 --- a/charts/kubezero-mq/charts/nats/templates/_mem_resolver.yaml +++ /dev/null @@ -1,15 +0,0 @@ -{{- if .Values.auth.enabled }} -{{- if eq .Values.auth.resolver.type "memory" }} ---- -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ template "nats.name" . }}-accounts - labels: - app: {{ template "nats.name" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} -data: - accounts.conf: |- - {{- .Files.Get "accounts.conf" | indent 6 }} -{{- end }} -{{- end }} diff --git a/charts/kubezero-mq/charts/nats/templates/configmap.yaml b/charts/kubezero-mq/charts/nats/templates/configmap.yaml deleted file mode 100644 index 1e6b44c5..00000000 --- a/charts/kubezero-mq/charts/nats/templates/configmap.yaml +++ /dev/null @@ -1,398 +0,0 @@ ---- -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ include "nats.fullname" . }}-config - namespace: {{ .Release.Namespace | quote }} - labels: - {{- include "nats.labels" . | nindent 4 }} -data: - nats.conf: | - # PID file shared with configuration reloader. - pid_file: "/var/run/nats/nats.pid" - - ############### - # # - # Monitoring # - # # - ############### - http: 8222 - server_name: $POD_NAME - - {{- if .Values.nats.tls }} - ##################### - # # - # TLS Configuration # - # # - ##################### - {{- with .Values.nats.tls }} - {{- $nats_tls := merge (dict) . }} - {{- $_ := set $nats_tls "secretPath" "/etc/nats-certs/clients" }} - {{- include "nats.tlsConfig" $nats_tls | nindent 4}} - {{- end }} - {{- end }} - - {{- if .Values.nats.jetstream.enabled }} - ################################### - # # - # NATS JetStream # - # # - ################################### - jetstream { - {{- if .Values.nats.jetstream.memStorage.enabled }} - max_mem: {{ .Values.nats.jetstream.memStorage.size }} - {{- end }} - - {{- if .Values.nats.jetstream.fileStorage.enabled }} - store_dir: {{ .Values.nats.jetstream.fileStorage.storageDirectory }} - - max_file: - {{- if .Values.nats.jetstream.fileStorage.existingClaim }} - {{- .Values.nats.jetstream.fileStorage.claimStorageSize }} - {{- else }} - {{- .Values.nats.jetstream.fileStorage.size }} - {{- end }} - - {{- end }} - } - {{- end }} - {{- if .Values.mqtt.enabled }} - ################################### - # # - # NATS MQTT # - # # - ################################### - mqtt { - port: 1883 - - {{- with .Values.mqtt.tls }} - {{- $mqtt_tls := merge (dict) . }} - {{- $_ := set $mqtt_tls "secretPath" "/etc/nats-certs/mqtt" }} - {{- include "nats.tlsConfig" $mqtt_tls | nindent 6}} - {{- end }} - - {{- if .Values.mqtt.noAuthUser }} - no_auth_user: {{ .Values.mqtt.noAuthUser | quote }} - {{- end }} - - ack_wait: {{ .Values.mqtt.ackWait | quote }} - max_ack_pending: {{ .Values.mqtt.maxAckPending }} - } - {{- end }} - - {{- if .Values.cluster.enabled }} - ################################### - # # - # NATS Full Mesh Clustering Setup # - # # - ################################### - cluster { - port: 6222 - - {{- if .Values.nats.jetstream.enabled }} - {{- if .Values.cluster.name }} - name: {{ .Values.cluster.name }} - {{- else }} - name: {{ template "nats.name" . }} - {{- end }} - {{- else }} - {{- with .Values.cluster.name }} - name: {{ . }} - {{- end }} - {{- end }} - - {{- with .Values.cluster.tls }} - {{- $cluster_tls := merge (dict) . }} - {{- $_ := set $cluster_tls "secretPath" "/etc/nats-certs/cluster" }} - {{- include "nats.tlsConfig" $cluster_tls | nindent 6}} - {{- end }} - - {{- if .Values.cluster.authorization }} - authorization { - {{- with .Values.cluster.authorization.user }} - user: {{ . }} - {{- end }} - {{- with .Values.cluster.authorization.password }} - password: {{ . }} - {{- end }} - {{- with .Values.cluster.authorization.timeout }} - timeout: {{ . }} - {{- end }} - } - {{- end }} - - routes = [ - {{ include "nats.clusterRoutes" . }} - ] - cluster_advertise: $CLUSTER_ADVERTISE - - {{- with .Values.cluster.noAdvertise }} - no_advertise: {{ . }} - {{- end }} - - connect_retries: {{ .Values.nats.connectRetries }} - } - {{ end }} - - {{- if and .Values.nats.advertise .Values.nats.externalAccess }} - include "advertise/client_advertise.conf" - {{- end }} - - {{- if or .Values.leafnodes.enabled .Values.leafnodes.remotes }} - ################# - # # - # NATS Leafnode # - # # - ################# - leafnodes { - {{- if .Values.leafnodes.enabled }} - listen: "0.0.0.0:7422" - {{- end }} - - {{ if and .Values.nats.advertise .Values.nats.externalAccess }} - include "advertise/gateway_advertise.conf" - {{ end }} - - {{- with .Values.leafnodes.noAdvertise }} - no_advertise: {{ . }} - {{- end }} - - {{- with .Values.leafnodes.tls }} - {{- $leafnode_tls := merge (dict) . }} - {{- $_ := set $leafnode_tls "secretPath" "/etc/nats-certs/leafnodes" }} - {{- include "nats.tlsConfig" $leafnode_tls | nindent 6}} - {{- end }} - - remotes: [ - {{- range .Values.leafnodes.remotes }} - { - {{- with .url }} - url: {{ . }} - {{- end }} - - {{- with .credentials }} - credentials: "/etc/nats-creds/{{ .secret.name }}/{{ .secret.key }}" - {{- end }} - - {{- with .tls }} - {{ $secretName := .secret.name }} - tls: { - {{- with .cert }} - cert_file: /etc/nats-certs/leafnodes/{{ $secretName }}/{{ . }} - {{- end }} - - {{- with .key }} - key_file: /etc/nats-certs/leafnodes/{{ $secretName }}/{{ . }} - {{- end }} - - {{- with .ca }} - ca_file: /etc/nats-certs/leafnodes/{{ $secretName }}/{{ . }} - {{- end }} - } - {{- end }} - } - {{- end }} - ] - } - {{ end }} - - {{- if .Values.gateway.enabled }} - ################# - # # - # NATS Gateways # - # # - ################# - gateway { - name: {{ .Values.gateway.name }} - port: 7522 - - {{ if and .Values.nats.advertise .Values.nats.externalAccess }} - include "advertise/gateway_advertise.conf" - {{ end }} - - {{- with .Values.gateway.tls }} - {{- $gateway_tls := merge (dict) . }} - {{- $_ := set $gateway_tls "secretPath" "/etc/nats-certs/gateway" }} - {{- include "nats.tlsConfig" $gateway_tls | nindent 6}} - {{- end }} - - # Gateways array here - gateways: [ - {{- range .Values.gateway.gateways }} - { - {{- with .name }} - name: {{ . }} - {{- end }} - - {{- with .url }} - url: {{ . | quote }} - {{- end }} - - {{- with .urls }} - urls: [{{ join "," . }}] - {{- end }} - }, - {{- end }} - ] - } - {{ end }} - - {{- with .Values.nats.logging.debug }} - debug: {{ . }} - {{- end }} - - {{- with .Values.nats.logging.trace }} - trace: {{ . }} - {{- end }} - - {{- with .Values.nats.logging.logtime }} - logtime: {{ . }} - {{- end }} - - {{- with .Values.nats.logging.connectErrorReports }} - connect_error_reports: {{ . }} - {{- end }} - - {{- with .Values.nats.logging.reconnectErrorReports }} - reconnect_error_reports: {{ . }} - {{- end }} - - {{- with .Values.nats.limits.maxConnections }} - max_connections: {{ . }} - {{- end }} - {{- with .Values.nats.limits.maxSubscriptions }} - max_subscriptions: {{ . }} - {{- end }} - {{- with .Values.nats.limits.maxPending }} - max_pending: {{ . }} - {{- end }} - {{- with .Values.nats.limits.maxControlLine }} - max_control_line: {{ . }} - {{- end }} - {{- with .Values.nats.limits.maxPayload }} - max_payload: {{ . }} - {{- end }} - {{- with .Values.nats.pingInterval }} - ping_interval: {{ . }} - {{- end }} - {{- with .Values.nats.maxPings }} - ping_max: {{ . }} - {{- end }} - {{- with .Values.nats.writeDeadline }} - write_deadline: {{ . | quote }} - {{- end }} - {{- with .Values.nats.writeDeadline }} - lame_duck_duration: {{ . | quote }} - {{- end }} - - {{- if .Values.websocket.enabled }} - ################## - # # - # Websocket # - # # - ################## - websocket { - port: {{ .Values.websocket.port }} - {{- if .Values.websocket.tls }} - {{ $secretName := .secret.name }} - tls { - {{- with .cert }} - cert_file: /etc/nats-certs/ws/{{ $secretName }}/{{ . }} - {{- end }} - - {{- with .key }} - key_file: /etc/nats-certs/ws/{{ $secretName }}/{{ . }} - {{- end }} - - {{- with .ca }} - ca_file: /etc/nats-certs/ws/{{ $secretName }}/{{ . }} - {{- end }} - } - {{- else }} - no_tls: {{ .Values.websocket.noTLS }} - {{- end }} - } - {{- end }} - - {{- if .Values.auth.enabled }} - ################## - # # - # Authorization # - # # - ################## - {{- if .Values.auth.resolver }} - {{- if eq .Values.auth.resolver.type "memory" }} - resolver: MEMORY - include "accounts/{{ .Values.auth.resolver.configMap.key }}" - {{- end }} - - {{- if eq .Values.auth.resolver.type "full" }} - - {{- if .Values.auth.resolver.configMap }} - include "accounts/{{ .Values.auth.resolver.configMap.key }}" - {{- else }} - - {{- with .Values.auth.resolver }} - operator: {{ .operator }} - - system_account: {{ .systemAccount }} - {{- end }} - - resolver: { - type: full - {{- with .Values.auth.resolver }} - dir: {{ .store.dir | quote }} - - allow_delete: {{ .allowDelete }} - - interval: {{ .interval | quote }} - {{- end }} - } - {{- end }} - {{- end }} - - {{- if .Values.auth.resolver.resolverPreload }} - resolver_preload: {{ toRawJson .Values.auth.resolver.resolverPreload }} - {{- end }} - - {{- if eq .Values.auth.resolver.type "URL" }} - {{- with .Values.auth.resolver.url }} - resolver: URL({{ . }}) - {{- end }} - operator: /etc/nats-config/operator/{{ .Values.auth.operatorjwt.configMap.key }} - {{- end }} - {{- end }} - - {{- with .Values.auth.systemAccount }} - system_account: {{ . }} - {{- end }} - - {{- with .Values.auth.basic }} - - {{- with .noAuthUser }} - no_auth_user: {{ . }} - {{- end }} - - {{- with .users }} - authorization { - users: [ - {{- range . }} - {{- toRawJson . | nindent 4 }}, - {{- end }} - ] - } - {{- end }} - - {{- if .token }} - authorization { - token: "{{ .token }}" - } - {{- end }} - - {{- with .accounts }} - accounts: {{- toRawJson . }} - {{- end }} - - {{- end }} - - {{- end }} diff --git a/charts/kubezero-mq/charts/nats/templates/nats-box.yaml b/charts/kubezero-mq/charts/nats/templates/nats-box.yaml deleted file mode 100644 index c0a510d8..00000000 --- a/charts/kubezero-mq/charts/nats/templates/nats-box.yaml +++ /dev/null @@ -1,95 +0,0 @@ -{{- if .Values.natsbox.enabled }} ---- -apiVersion: apps/v1 -kind: Deployment -metadata: - name: {{ include "nats.fullname" . }}-box - namespace: {{ .Release.Namespace | quote }} - labels: - app: {{ include "nats.fullname" . }}-box - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} -spec: - replicas: 1 - selector: - matchLabels: - app: {{ include "nats.fullname" . }}-box - template: - metadata: - labels: - app: {{ include "nats.fullname" . }}-box - {{- if .Values.natsbox.podAnnotations }} - annotations: - {{- range $key, $value := .Values.natsbox.podAnnotations }} - {{ $key }}: {{ $value | quote }} - {{- end }} - {{- end }} - spec: - {{- with .Values.natsbox.affinity }} - affinity: - {{- tpl (toYaml .) $ | nindent 8 }} - {{- end }} - volumes: - {{- if .Values.natsbox.credentials }} - - name: nats-sys-creds - secret: - secretName: {{ .Values.natsbox.credentials.secret.name }} - {{- end }} - {{- with .Values.nats.tls }} - {{ $secretName := .secret.name }} - - name: {{ $secretName }}-clients-volume - secret: - secretName: {{ $secretName }} - {{- end }} - {{- with .Values.imagePullSecrets }} - imagePullSecrets: - {{- toYaml . | nindent 8 }} - {{- end }} - containers: - - name: nats-box - image: {{ .Values.natsbox.image }} - imagePullPolicy: {{ .Values.natsbox.pullPolicy }} - resources: - {{- toYaml .Values.natsbox.resources | nindent 10 }} - env: - - name: NATS_URL - value: {{ template "nats.fullname" . }} - {{- if .Values.natsbox.credentials }} - - name: USER_CREDS - value: /etc/nats-config/creds/{{ .Values.natsbox.credentials.secret.key }} - - name: USER2_CREDS - value: /etc/nats-config/creds/{{ .Values.natsbox.credentials.secret.key }} - {{- end }} - {{- with .Values.nats.tls }} - {{ $secretName := .secret.name }} - lifecycle: - postStart: - exec: - command: - - /bin/sh - - -c - - cp /etc/nats-certs/clients/{{ $secretName }}/* /usr/local/share/ca-certificates && update-ca-certificates - {{- end }} - command: - - "tail" - - "-f" - - "/dev/null" - volumeMounts: - {{- if .Values.natsbox.credentials }} - - name: nats-sys-creds - mountPath: /etc/nats-config/creds - {{- end }} - {{- with .Values.nats.tls }} - ####################### - # # - # TLS Volumes Mounts # - # # - ####################### - {{ $secretName := .secret.name }} - - name: {{ $secretName }}-clients-volume - mountPath: /etc/nats-certs/clients/{{ $secretName }} - {{- end }} -{{- with .Values.securityContext }} - securityContext: -{{ toYaml . | indent 8 }} -{{- end }} -{{- end }} diff --git a/charts/kubezero-mq/charts/nats/templates/pdb.yaml b/charts/kubezero-mq/charts/nats/templates/pdb.yaml deleted file mode 100644 index b08d782e..00000000 --- a/charts/kubezero-mq/charts/nats/templates/pdb.yaml +++ /dev/null @@ -1,22 +0,0 @@ -{{- if .Values.podDisruptionBudget }} ---- -apiVersion: policy/v1beta1 -kind: PodDisruptionBudget -metadata: - labels: - name: {{ include "nats.fullname" . }} - namespace: {{ .Release.Namespace | quote }} - labels: - {{- include "nats.labels" . | nindent 4 }} -spec: - {{- if .Values.podDisruptionBudget.minAvailable }} - minAvailable: {{ .Values.podDisruptionBudget.minAvailable }} - {{- end }} - {{- if .Values.podDisruptionBudget.maxUnavailable }} - maxUnavailable: {{ .Values.podDisruptionBudget.maxUnavailable }} - {{- end }} - selector: - matchLabels: - {{- include "nats.selectorLabels" . | nindent 6 }} -{{- end }} - diff --git a/charts/kubezero-mq/charts/nats/templates/rbac.yaml b/charts/kubezero-mq/charts/nats/templates/rbac.yaml deleted file mode 100644 index 0b596f15..00000000 --- a/charts/kubezero-mq/charts/nats/templates/rbac.yaml +++ /dev/null @@ -1,31 +0,0 @@ -{{ if and .Values.nats.externalAccess .Values.nats.advertise }} ---- -apiVersion: v1 -kind: ServiceAccount -metadata: - name: {{ .Values.nats.serviceAccount }} - namespace: {{ .Release.Namespace }} ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: {{ .Values.nats.serviceAccount }} -rules: -- apiGroups: [""] - resources: - - nodes - verbs: ["get"] ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: {{ .Values.nats.serviceAccount }}-binding -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: {{ .Values.nats.serviceAccount }} -subjects: -- kind: ServiceAccount - name: {{ .Values.nats.serviceAccount }} - namespace: {{ .Release.Namespace }} -{{ end }} diff --git a/charts/kubezero-mq/charts/nats/templates/service.yaml b/charts/kubezero-mq/charts/nats/templates/service.yaml deleted file mode 100644 index b38ffcb4..00000000 --- a/charts/kubezero-mq/charts/nats/templates/service.yaml +++ /dev/null @@ -1,67 +0,0 @@ ---- -apiVersion: v1 -kind: Service -metadata: - name: {{ include "nats.fullname" . }} - namespace: {{ .Release.Namespace | quote }} - labels: - {{- include "nats.labels" . | nindent 4 }} - {{- if .Values.serviceAnnotations}} - annotations: - {{- range $key, $value := .Values.serviceAnnotations }} - {{ $key }}: {{ $value | quote }} - {{- end }} - {{- end }} -spec: - selector: - {{- include "nats.selectorLabels" . | nindent 4 }} - clusterIP: None - {{- if .Values.topologyKeys }} - topologyKeys: - {{- .Values.topologyKeys | toYaml | nindent 4 }} - {{- end }} - ports: - {{- if .Values.websocket.enabled }} - - name: websocket - port: {{ .Values.websocket.port }} - {{- if .Values.appProtocol.enabled }} - appProtocol: tcp - {{- end }} - {{- end }} - - name: client - port: 4222 - {{- if .Values.appProtocol.enabled }} - appProtocol: tcp - {{- end }} - - name: cluster - port: 6222 - {{- if .Values.appProtocol.enabled }} - appProtocol: tcp - {{- end }} - - name: monitor - port: 8222 - {{- if .Values.appProtocol.enabled }} - appProtocol: http - {{- end }} - - name: metrics - port: 7777 - {{- if .Values.appProtocol.enabled }} - appProtocol: http - {{- end }} - - name: leafnodes - port: 7422 - {{- if .Values.appProtocol.enabled }} - appProtocol: tcp - {{- end }} - - name: gateways - port: 7522 - {{- if .Values.appProtocol.enabled }} - appProtocol: tcp - {{- end }} - {{- if .Values.mqtt.enabled }} - - name: mqtt - port: 1883 - {{- if .Values.appProtocol.enabled }} - appProtocol: tcp - {{- end }} - {{- end }} diff --git a/charts/kubezero-mq/charts/nats/templates/serviceMonitor.yaml b/charts/kubezero-mq/charts/nats/templates/serviceMonitor.yaml deleted file mode 100644 index 1b4a626f..00000000 --- a/charts/kubezero-mq/charts/nats/templates/serviceMonitor.yaml +++ /dev/null @@ -1,40 +0,0 @@ -{{ if and .Values.exporter.enabled .Values.exporter.serviceMonitor.enabled }} -apiVersion: monitoring.coreos.com/v1 -kind: ServiceMonitor -metadata: - name: {{ template "nats.fullname" . }} - {{- if .Values.exporter.serviceMonitor.namespace }} - namespace: {{ .Values.exporter.serviceMonitor.namespace }} - {{- else }} - namespace: {{ .Release.Namespace | quote }} - {{- end }} - {{- if .Values.exporter.serviceMonitor.labels }} - labels: - {{- range $key, $value := .Values.exporter.serviceMonitor.labels }} - {{ $key }}: {{ $value | quote }} - {{- end }} - {{- end }} - {{- if .Values.exporter.serviceMonitor.annotations }} - annotations: - {{- range $key, $value := .Values.exporter.serviceMonitor.annotations }} - {{ $key }}: {{ $value | quote }} - {{- end }} - {{- end }} -spec: - endpoints: - - port: metrics - {{- if .Values.exporter.serviceMonitor.path }} - path: {{ .Values.exporter.serviceMonitor.path }} - {{- end }} - {{- if .Values.exporter.serviceMonitor.interval }} - interval: {{ .Values.exporter.serviceMonitor.interval }} - {{- end }} - {{- if .Values.exporter.serviceMonitor.scrapeTimeout }} - scrapeTimeout: {{ .Values.exporter.serviceMonitor.scrapeTimeout }} - {{- end }} - namespaceSelector: - any: true - selector: - matchLabels: - {{- include "nats.selectorLabels" . | nindent 6 }} -{{- end }} diff --git a/charts/kubezero-mq/charts/nats/templates/statefulset.yaml b/charts/kubezero-mq/charts/nats/templates/statefulset.yaml deleted file mode 100644 index 0c6a3400..00000000 --- a/charts/kubezero-mq/charts/nats/templates/statefulset.yaml +++ /dev/null @@ -1,477 +0,0 @@ ---- -apiVersion: apps/v1 -kind: StatefulSet -metadata: - name: {{ include "nats.fullname" . }} - namespace: {{ .Release.Namespace | quote }} - labels: - {{- include "nats.labels" . | nindent 4 }} - {{- if .Values.statefulSetAnnotations}} - annotations: - {{- range $key, $value := .Values.statefulSetAnnotations }} - {{ $key }}: {{ $value | quote }} - {{- end }} - {{- end }} -spec: - selector: - matchLabels: - {{- include "nats.selectorLabels" . | nindent 6 }} - {{- if .Values.cluster.enabled }} - replicas: {{ .Values.cluster.replicas }} - {{- else }} - replicas: 1 - {{- end }} - serviceName: {{ include "nats.fullname" . }} - template: - metadata: - {{- if or .Values.podAnnotations .Values.exporter.enabled }} - annotations: - {{- if .Values.exporter.enabled }} - prometheus.io/path: /metrics - prometheus.io/port: "7777" - prometheus.io/scrape: "true" - {{- end }} - {{- range $key, $value := .Values.podAnnotations }} - {{ $key }}: {{ $value | quote }} - {{- end }} - {{- end }} - labels: - {{- include "nats.selectorLabels" . | nindent 8 }} - spec: -{{- with .Values.imagePullSecrets }} - imagePullSecrets: -{{- toYaml . | nindent 8 }} -{{- end }} -{{- with .Values.securityContext }} - securityContext: -{{ toYaml . | indent 8 }} -{{- end }} -{{- with .Values.affinity }} - affinity: -{{- tpl (toYaml .) $ | nindent 8 }} -{{- end }} -{{- if .Values.topologySpreadConstraints }} - topologySpreadConstraints: - {{- range .Values.topologySpreadConstraints }} - {{- if and .maxSkew .topologyKey }} - - maxSkew: {{ .maxSkew }} - topologyKey: {{ .topologyKey }} - {{- if .whenUnsatisfiable }} - whenUnsatisfiable: {{ .whenUnsatisfiable }} - {{- end }} - labelSelector: - matchLabels: - {{- include "nats.selectorLabels" $ | nindent 12 }} - {{- end}} - {{- end }} -{{- end }} -{{- if .Values.priorityClassName }} - priorityClassName: {{ .Values.priorityClassName | quote }} -{{- end }} - # Common volumes for the containers. - volumes: - - name: config-volume - configMap: - name: {{ include "nats.fullname" . }}-config - - # Local volume shared with the reloader. - - name: pid - emptyDir: {} - - {{- if and .Values.auth.enabled .Values.auth.resolver }} - {{- if .Values.auth.resolver.configMap }} - - name: resolver-volume - configMap: - name: {{ .Values.auth.resolver.configMap.name }} - {{- end }} - - {{- if eq .Values.auth.resolver.type "URL" }} - - name: operator-jwt-volume - configMap: - name: {{ .Values.auth.operatorjwt.configMap.name }} - {{- end }} - {{- end }} - - {{- if and .Values.nats.externalAccess .Values.nats.advertise }} - # Local volume shared with the advertise config initializer. - - name: advertiseconfig - emptyDir: {} - {{- end }} - - {{- if and .Values.nats.jetstream.fileStorage.enabled .Values.nats.jetstream.fileStorage.existingClaim }} - # Persistent volume for jetstream running with file storage option - - name: {{ include "nats.fullname" . }}-js-pvc - persistentVolumeClaim: - claimName: {{ .Values.nats.jetstream.fileStorage.existingClaim | quote }} - {{- end }} - - ################# - # # - # TLS Volumes # - # # - ################# - {{- with .Values.nats.tls }} - {{ $secretName := .secret.name }} - - name: {{ $secretName }}-clients-volume - secret: - secretName: {{ $secretName }} - {{- end }} - {{- with .Values.mqtt.tls }} - {{ $secretName := .secret.name }} - - name: {{ $secretName }}-mqtt-volume - secret: - secretName: {{ $secretName }} - {{- end }} - {{- with .Values.cluster.tls }} - {{ $secretName := .secret.name }} - - name: {{ $secretName }}-cluster-volume - secret: - secretName: {{ $secretName }} - {{- end }} - {{- with .Values.leafnodes.tls }} - {{ $secretName := .secret.name }} - - name: {{ $secretName }}-leafnodes-volume - secret: - secretName: {{ $secretName }} - {{- end }} - {{- with .Values.gateway.tls }} - {{ $secretName := .secret.name }} - - name: {{ $secretName }}-gateways-volume - secret: - secretName: {{ $secretName }} - {{- end }} - {{- with .Values.websocket.tls }} - {{ $secretName := .secret.name }} - - name: {{ $secretName }}-ws-volume - secret: - secretName: {{ $secretName }} - {{- end }} - {{- if .Values.leafnodes.enabled }} - # - # Leafnode credential volumes - # - {{- range .Values.leafnodes.remotes }} - {{- with .credentials }} - - name: {{ .secret.name }}-volume - secret: - secretName: {{ .secret.name }} - {{- end }} - {{- end }} - {{- end }} - - {{ if and .Values.nats.externalAccess .Values.nats.advertise }} - # Assume that we only use the service account in case we want to - # figure out what is the current external public IP from the server - # in order to be able to advertise correctly. - serviceAccountName: {{ .Values.nats.serviceAccount }} - {{ end }} - - # Required to be able to HUP signal and apply config - # reload to the server without restarting the pod. - shareProcessNamespace: true - - {{- if and .Values.nats.externalAccess .Values.nats.advertise }} - # Initializer container required to be able to lookup - # the external ip on which this node is running. - initContainers: - - name: bootconfig - command: - - nats-pod-bootconfig - - -f - - /etc/nats-config/advertise/client_advertise.conf - - -gf - - /etc/nats-config/advertise/gateway_advertise.conf - env: - - name: KUBERNETES_NODE_NAME - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: spec.nodeName - image: {{ .Values.bootconfig.image }} - imagePullPolicy: {{ .Values.bootconfig.pullPolicy }} - resources: - {{- toYaml .Values.bootconfig.resources | nindent 10 }} - volumeMounts: - - mountPath: /etc/nats-config/advertise - name: advertiseconfig - subPath: advertise - {{- end }} - - ################# - # # - # NATS Server # - # # - ################# - terminationGracePeriodSeconds: {{ .Values.nats.terminationGracePeriodSeconds }} - containers: - - name: nats - image: {{ .Values.nats.image }} - imagePullPolicy: {{ .Values.nats.pullPolicy }} - resources: - {{- toYaml .Values.nats.resources | nindent 10 }} - ports: - - containerPort: 4222 - name: client - {{- if .Values.nats.externalAccess }} - hostPort: 4222 - {{- end }} - - containerPort: 7422 - name: leafnodes - {{- if .Values.nats.externalAccess }} - hostPort: 7422 - {{- end }} - - containerPort: 7522 - name: gateways - {{- if .Values.nats.externalAccess }} - hostPort: 7522 - {{- end }} - - containerPort: 6222 - name: cluster - - containerPort: 8222 - name: monitor - - containerPort: 7777 - name: metrics - {{- if .Values.mqtt.enabled }} - - containerPort: 1883 - name: mqtt - {{- if .Values.nats.externalAccess }} - hostPort: 1883 - {{- end }} - {{- end }} - {{- if .Values.websocket.enabled }} - - containerPort: {{ .Values.websocket.port }} - name: websocket - {{- if .Values.nats.externalAccess }} - hostPort: {{ .Values.websocket.port }} - {{- end }} - {{- end }} - command: - - "nats-server" - - "--config" - - "/etc/nats-config/nats.conf" - - # Required to be able to define an environment variable - # that refers to other environment variables. This env var - # is later used as part of the configuration file. - env: - - name: POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: CLUSTER_ADVERTISE - value: {{ include "nats.clusterAdvertise" . }} - volumeMounts: - - name: config-volume - mountPath: /etc/nats-config - - name: pid - mountPath: /var/run/nats - {{- if and .Values.nats.externalAccess .Values.nats.advertise }} - - mountPath: /etc/nats-config/advertise - name: advertiseconfig - subPath: advertise - {{- end }} - - {{- if and .Values.auth.enabled .Values.auth.resolver }} - {{- if eq .Values.auth.resolver.type "memory" }} - - name: resolver-volume - mountPath: /etc/nats-config/accounts - {{- end }} - - {{- if eq .Values.auth.resolver.type "full" }} - {{- if .Values.auth.resolver.configMap }} - - name: resolver-volume - mountPath: /etc/nats-config/accounts - {{- end }} - {{- if and .Values.auth.resolver .Values.auth.resolver.store }} - - name: nats-jwt-pvc - mountPath: {{ .Values.auth.resolver.store.dir }} - {{- end }} - {{- end }} - - {{- if eq .Values.auth.resolver.type "URL" }} - - name: operator-jwt-volume - mountPath: /etc/nats-config/operator - {{- end }} - {{- end }} - - {{- if .Values.nats.jetstream.fileStorage.enabled }} - - name: {{ include "nats.fullname" . }}-js-pvc - mountPath: {{ .Values.nats.jetstream.fileStorage.storageDirectory }} - {{- end }} - - {{- with .Values.nats.tls }} - ####################### - # # - # TLS Volumes Mounts # - # # - ####################### - {{ $secretName := .secret.name }} - - name: {{ $secretName }}-clients-volume - mountPath: /etc/nats-certs/clients/{{ $secretName }} - {{- end }} - {{- with .Values.mqtt.tls }} - {{ $secretName := .secret.name }} - - name: {{ $secretName }}-mqtt-volume - mountPath: /etc/nats-certs/mqtt/{{ $secretName }} - {{- end }} - {{- with .Values.cluster.tls }} - {{ $secretName := .secret.name }} - - name: {{ $secretName }}-cluster-volume - mountPath: /etc/nats-certs/cluster/{{ $secretName }} - {{- end }} - {{- with .Values.leafnodes.tls }} - {{ $secretName := .secret.name }} - - name: {{ $secretName }}-leafnodes-volume - mountPath: /etc/nats-certs/leafnodes/{{ $secretName }} - {{- end }} - {{- with .Values.gateway.tls }} - {{ $secretName := .secret.name }} - - name: {{ $secretName }}-gateways-volume - mountPath: /etc/nats-certs/gateways/{{ $secretName }} - {{- end }} - - {{- with .Values.websocket.tls }} - {{ $secretName := .secret.name }} - - name: {{ $secretName }}-ws-volume - mountPath: /etc/nats-certs/ws/{{ $secretName }} - {{- end }} - - {{- if .Values.leafnodes.enabled }} - # - # Leafnode credential volumes - # - {{- range .Values.leafnodes.remotes }} - {{- with .credentials }} - - name: {{ .secret.name }}-volume - mountPath: /etc/nats-creds/{{ .secret.name }} - {{- end }} - {{- end }} - {{- end }} - - # Liveness/Readiness probes against the monitoring. - # - livenessProbe: - httpGet: - path: / - port: 8222 - initialDelaySeconds: 10 - timeoutSeconds: 5 - readinessProbe: - httpGet: - path: / - port: 8222 - initialDelaySeconds: 10 - timeoutSeconds: 5 - - # Gracefully stop NATS Server on pod deletion or image upgrade. - # - lifecycle: - preStop: - exec: - # Using the alpine based NATS image, we add an extra sleep that is - # the same amount as the terminationGracePeriodSeconds to allow - # the NATS Server to gracefully terminate the client connections. - # - command: - - "/bin/sh" - - "-c" - - "nats-server -sl=ldm=/var/run/nats/nats.pid && /bin/sleep {{ .Values.nats.terminationGracePeriodSeconds }}" - - ################################# - # # - # NATS Configuration Reloader # - # # - ################################# - {{ if .Values.reloader.enabled }} - - name: reloader - image: {{ .Values.reloader.image }} - imagePullPolicy: {{ .Values.reloader.pullPolicy }} - resources: - {{- toYaml .Values.reloader.resources | nindent 10 }} - command: - - "nats-server-config-reloader" - - "-pid" - - "/var/run/nats/nats.pid" - - "-config" - - "/etc/nats-config/nats.conf" - volumeMounts: - - name: config-volume - mountPath: /etc/nats-config - - name: pid - mountPath: /var/run/nats - {{ end }} - - ############################## - # # - # NATS Prometheus Exporter # - # # - ############################## - {{ if .Values.exporter.enabled }} - - name: metrics - image: {{ .Values.exporter.image }} - imagePullPolicy: {{ .Values.exporter.pullPolicy }} - resources: - {{- toYaml .Values.exporter.resources | nindent 10 }} - args: - - -connz - - -routez - - -subz - - -varz - - -prefix=nats - - -use_internal_server_id - {{- if .Values.nats.jetstream.enabled }} - - -jsz=all - {{- end }} - - http://localhost:8222/ - ports: - - containerPort: 7777 - name: metrics - {{ end }} - - volumeClaimTemplates: - {{- if eq .Values.auth.resolver.type "full" }} - {{- if and .Values.auth.resolver .Values.auth.resolver.store }} - ##################################### - # # - # Account Server Embedded JWT # - # # - ##################################### - - metadata: - name: nats-jwt-pvc - spec: - accessModes: - - ReadWriteOnce - resources: - requests: - storage: {{ .Values.auth.resolver.store.size }} - {{- end }} - {{- end }} - - {{- if and .Values.nats.jetstream.fileStorage.enabled (not .Values.nats.jetstream.fileStorage.existingClaim) }} - ##################################### - # # - # Jetstream New Persistent Volume # - # # - ##################################### - - metadata: - name: {{ include "nats.fullname" . }}-js-pvc - {{- if .Values.nats.jetstream.fileStorage.annotations }} - annotations: - {{- range $key, $value := .Values.nats.jetstream.fileStorage.annotations }} - {{ $key }}: {{ $value | quote }} - {{- end }} - {{- end }} - spec: - accessModes: - {{- range .Values.nats.jetstream.fileStorage.accessModes }} - - {{ . | quote }} - {{- end }} - resources: - requests: - storage: {{ .Values.nats.jetstream.fileStorage.size }} - storageClassName: {{ .Values.nats.jetstream.fileStorage.storageClassName | quote }} - {{- end }} diff --git a/charts/kubezero-mq/charts/nats/values.yaml b/charts/kubezero-mq/charts/nats/values.yaml deleted file mode 100644 index ff8b4533..00000000 --- a/charts/kubezero-mq/charts/nats/values.yaml +++ /dev/null @@ -1,405 +0,0 @@ -############################### -# # -# NATS Server Configuration # -# # -############################### -nats: - image: nats:2.3.2-alpine - pullPolicy: IfNotPresent - - # Toggle whether to enable external access. - # This binds a host port for clients, gateways and leafnodes. - externalAccess: false - - # Toggle to disable client advertisements (connect_urls), - # in case of running behind a load balancer (which is not recommended) - # it might be required to disable advertisements. - advertise: true - - # In case both external access and advertise are enabled - # then a service account would be required to be able to - # gather the public ip from a node. - serviceAccount: "nats-server" - - # The number of connect attempts against discovered routes. - connectRetries: 30 - - # How many seconds should pass before sending a PING - # to a client that has no activity. - pingInterval: - - resources: {} - - # Server settings. - limits: - maxConnections: - maxSubscriptions: - maxControlLine: - maxPayload: - - writeDeadline: - maxPending: - maxPings: - lameDuckDuration: - - terminationGracePeriodSeconds: 60 - - logging: - debug: - trace: - logtime: - connectErrorReports: - reconnectErrorReports: - - jetstream: - enabled: false - - ############################# - # # - # Jetstream Memory Storage # - # # - ############################# - memStorage: - enabled: true - size: 1Gi - - ############################ - # # - # Jetstream File Storage # - # # - ############################ - fileStorage: - enabled: false - storageDirectory: /data - - # Set for use with existing PVC - # existingClaim: jetstream-pvc - # claimStorageSize: 1Gi - - # Use below block to create new persistent volume - # only used if existingClaim is not specified - size: 1Gi - storageClassName: default - accessModes: - - ReadWriteOnce - annotations: - # key: "value" - - ####################### - # # - # TLS Configuration # - # # - ####################### - # - # # You can find more on how to setup and trouble shoot TLS connnections at: - # - # # https://docs.nats.io/nats-server/configuration/securing_nats/tls - # - - # tls: - # secret: - # name: nats-client-tls - # ca: "ca.crt" - # cert: "tls.crt" - # key: "tls.key" - -mqtt: - enabled: false - ackWait: 1m - maxAckPending: 100 - - ####################### - # # - # TLS Configuration # - # # - ####################### - # - # # You can find more on how to setup and trouble shoot TLS connnections at: - # - # # https://docs.nats.io/nats-server/configuration/securing_nats/tls - # - - # - # tls: - # secret: - # name: nats-mqtt-tls - # ca: "ca.crt" - # cert: "tls.crt" - # key: "tls.key" - -nameOverride: "" -# An array of imagePullSecrets, and they have to be created manually in the same namespace -# ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ -imagePullSecrets: [] - -# Toggle whether to use setup a Pod Security Context -# ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ -securityContext: {} -# securityContext: -# fsGroup: 1000 -# runAsUser: 1000 -# runAsNonRoot: true - -# Affinity for pod assignment -# ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity -affinity: {} - -## Pod priority class name -## ref: https://kubernetes.io/docs/concepts/configuration/pod-priority-preemption/#priorityclass -priorityClassName: null - -# Service topology -# ref: https://kubernetes.io/docs/concepts/services-networking/service-topology/ -topologyKeys: [] - -# Pod Topology Spread Constraints -# ref https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/ -topologySpreadConstraints: [] -# - maxSkew: 1 -# topologyKey: zone -# whenUnsatisfiable: DoNotSchedule - -# Annotations to add to the NATS pods -# ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/ -podAnnotations: {} -# key: "value" - -## Define a Pod Disruption Budget for the stateful set -## ref: https://kubernetes.io/docs/concepts/workloads/pods/disruptions/ -podDisruptionBudget: null - # minAvailable: 1 - # maxUnavailable: 1 - -# Annotations to add to the NATS StatefulSet -statefulSetAnnotations: {} - -# Annotations to add to the NATS Service -serviceAnnotations: {} - -cluster: - enabled: false - replicas: 3 - noAdvertise: false - # authorization: - # user: foo - # password: pwd - # timeout: 0.5 - -# Leafnode connections to extend a cluster: -# -# https://docs.nats.io/nats-server/configuration/leafnodes -# -leafnodes: - enabled: false - noAdvertise: false - # remotes: - # - url: "tls://connect.ngs.global:7422" - - ####################### - # # - # TLS Configuration # - # # - ####################### - # - # # You can find more on how to setup and trouble shoot TLS connnections at: - # - # # https://docs.nats.io/nats-server/configuration/securing_nats/tls - # - - # - # tls: - # secret: - # name: nats-client-tls - # ca: "ca.crt" - # cert: "tls.crt" - # key: "tls.key" - -# Gateway connections to create a super cluster -# -# https://docs.nats.io/nats-server/configuration/gateways -# -gateway: - enabled: false - name: 'default' - - ############################# - # # - # List of remote gateways # - # # - ############################# - # gateways: - # - name: other - # url: nats://my-gateway-url:7522 - - ####################### - # # - # TLS Configuration # - # # - ####################### - # - # # You can find more on how to setup and trouble shoot TLS connnections at: - # - # # https://docs.nats.io/nats-server/configuration/securing_nats/tls - # - # tls: - # secret: - # name: nats-client-tls - # ca: "ca.crt" - # cert: "tls.crt" - # key: "tls.key" - -# In case of both external access and advertisements being -# enabled, an initializer container will be used to gather -# the public ips. -bootconfig: - image: natsio/nats-boot-config:0.5.3 - pullPolicy: IfNotPresent - -# NATS Box -# -# https://github.com/nats-io/nats-box -# -natsbox: - enabled: true - image: natsio/nats-box:0.6.0 - pullPolicy: IfNotPresent - - # An array of imagePullSecrets, and they have to be created manually in the same namespace - # ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ - imagePullSecrets: [] - # - name: dockerhub - - # credentials: - # secret: - # name: nats-sys-creds - # key: sys.creds - - # Annotations to add to the box pods - # ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/ - podAnnotations: {} - # key: "value" - - # Affinity for nats box pod assignment - # ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity - affinity: {} - -# The NATS config reloader image to use. -reloader: - enabled: true - image: natsio/nats-server-config-reloader:0.6.1 - pullPolicy: IfNotPresent - -# Prometheus NATS Exporter configuration. -exporter: - enabled: true - image: natsio/prometheus-nats-exporter:0.8.0 - pullPolicy: IfNotPresent - resources: {} - # Prometheus operator ServiceMonitor support. Exporter has to be enabled - serviceMonitor: - enabled: false - ## Specify the namespace where Prometheus Operator is running - ## - # namespace: monitoring - labels: {} - annotations: {} - path: /metrics - # interval: - # scrapeTimeout: - -# Authentication setup -auth: - enabled: false - - # basic: - # noAuthUser: - # # List of users that can connect with basic auth, - # # that belong to the global account. - # users: - - # # List of accounts with users that can connect - # # using basic auth. - # accounts: - - # Reference to the Operator JWT. - # operatorjwt: - # configMap: - # name: operator-jwt - # key: KO.jwt - - # Token authentication - # token: - - # Public key of the System Account - # systemAccount: - - resolver: - # Disables the resolver by default - type: none - - ########################################## - # # - # Embedded NATS Account Server Resolver # - # # - ########################################## - # type: full - - # If the resolver type is 'full', delete when enabled will rename the jwt. - allowDelete: false - - # Interval at which a nats-server with a nats based account resolver will compare - # it's state with one random nats based account resolver in the cluster and if needed, - # exchange jwt and converge on the same set of jwt. - interval: 2m - - # Operator JWT - operator: - - # System Account Public NKEY - systemAccount: - - # resolverPreload: - # : - - # Directory in which the account JWTs will be stored. - store: - dir: "/accounts/jwt" - - # Size of the account JWT storage. - size: 1Gi - - ############################## - # # - # Memory resolver settings # - # # - ############################## - # type: memory - # - # Use a configmap reference which will be mounted - # into the container. - # - # configMap: - # name: nats-accounts - # key: resolver.conf - - ########################## - # # - # URL resolver settings # - # # - ########################## - # type: URL - # url: "http://nats-account-server:9090/jwt/v1/accounts/" - -websocket: - enabled: false - port: 443 - -appProtocol: - enabled: false - -# Cluster Domain configured on the kubelets -# https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/ -k8sClusterDomain: cluster.local - -# Add labels to all the deployed resources -commonLabels: {} diff --git a/charts/kubezero-mq/templates/nats/grafana-dashboards.yaml b/charts/kubezero-mq/templates/nats/grafana-dashboards.yaml index 342df27e..e7910e43 100644 --- a/charts/kubezero-mq/templates/nats/grafana-dashboards.yaml +++ b/charts/kubezero-mq/templates/nats/grafana-dashboards.yaml @@ -1,4 +1,4 @@ -{{- if .Values.nats.exporter.serviceMonitor.enabled }} +{{- if .Values.nats.promExporter.podMonitor.enabled }} apiVersion: v1 kind: ConfigMap metadata: diff --git a/charts/kubezero-mq/update.sh b/charts/kubezero-mq/update.sh index 7bb46633..0a256f87 100755 --- a/charts/kubezero-mq/update.sh +++ b/charts/kubezero-mq/update.sh @@ -1,13 +1,13 @@ -#!/bin/bash +##!/bin/bash set -ex -helm dep update +. ../../scripts/lib-update.sh -## NATS - -NATS_VERSION=0.8.4 -rm -rf charts/nats && curl -L -s -o - https://github.com/nats-io/k8s/releases/download/v$NATS_VERSION/nats-$NATS_VERSION.tgz | tar xfz - -C charts +#login_ecr_public +update_helm # Fetch dashboards ../kubezero-metrics/sync_grafana_dashboards.py dashboards-nats.yaml templates/nats/grafana-dashboards.yaml ../kubezero-metrics/sync_grafana_dashboards.py dashboards-rabbitmq.yaml templates/rabbitmq/grafana-dashboards.yaml + +update_docs diff --git a/charts/kubezero-mq/values.yaml b/charts/kubezero-mq/values.yaml index dbeffc31..bd6db82a 100644 --- a/charts/kubezero-mq/values.yaml +++ b/charts/kubezero-mq/values.yaml @@ -2,17 +2,16 @@ nats: enabled: false - nats: - advertise: false - + config: jetstream: enabled: true - natsbox: + natsBox: enabled: false - exporter: - serviceMonitor: + promExporter: + enabled: false + podMonitor: enabled: false mqtt: @@ -71,18 +70,18 @@ rabbitmq: failIfNoPeerCert: false existingSecret: rabbitmq-server-certificate existingSecretFullChain: true - + clustering: enabled: false forceBoot: false - + resources: requests: memory: 512Mi cpu: 100m - + replicaCount: 1 - + persistence: size: 2Gi @@ -98,10 +97,10 @@ rabbitmq: whenUnsatisfiable: DoNotSchedule labelSelector: matchLabels: {{- include "common.labels.matchLabels" . | nindent 6 }} - + pdb: create: false - + metrics: enabled: false serviceMonitor: