--- apiVersion: v1 kind: ConfigMap metadata: name: {{ include "nats.fullname" . }}-config labels: {{- include "nats.labels" . | nindent 4 }} data: nats.conf: | # PID file shared with configuration reloader. pid_file: "/var/run/nats/nats.pid" ############### # # # Monitoring # # # ############### http: 8222 server_name: $POD_NAME {{- if .Values.nats.tls }} ##################### # # # TLS Configuration # # # ##################### {{- with .Values.nats.tls }} {{- $nats_tls := merge (dict) . }} {{- $_ := set $nats_tls "secretPath" "/etc/nats-certs/clients" }} {{- include "nats.tlsConfig" $nats_tls | nindent 4}} {{- end }} {{- end }} {{- if .Values.nats.jetstream.enabled }} ################################### # # # NATS JetStream # # # ################################### jetstream { {{- if .Values.nats.jetstream.memStorage.enabled }} max_mem: {{ .Values.nats.jetstream.memStorage.size }} {{- end }} {{- if .Values.nats.jetstream.fileStorage.enabled }} store_dir: {{ .Values.nats.jetstream.fileStorage.storageDirectory }} max_file: {{- if .Values.nats.jetstream.fileStorage.existingClaim }} {{- .Values.nats.jetstream.fileStorage.claimStorageSize }} {{- else }} {{- .Values.nats.jetstream.fileStorage.size }} {{- end }} {{- end }} } {{- end }} {{- if .Values.cluster.enabled }} ################################### # # # NATS Full Mesh Clustering Setup # # # ################################### cluster { port: 6222 {{- if .Values.nats.jetstream.enabled }} {{- if .Values.cluster.name }} name: {{ .Values.cluster.name }} {{- else }} name: {{ template "nats.name" . }} {{- end }} {{- else }} {{- with .Values.cluster.name }} name: {{ . }} {{- end }} {{- end }} {{- with .Values.cluster.tls }} {{- $cluster_tls := merge (dict) . }} {{- $_ := set $cluster_tls "secretPath" "/etc/nats-certs/cluster" }} {{- include "nats.tlsConfig" $cluster_tls | nindent 6}} {{- end }} routes = [ {{ include "nats.clusterRoutes" . }} ] cluster_advertise: $CLUSTER_ADVERTISE {{- with .Values.cluster.noAdvertise }} no_advertise: {{ . }} {{- end }} connect_retries: {{ .Values.nats.connectRetries }} } {{ end }} {{- if and .Values.nats.advertise .Values.nats.externalAccess }} include "advertise/client_advertise.conf" {{- end }} {{- if or .Values.leafnodes.enabled .Values.leafnodes.remotes }} ################# # # # NATS Leafnode # # # ################# leafnodes { {{- if .Values.leafnodes.enabled }} listen: "0.0.0.0:7422" {{- end }} {{ if and .Values.nats.advertise .Values.nats.externalAccess }} include "advertise/gateway_advertise.conf" {{ end }} {{- with .Values.leafnodes.noAdvertise }} no_advertise: {{ . }} {{- end }} {{- with .Values.leafnodes.tls }} {{- $leafnode_tls := merge (dict) . }} {{- $_ := set $leafnode_tls "secretPath" "/etc/nats-certs/leafnodes" }} {{- include "nats.tlsConfig" $leafnode_tls | nindent 6}} {{- end }} remotes: [ {{- range .Values.leafnodes.remotes }} { {{- with .url }} url: {{ . }} {{- end }} {{- with .credentials }} credentials: "/etc/nats-creds/{{ .secret.name }}/{{ .secret.key }}" {{- end }} } {{- end }} ] } {{ end }} {{- if .Values.gateway.enabled }} ################# # # # NATS Gateways # # # ################# gateway { name: {{ .Values.gateway.name }} port: 7522 {{ if and .Values.nats.advertise .Values.nats.externalAccess }} include "advertise/gateway_advertise.conf" {{ end }} {{- with .Values.gateway.tls }} {{- $gateway_tls := merge (dict) . }} {{- $_ := set $gateway_tls "secretPath" "/etc/nats-certs/gateway" }} {{- include "nats.tlsConfig" $gateway_tls | nindent 6}} {{- end }} # Gateways array here gateways: [ {{- range .Values.gateway.gateways }} { {{- with .name }} name: {{ . }} {{- end }} {{- with .url }} url: {{ . | quote }} {{- end }} {{- with .urls }} urls: [{{ join "," . }}] {{- end }} }, {{- end }} ] } {{ end }} {{- with .Values.nats.logging.debug }} debug: {{ . }} {{- end }} {{- with .Values.nats.logging.trace }} trace: {{ . }} {{- end }} {{- with .Values.nats.logging.logtime }} logtime: {{ . }} {{- end }} {{- with .Values.nats.logging.connectErrorReports }} connect_error_reports: {{ . }} {{- end }} {{- with .Values.nats.logging.reconnectErrorReports }} reconnect_error_reports: {{ . }} {{- end }} {{- with .Values.nats.limits.maxConnections }} max_connections: {{ . }} {{- end }} {{- with .Values.nats.limits.maxSubscriptions }} max_subscriptions: {{ . }} {{- end }} {{- with .Values.nats.limits.maxPending }} max_pending: {{ . }} {{- end }} {{- with .Values.nats.limits.maxControlLine }} max_control_line: {{ . }} {{- end }} {{- with .Values.nats.limits.maxPayload }} max_payload: {{ . }} {{- end }} {{- with .Values.nats.pingInterval }} ping_interval: {{ . }} {{- end }} {{- with .Values.nats.maxPings }} ping_max: {{ . }} {{- end }} {{- with .Values.nats.writeDeadline }} write_deadline: {{ . | quote }} {{- end }} {{- with .Values.nats.writeDeadline }} lame_duck_duration: {{ . | quote }} {{- end }} {{- if .Values.websocket.enabled }} ################## # # # Websocket # # # ################## ws { port: {{ .Values.websocket.port }} {{- if .Values.websocket.tls }} {{ $secretName := .secret.name }} tls { {{- with .cert }} cert_file: /etc/nats-certs/ws/{{ $secretName }}/{{ . }} {{- end }} {{- with .key }} key_file: /etc/nats-certs/ws/{{ $secretName }}/{{ . }} {{- end }} {{- with .ca }} ca_file: /etc/nats-certs/ws/{{ $secretName }}/{{ . }} {{- end }} } {{- else }} no_tls: {{ .Values.websocket.noTLS }} {{- end }} } {{- end }} {{- if .Values.auth.enabled }} ################## # # # Authorization # # # ################## {{- if .Values.auth.resolver }} {{- if eq .Values.auth.resolver.type "memory" }} resolver: MEMORY include "accounts/{{ .Values.auth.resolver.configMap.key }}" {{- end }} {{- if eq .Values.auth.resolver.type "full" }} {{- if .Values.auth.resolver.configMap }} include "accounts/{{ .Values.auth.resolver.configMap.key }}" {{- else }} {{- with .Values.auth.resolver }} operator: {{ .operator }} system_account: {{ .systemAccount }} {{- end }} resolver: { type: full {{- with .Values.auth.resolver }} dir: {{ .store.dir | quote }} allow_delete: {{ .allowDelete }} interval: {{ .interval | quote }} {{- end }} } {{- end }} {{- end }} {{- if .Values.auth.resolver.resolverPreload }} resolver_preload: {{ toRawJson .Values.auth.resolver.resolverPreload }} {{- end }} {{- if eq .Values.auth.resolver.type "URL" }} {{- with .Values.auth.resolver.url }} resolver: URL({{ . }}) {{- end }} operator: /etc/nats-config/operator/{{ .Values.auth.operatorjwt.configMap.key }} {{- end }} {{- end }} {{- with .Values.auth.systemAccount }} system_account: {{ . }} {{- end }} {{- with .Values.auth.basic }} {{- with .noAuthUser }} no_auth_user: {{ . }} {{- end }} {{- with .users }} authorization { users: [ {{- range . }} {{- toRawJson . | nindent 4 }}, {{- end }} ] } {{- end }} {{- with .accounts }} accounts: {{- toRawJson . }} {{- end }} {{- end }} {{- end }}