bea/infra-prod
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

add rocketchat helm

Browse Source
This commit is contained in:
Beatrice Dellacà
2025-04-03 15:02:31 +02:00
parent 50847afaa0
commit 5127028f6d
177 changed files with 23855 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

551
deploy/rocket-chat/rocketchat-helm-pull-untar/charts/nats/templates/configmap.yaml Normal file
View File

@@ -0,0 +1,551 @@
---
apiVersion: v1
kind: ConfigMap
metadata:
name: {{ include "nats.fullname" . }}-config
namespace: {{ include "nats.namespace" . }}
labels:
{{- include "nats.labels" . | nindent 4 }}
data:
nats.conf: |
# NATS Clients Port
port: {{ .Values.nats.client.port }}
# PID file shared with configuration reloader.
pid_file: "/var/run/nats/nats.pid"
{{- if .Values.nats.config }}
###########
# #
# Imports #
# #
###########
{{- range .Values.nats.config }}
include ./{{ .name }}/{{ .name }}.conf
{{- end}}
{{- end }}
###############
# #
# Monitoring #
# #
###############
http: 8222
server_name: {{- if .Values.nats.serverNamePrefix }}$SERVER_NAME{{- else }}$POD_NAME{{- end }}
{{- if .Values.nats.tls }}
#####################
# #
# TLS Configuration #
# #
#####################
{{- with .Values.nats.tls }}
{{- $nats_tls := merge (dict) . }}
{{- $_ := set $nats_tls "secretPath" "/etc/nats-certs/clients" }}
{{- tpl (include "nats.tlsConfig" $nats_tls) $ | nindent 4}}
{{- end }}
{{- if .Values.nats.tls.allowNonTLS }}
allow_non_tls: {{ .Values.nats.tls.allowNonTLS }}
{{- end }}
{{- end }}
{{- if .Values.nats.jetstream.enabled }}
###################################
# #
# NATS JetStream #
# #
###################################
jetstream {
{{- if .Values.nats.jetstream.encryption }}
{{- if .Values.nats.jetstream.encryption.key }}
key: {{ .Values.nats.jetstream.encryption.key | quote }}
{{- else if .Values.nats.jetstream.encryption.secret }}
key: $JS_KEY
{{- end}}
{{- end}}
{{- if .Values.nats.jetstream.memStorage.enabled }}
max_mem: {{ .Values.nats.jetstream.memStorage.size }}
{{- end }}
{{- if .Values.nats.jetstream.domain }}
domain: {{ .Values.nats.jetstream.domain }}
{{- end }}
{{- if .Values.nats.jetstream.fileStorage.enabled }}
store_dir: {{ .Values.nats.jetstream.fileStorage.storageDirectory }}
max_file:
{{- if .Values.nats.jetstream.fileStorage.existingClaim }}
{{- .Values.nats.jetstream.fileStorage.claimStorageSize }}
{{- else }}
{{- .Values.nats.jetstream.fileStorage.size }}
{{- end }}
{{- end }}
}
{{- end }}
{{- if .Values.mqtt.enabled }}
###################################
# #
# NATS MQTT #
# #
###################################
mqtt {
port: 1883
{{- with .Values.mqtt.tls }}
{{- $mqtt_tls := merge (dict) . }}
{{- $_ := set $mqtt_tls "secretPath" "/etc/nats-certs/mqtt" }}
{{- tpl (include "nats.tlsConfig" $mqtt_tls) $ | nindent 6}}
{{- end }}
{{- if .Values.mqtt.noAuthUser }}
no_auth_user: {{ .Values.mqtt.noAuthUser | quote }}
{{- end }}
ack_wait: {{ .Values.mqtt.ackWait | quote }}
max_ack_pending: {{ .Values.mqtt.maxAckPending }}
}
{{- end }}
{{- if .Values.cluster.enabled }}
###################################
# #
# NATS Full Mesh Clustering Setup #
# #
###################################
cluster {
port: 6222
{{- if .Values.nats.jetstream.enabled }}
{{- if .Values.cluster.name }}
name: {{ .Values.cluster.name }}
{{- else }}
name: {{ template "nats.name" . }}
{{- end }}
{{- else }}
{{- with .Values.cluster.name }}
name: {{ . }}
{{- end }}
{{- end }}
{{- with .Values.cluster.tls }}
{{- $cluster_tls := merge (dict) . }}
{{- $_ := set $cluster_tls "secretPath" "/etc/nats-certs/cluster" }}
{{- tpl (include "nats.tlsConfig" $cluster_tls) $ | nindent 6}}
{{- end }}
{{- if .Values.cluster.authorization }}
authorization {
{{- with .Values.cluster.authorization.user }}
user: {{ . }}
{{- end }}
{{- with .Values.cluster.authorization.password }}
password: {{ . }}
{{- end }}
{{- with .Values.cluster.authorization.timeout }}
timeout: {{ . }}
{{- end }}
}
{{- end }}
routes = [
{{ include "nats.clusterRoutes" . }}
{{ include "nats.extraRoutes" . }}
]
cluster_advertise: $CLUSTER_ADVERTISE
{{- with .Values.cluster.noAdvertise }}
no_advertise: {{ . }}
{{- end }}
connect_retries: {{ .Values.nats.connectRetries }}
}
{{- end }}
{{- if and .Values.nats.advertise .Values.nats.externalAccess }}
include "advertise/client_advertise.conf"
{{- end }}
{{- if or .Values.leafnodes.enabled .Values.leafnodes.remotes }}
#################
# #
# NATS Leafnode #
# #
#################
leafnodes {
{{- if .Values.leafnodes.enabled }}
listen: "0.0.0.0:{{ .Values.leafnodes.port }}"
{{- end }}
{{- if and .Values.nats.advertise .Values.nats.externalAccess }}
include "advertise/gateway_advertise.conf"
{{- end }}
{{- with .Values.leafnodes.noAdvertise }}
no_advertise: {{ . }}
{{- end }}
{{- with .Values.leafnodes.authorization }}
authorization: {
{{- with .user }}
user: {{ . }}
{{- end }}
{{- with .password }}
password: {{ . }}
{{- end }}
{{- with .account }}
account: {{ . | quote }}
{{- end }}
{{- with .timeout }}
timeout: {{ . }}
{{- end }}
{{- with .users }}
users: [
{{- range . }}
{{- toRawJson . | nindent 10 }},
{{- end }}
]
{{- end }}
}
{{- end }}
{{- with .Values.leafnodes.tls }}
{{- if .custom }}
tls {
{{- .custom | nindent 8 }}
}
{{- else }}
{{- $leafnode_tls := merge (dict) . }}
{{- $_ := set $leafnode_tls "secretPath" "/etc/nats-certs/leafnodes" }}
{{- tpl (include "nats.tlsConfig" $leafnode_tls) $ | nindent 6}}
{{- end }}
{{- end }}
remotes: [
{{- range .Values.leafnodes.remotes }}
{
{{- with .url }}
url: {{ . | quote }}
{{- end }}
{{- with .urls }}
urls: {{ toRawJson . }}
{{- end }}
{{- with .account }}
account: {{ . | quote }}
{{- end }}
{{- with .credentials }}
credentials: "/etc/nats-creds/{{ .secret.name }}/{{ .secret.key }}"
{{- end }}
{{- with .tls }}
tls: {
{{- if .custom }}
{{- .custom | nindent 10 }}
{{- else }}
{{ $secretName := tpl .secret.name $ }}
{{- with .cert }}
cert_file: /etc/nats-certs/leafnodes/{{ $secretName }}/{{ . }}
{{- end }}
{{- with .key }}
key_file: /etc/nats-certs/leafnodes/{{ $secretName }}/{{ . }}
{{- end }}
{{- with .ca }}
ca_file: /etc/nats-certs/leafnodes/{{ $secretName }}/{{ . }}
{{- end }}
{{- end }}
}
{{- end }}
}
{{- end }}
]
}
{{- end }}
{{- if .Values.gateway.enabled }}
#################
# #
# NATS Gateways #
# #
#################
gateway {
name: {{ .Values.gateway.name }}
port: {{ .Values.gateway.port }}
{{- if .Values.gateway.advertise }}
advertise: {{ .Values.gateway.advertise }}
{{- end }}
{{- if .Values.gateway.rejectUnknownCluster }}
reject_unknown_cluster: {{ .Values.gateway.rejectUnknownCluster }}
{{- end }}
{{- if .Values.gateway.authorization }}
authorization {
{{- with .Values.gateway.authorization.user }}
user: {{ . }}
{{- end }}
{{- with .Values.gateway.authorization.password }}
password: {{ . }}
{{- end }}
{{- with .Values.gateway.authorization.timeout }}
timeout: {{ . }}
{{- end }}
}
{{- end }}
{{- if and .Values.nats.advertise .Values.nats.externalAccess }}
include "advertise/gateway_advertise.conf"
{{- end }}
{{- with .Values.gateway.tls }}
{{- $gateway_tls := merge (dict) . }}
{{- $_ := set $gateway_tls "secretPath" "/etc/nats-certs/gateways" }}
{{- tpl (include "nats.tlsConfig" $gateway_tls) $ | nindent 6}}
{{- end }}
# Gateways array here
gateways: [
{{- range .Values.gateway.gateways }}
{
{{- with .name }}
name: {{ . }}
{{- end }}
{{- with .url }}
url: {{ . | quote }}
{{- end }}
{{- with .urls }}
urls: [{{ join "," . }}]
{{- end }}
},
{{- end }}
]
}
{{- end }}
{{- with .Values.nats.logging.debug }}
debug: {{ . }}
{{- end }}
{{- with .Values.nats.logging.trace }}
trace: {{ . }}
{{- end }}
{{- with .Values.nats.logging.logtime }}
logtime: {{ . }}
{{- end }}
{{- with .Values.nats.logging.connectErrorReports }}
connect_error_reports: {{ . }}
{{- end }}
{{- with .Values.nats.logging.reconnectErrorReports }}
reconnect_error_reports: {{ . }}
{{- end }}
{{- with .Values.nats.limits.maxConnections }}
max_connections: {{ . }}
{{- end }}
{{- with .Values.nats.limits.maxSubscriptions }}
max_subscriptions: {{ . }}
{{- end }}
{{- with .Values.nats.limits.maxPending }}
max_pending: {{ . }}
{{- end }}
{{- with .Values.nats.limits.maxControlLine }}
max_control_line: {{ . }}
{{- end }}
{{- with .Values.nats.limits.maxPayload }}
max_payload: {{ . }}
{{- end }}
{{- with .Values.nats.limits.pingInterval }}
ping_interval: {{ . }}
{{- end }}
{{- with .Values.nats.limits.maxPings }}
ping_max: {{ . }}
{{- end }}
{{- with .Values.nats.limits.writeDeadline }}
write_deadline: {{ . }}
{{- end }}
{{- with .Values.nats.limits.lameDuckGracePeriod }}
lame_duck_grace_period: {{ . }}
{{- end }}
{{- with .Values.nats.limits.lameDuckDuration }}
lame_duck_duration: {{ . }}
{{- end }}
{{- if .Values.websocket.enabled }}
##################
# #
# Websocket #
# #
##################
websocket {
port: {{ .Values.websocket.port }}
{{- with .Values.websocket.tls }}
{{ $secretName := tpl .secret.name $ }}
tls {
{{- with .cert }}
cert_file: /etc/nats-certs/ws/{{ $secretName }}/{{ . }}
{{- end }}
{{- with .key }}
key_file: /etc/nats-certs/ws/{{ $secretName }}/{{ . }}
{{- end }}
{{- with .ca }}
ca_file: /etc/nats-certs/ws/{{ $secretName }}/{{ . }}
{{- end }}
}
{{- else }}
no_tls: {{ .Values.websocket.noTLS }}
{{- end }}
same_origin: {{ .Values.websocket.sameOrigin }}
{{- with .Values.websocket.allowedOrigins }}
allowed_origins: {{ toRawJson . }}
{{- end }}
{{- with .Values.websocket.advertise }}
advertise: {{ . }}
{{- end }}
}
{{- end }}
{{- if .Values.auth.enabled }}
##################
# #
# Authorization #
# #
##################
{{- if .Values.auth.resolver }}
{{- if eq .Values.auth.resolver.type "memory" }}
resolver: MEMORY
include "accounts/{{ .Values.auth.resolver.configMap.key }}"
{{- end }}
{{- if eq .Values.auth.resolver.type "full" }}
{{- if .Values.auth.resolver.configMap }}
include "accounts/{{ .Values.auth.resolver.configMap.key }}"
{{- else }}
{{- with .Values.auth.resolver }}
{{- if $.Values.auth.timeout }}
authorization {
timeout: {{ $.Values.auth.timeout }}
}
{{- end }}
{{- if .operator }}
operator: {{ .operator }}
{{- end }}
{{- if .systemAccount }}
system_account: {{ .systemAccount }}
{{- end }}
{{- end }}
resolver: {
type: full
{{- with .Values.auth.resolver }}
dir: {{ .store.dir | quote }}
allow_delete: {{ .allowDelete }}
interval: {{ .interval | quote }}
{{- end }}
}
{{- end }}
{{- end }}
{{- if .Values.auth.resolver.resolverPreload }}
resolver_preload: {{ toRawJson .Values.auth.resolver.resolverPreload }}
{{- end }}
{{- if eq .Values.auth.resolver.type "URL" }}
{{- with .Values.auth.resolver.url }}
resolver: URL({{ . }})
{{- end }}
operator: /etc/nats-config/operator/{{ .Values.auth.operatorjwt.configMap.key }}
{{- end }}
{{- end }}
{{- with .Values.auth.systemAccount }}
system_account: {{ . }}
{{- end }}
{{- with .Values.auth.token }}
authorization {
token: "{{ . }}"
{{- if $.Values.auth.timeout }}
timeout: {{ $.Values.auth.timeout }}
{{- end }}
}
{{- end }}
{{- with .Values.auth.nkeys }}
{{- with .users }}
authorization {
{{- if $.Values.auth.timeout }}
timeout: {{ $.Values.auth.timeout }}
{{- end }}
users: [
{{- range . }}
{{- toRawJson . | nindent 8 }},
{{- end }}
]
}
{{- end }}
{{- end }}
{{- with .Values.auth.basic }}
{{- with .noAuthUser }}
no_auth_user: {{ . }}
{{- end }}
{{- with .users }}
authorization {
{{- if $.Values.auth.timeout }}
timeout: {{ $.Values.auth.timeout }}
{{- end }}
users: [
{{- range . }}
{{- toRawJson . | nindent 8 }},
{{- end }}
]
}
{{- end }}
{{- with .accounts }}
authorization {
{{- if $.Values.auth.timeout }}
timeout: {{ $.Values.auth.timeout }}
{{- end }}
}
accounts: {{- toRawJson . }}
{{- end }}
{{- end }}
{{- end }}