bea/infra-prod
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

add rocketchat helm

Browse Source
This commit is contained in:
Beatrice Dellacà
2025-04-03 15:02:31 +02:00
parent 50847afaa0
commit 5127028f6d
177 changed files with 23855 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

685
deploy/rocket-chat/rocketchat-helm-pull-untar/charts/nats/values.yaml Normal file
View File

@@ -0,0 +1,685 @@
###############################
# #
# NATS Server Configuration #
# #
###############################
nats:
image: nats:2.7.4-alpine
pullPolicy: IfNotPresent
# The servers name prefix, must be used for example when we want a NATS cluster
# spanning multiple Kubernetes clusters.
serverNamePrefix: ""
# Toggle profiling.
# This enables nats-server pprof (profiling) port, so you can see goroutines
# stacks, memory heap sizes, etc.
profiling:
enabled: false
port: 6000
# Toggle using health check probes to better detect failures.
healthcheck:
# /healthz health check endpoint was introduced in NATS Server 2.7.1
# Attempt to detect /healthz support by inspecting if tag is >=2.7.1
detectHealthz: true
# Enable /healthz startupProbe for controlled upgrades of NATS JetStream
enableHealthz: true
# Enable liveness checks. If this fails, then the NATS Server will restarted.
liveness:
enabled: true
initialDelaySeconds: 10
timeoutSeconds: 5
# NOTE: liveness check + terminationGracePeriodSeconds can introduce unecessarily long outages
# due to the coupling between liveness probe and terminationGracePeriodSeconds.
# To avoid this, we make the periodSeconds of the liveness check to be about half the default
# time that it takes for lame duck graceful stop.
#
# In case of using Kubernetes +1.22 with probe-level terminationGracePeriodSeconds
# we could revise this but for now keep a minimal liveness check.
#
# More info:
#
# https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/#probe-level-terminationgraceperiodseconds
# https://github.com/kubernetes/kubernetes/issues/64715
#
periodSeconds: 30
successThreshold: 1
failureThreshold: 3
# Only for Kubernetes +1.22 that have pod level probes enabled.
terminationGracePeriodSeconds:
# Periodically check for the server to be ready for connections while
# the NATS container is running.
# Disabled by default since covered by startup probe and it is the same
# as the liveness check.
readiness:
enabled: false
initialDelaySeconds: 10
timeoutSeconds: 5
periodSeconds: 10
successThreshold: 1
failureThreshold: 3
# Enable startup checks to confirm server is ready for traffic.
# This is recommended for JetStream deployments since in cluster mode
# it will try to ensure that the server is ready to serve streams.
startup:
enabled: true
initialDelaySeconds: 10
timeoutSeconds: 5
periodSeconds: 10
successThreshold: 1
failureThreshold: 30
# Adds a hash of the ConfigMap as a pod annotation
# This will cause the StatefulSet to roll when the ConfigMap is updated
configChecksumAnnotation: true
# securityContext for the nats container
securityContext: {}
# Toggle whether to enable external access.
# This binds a host port for clients, gateways and leafnodes.
externalAccess: false
# Toggle to disable client advertisements (connect_urls),
# in case of running behind a load balancer (which is not recommended)
# it might be required to disable advertisements.
advertise: true
# In case both external access and advertise are enabled
# then a service account would be required to be able to
# gather the public ip from a node.
serviceAccount: "nats-server"
# The number of connect attempts against discovered routes.
connectRetries: 120
# selector matchLabels for the server and service.
# If left empty defaults are used.
# This is helpful if you are updating from Chart version <=7.4
selectorLabels: {}
resources: {}
client:
port: 4222
portName: "client"
# Server settings.
limits:
maxConnections:
maxSubscriptions:
maxControlLine:
maxPayload:
writeDeadline:
maxPending:
maxPings:
# How many seconds should pass before sending a PING
# to a client that has no activity.
pingInterval:
# grace period after pod begins shutdown before starting to close client connections
lameDuckGracePeriod: "10s"
# duration over which to slowly close close client connections after lameDuckGracePeriod has passed
lameDuckDuration: "30s"
# terminationGracePeriodSeconds determines how long to wait for graceful shutdown
# this should be at least `lameDuckGracePeriod` + `lameDuckDuration` + 20s shutdown overhead
terminationGracePeriodSeconds: 60
logging:
debug:
trace:
logtime:
connectErrorReports:
reconnectErrorReports:
# customConfigSecret can be used to use an custom secret for the config
# of the NATS Server.
# NOTE: For this to work the name of the configuration has to be
# called `nats.conf`.
#
# e.g. kubectl create secret generic custom-nats-conf --from-file nats.conf
#
# customConfigSecret:
# name:
#
# Alternately, the generated config can be extended with extra imports using the below syntax.
# The benefit of this is that cluster settings can be built up via helm values, but external
# secrets can be referenced and imported alongside it.
#
# config:
# <name-of-config-item>:
# <configMap|secret>
# name: "<configMap|secret name>"
#
# e.g:
#
# config:
# - name: ssh-key
# secret:
# secretName: ssh-key
# - name: config-vol
# configMap:
# name: log-config
jetstream:
enabled: false
# Jetstream Domain
domain:
##########################
# #
# Jetstream Encryption #
# #
##########################
encryption:
# Use key if you want to provide the key via Helm Values
# key: random_key
# Use a secret reference if you want to get a key from a secret
# secret:
# name: "nats-jetstream-encryption"
# key: "key"
#############################
# #
# Jetstream Memory Storage #
# #
#############################
memStorage:
enabled: true
size: 1Gi
############################
# #
# Jetstream File Storage #
# #
############################
fileStorage:
enabled: true
storageDirectory: /data
# Set for use with existing PVC
# existingClaim: jetstream-pvc
# claimStorageSize: 10Gi
# Use below block to create new persistent volume
# only used if existingClaim is not specified
size: 10Gi
# storageClassName: ""
accessModes:
- ReadWriteOnce
annotations:
# key: "value"
#######################
# #
# TLS Configuration #
# #
#######################
#
# # You can find more on how to setup and trouble shoot TLS connnections at:
#
# # https://docs.nats.io/nats-server/configuration/securing_nats/tls
#
# tls:
# allow_non_tls: false
# secret:
# name: nats-client-tls
# ca: "ca.crt"
# cert: "tls.crt"
# key: "tls.key"
mqtt:
enabled: false
ackWait: 1m
maxAckPending: 100
#######################
# #
# TLS Configuration #
# #
#######################
#
# # You can find more on how to setup and trouble shoot TLS connnections at:
#
# # https://docs.nats.io/nats-server/configuration/securing_nats/tls
#
#
# tls:
# secret:
# name: nats-mqtt-tls
# ca: "ca.crt"
# cert: "tls.crt"
# key: "tls.key"
nameOverride: ""
namespaceOverride: ""
# An array of imagePullSecrets, and they have to be created manually in the same namespace
# ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
imagePullSecrets: []
# Toggle whether to use setup a Pod Security Context
# ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/
securityContext: {}
# securityContext:
# fsGroup: 1000
# runAsUser: 1000
# runAsNonRoot: true
# Affinity for pod assignment
# ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity
affinity: {}
## Pod priority class name
## ref: https://kubernetes.io/docs/concepts/configuration/pod-priority-preemption/#priorityclass
priorityClassName: null
# Service topology
# ref: https://kubernetes.io/docs/concepts/services-networking/service-topology/
topologyKeys: []
# Pod Topology Spread Constraints
# ref https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/
topologySpreadConstraints: []
# - maxSkew: 1
# topologyKey: zone
# whenUnsatisfiable: DoNotSchedule
# Annotations to add to the NATS pods
# ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/
podAnnotations: {}
# key: "value"
# Define a Pod Disruption Budget for the stateful set
# ref: https://kubernetes.io/docs/concepts/workloads/pods/disruptions/
podDisruptionBudget:
enabled: true
maxUnavailable: 1
# minAvailable: 1
# Node labels for pod assignment
# Ref: https://kubernetes.io/docs/user-guide/node-selection/
nodeSelector: {}
# Node tolerations for server scheduling to nodes with taints
# Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/
#
tolerations: []
# - key: "key"
# operator: "Equal|Exists"
# value: "value"
# effect: "NoSchedule|PreferNoSchedule|NoExecute(1.6 only)"
# Annotations to add to the NATS StatefulSet
statefulSetAnnotations: {}
# Labels to add to the pods of the NATS StatefulSet
statefulSetPodLabels: {}
# Annotations to add to the NATS Service
serviceAnnotations: {}
# additionalContainers are the sidecar containers to add to the NATS StatefulSet
additionalContainers: []
# additionalVolumes are the additional volumes to add to the NATS StatefulSet
additionalVolumes: []
# additionalVolumeMounts are the additional volume mounts to add to the nats-server and nats-server-config-reloader containers
additionalVolumeMounts: []
cluster:
enabled: false
replicas: 3
noAdvertise: false
# Explicitly set routes for clustering.
# When JetStream is enabled, the serverName must be unique in the cluster.
extraRoutes: []
# authorization:
# user: foo
# password: pwd
# timeout: 0.5
# Leafnode connections to extend a cluster:
#
# https://docs.nats.io/nats-server/configuration/leafnodes
#
leafnodes:
enabled: false
port: 7422
noAdvertise: false
# remotes:
# - url: "tls://connect.ngs.global:7422"
#######################
# #
# TLS Configuration #
# #
#######################
#
# # You can find more on how to setup and trouble shoot TLS connnections at:
#
# # https://docs.nats.io/nats-server/configuration/securing_nats/tls
#
#
# tls:
# secret:
# name: nats-client-tls
# ca: "ca.crt"
# cert: "tls.crt"
# key: "tls.key"
# Gateway connections to create a super cluster
#
# https://docs.nats.io/nats-server/configuration/gateways
#
gateway:
enabled: false
port: 7522
name: "default"
# authorization:
# user: foo
# password: pwd
# timeout: 0.5
# rejectUnknownCluster: false
# You can add an implicit advertise address instead of using from Node's IP
# could also be a fqdn address
# advertise: "nats.example.com"
#############################
# #
# List of remote gateways #
# #
#############################
# gateways:
# - name: other
# url: nats://my-gateway-url:7522
#######################
# #
# TLS Configuration #
# #
#######################
#
# # You can find more on how to setup and trouble shoot TLS connnections at:
#
# # https://docs.nats.io/nats-server/configuration/securing_nats/tls
#
# tls:
# secret:
# name: nats-client-tls
# ca: "ca.crt"
# cert: "tls.crt"
# key: "tls.key"
# In case of both external access and advertisements being
# enabled, an initializer container will be used to gather
# the public ips.
bootconfig:
image: natsio/nats-boot-config:0.5.4
pullPolicy: IfNotPresent
securityContext: {}
# NATS Box
#
# https://github.com/nats-io/nats-box
#
natsbox:
enabled: true
image: natsio/nats-box:0.8.1
pullPolicy: IfNotPresent
securityContext: {}
# Labels to add to the natsbox deployment
# ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/
additionalLabels: {}
# An array of imagePullSecrets, and they have to be created manually in the same namespace
# ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
imagePullSecrets: []
# - name: dockerhub
# credentials:
# secret:
# name: nats-sys-creds
# key: sys.creds
# Annotations to add to the box pods
# ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/
podAnnotations: {}
# key: "value"
# Labels to add to the box pods
# ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/
podLabels: {}
# key: "value"
# Affinity for nats box pod assignment
# ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity
affinity: {}
# Node labels for pod assignment
# Ref: https://kubernetes.io/docs/user-guide/node-selection/
nodeSelector: {}
# Node tolerations for server scheduling to nodes with taints
# Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/
#
tolerations: []
# - key: "key"
# operator: "Equal|Exists"
# value: "value"
# effect: "NoSchedule|PreferNoSchedule|NoExecute(1.6 only)"
# Additional nats-box server Volume mounts
extraVolumeMounts: []
# Additional nats-box server Volumes
extraVolumes: []
# The NATS config reloader image to use.
reloader:
enabled: true
image: natsio/nats-server-config-reloader:0.6.3
pullPolicy: IfNotPresent
securityContext: {}
extraConfigs: []
# Prometheus NATS Exporter configuration.
exporter:
enabled: true
image: natsio/prometheus-nats-exporter:0.9.1
pullPolicy: IfNotPresent
securityContext: {}
resources: {}
# Prometheus operator ServiceMonitor support. Exporter has to be enabled
serviceMonitor:
enabled: false
## Specify the namespace where Prometheus Operator is running
##
# namespace: monitoring
labels: {}
annotations: {}
path: /metrics
# interval:
# scrapeTimeout:
# Authentication setup
auth:
enabled: false
# basic:
# noAuthUser:
# # List of users that can connect with basic auth,
# # that belong to the global account.
# users:
# # List of accounts with users that can connect
# # using basic auth.
# accounts:
# Reference to the Operator JWT.
# operatorjwt:
# configMap:
# name: operator-jwt
# key: KO.jwt
# Token authentication
# token:
# NKey authentication
# nkeys:
# users:
# Public key of the System Account
# systemAccount:
resolver:
# Disables the resolver by default
type: none
##########################################
# #
# Embedded NATS Account Server Resolver #
# #
##########################################
# type: full
# If the resolver type is 'full', delete when enabled will rename the jwt.
allowDelete: false
# Interval at which a nats-server with a nats based account resolver will compare
# it's state with one random nats based account resolver in the cluster and if needed,
# exchange jwt and converge on the same set of jwt.
interval: 2m
# Operator JWT
operator:
# System Account Public NKEY
systemAccount:
# resolverPreload:
# <ACCOUNT>: <JWT>
# Directory in which the account JWTs will be stored.
store:
dir: "/accounts/jwt"
# Size of the account JWT storage.
size: 1Gi
##############################
# #
# Memory resolver settings #
# #
##############################
# type: memory
#
# Use a configmap reference which will be mounted
# into the container.
#
# configMap:
# name: nats-accounts
# key: resolver.conf
##########################
# #
# URL resolver settings #
# #
##########################
# type: URL
# url: "http://nats-account-server:9090/jwt/v1/accounts/"
websocket:
enabled: false
port: 443
noTLS: true
sameOrigin: false
allowedOrigins: []
# This will optionally specify what host:port for websocket
# connections to be advertised in the cluster.
# advertise: "host:port"
appProtocol:
enabled: false
# Network Policy configuration
networkPolicy:
enabled: false
# Don't require client label for connections
# When set to false, only pods with the correct client label will have network access to the ports
# NATS is listening on. When true, NATS will accept connections from any source
# (with the correct destination port).
allowExternal: true
# Add extra ingress rules to the NetworkPolicy
# e.g:
# extraIngress:
# - ports:
# - port: 1234
# from:
# - podSelector:
# - matchLabels:
# - role: frontend
# - podSelector:
# - matchExpressions:
# - key: role
# operator: In
# values:
# - frontend
extraIngress: []
# Add extra ingress rules to the NetworkPolicy
# e.g:
# extraEgress:
# - ports:
# - port: 1234
# to:
# - podSelector:
# - matchLabels:
# - role: frontend
# - podSelector:
# - matchExpressions:
# - key: role
# operator: In
# values:
# - frontend
extraEgress: []
# Labels to match to allow traffic from other namespaces
ingressNSMatchLabels: {}
# Pod labels to match to allow traffic from other namespaces
ingressNSPodMatchLabels: {}
# Cluster Domain configured on the kubelets
# https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/
k8sClusterDomain: cluster.local
# Define if NATS is using FQDN name for clustering (i.e. nats-0.nats.default.svc.cluster.local) or short name (i.e. nats-0.nats.default).
useFQDN: true
# Add labels to all the deployed resources
commonLabels: {}
# podManagementPolicy controls how pods are created during initial scale up,
# when replacing pods on nodes, or when scaling down.
podManagementPolicy: Parallel