bea/infra-prod
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

update rocket-chat

Browse Source
This commit is contained in:
Beatrice Dellacà
2025-04-03 15:16:10 +02:00
parent 31f6b361ac
commit 571c3a4dbb
180 changed files with 1 additions and 48 deletions
Download Patch File Download Diff File Expand all files Collapse all files

26
deploy/rocket-chat/charts/nats/templates/NOTES.txt Normal file
View File

@@ -0,0 +1,26 @@
{{- if or .Values.nats.logging.debug .Values.nats.logging.trace }}
*WARNING*: Keep in mind that running the server with
debug and/or trace enabled significantly affects the
performance of the server!
{{- end }}
You can find more information about running NATS on Kubernetes
in the NATS documentation website:
https://docs.nats.io/nats-on-kubernetes/nats-kubernetes
{{- if .Values.natsbox.enabled }}
NATS Box has been deployed into your cluster, you can
now use the NATS tools within the container as follows:
kubectl exec -n {{ template "nats.namespace" . }} -it deployment/{{ template "nats.fullname" . }}-box -- /bin/sh -l
nats-box:~# nats-sub test &
nats-box:~# nats-pub test hi
nats-box:~# nc {{ template "nats.fullname" . }} {{ .Values.nats.client.port }}
{{- end }}
Thanks for using NATS!

147
deploy/rocket-chat/charts/nats/templates/_helpers.tpl Normal file
View File

@@ -0,0 +1,147 @@
{{/*
Expand the name of the chart.
*/}}
{{- define "nats.name" -}}
{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
{{- end -}}
{{- define "nats.namespace" -}}
{{- default .Release.Namespace .Values.namespaceOverride | trunc 63 | trimSuffix "-" -}}
{{- end -}}
{{- define "nats.fullname" -}}
{{- if .Values.fullnameOverride -}}
{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}}
{{- else -}}
{{- $name := default .Chart.Name .Values.nameOverride -}}
{{- if contains $name .Release.Name -}}
{{- .Release.Name | trunc 63 | trimSuffix "-" -}}
{{- else -}}
{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
{{- end -}}
{{- end -}}
{{- end -}}
{{/*
Create chart name and version as used by the chart label.
*/}}
{{- define "nats.chart" -}}
{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }}
{{- end }}
{{/*
Common labels
*/}}
{{- define "nats.labels" -}}
helm.sh/chart: {{ include "nats.chart" . }}
{{- range $name, $value := .Values.commonLabels }}
{{ $name }}: {{ tpl $value $ }}
{{- end }}
{{ include "nats.selectorLabels" . }}
{{- if .Chart.AppVersion }}
app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
{{- end }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
{{- end }}
{{/*
Selector labels
*/}}
{{- define "nats.selectorLabels" -}}
{{- if .Values.nats.selectorLabels }}
{{ tpl (toYaml .Values.nats.selectorLabels) . }}
{{- else -}}
app.kubernetes.io/name: {{ include "nats.name" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
{{- end }}
{{- end }}
{{/*
Return the proper NATS image name
*/}}
{{- define "nats.clusterAdvertise" -}}
{{- if $.Values.useFQDN }}
{{- printf "$(POD_NAME).%s.$(POD_NAMESPACE).svc.%s" (include "nats.fullname" . ) $.Values.k8sClusterDomain }}
{{- else }}
{{- printf "$(POD_NAME).%s.$(POD_NAMESPACE)" (include "nats.fullname" . ) }}
{{- end }}
{{- end }}
{{/*
Return the NATS cluster routes.
*/}}
{{- define "nats.clusterRoutes" -}}
{{- $name := (include "nats.fullname" . ) -}}
{{- $namespace := (include "nats.namespace" . ) -}}
{{- range $i, $e := until (.Values.cluster.replicas | int) -}}
{{- if $.Values.useFQDN }}
{{- printf "nats://%s-%d.%s.%s.svc.%s:6222," $name $i $name $namespace $.Values.k8sClusterDomain -}}
{{- else }}
{{- printf "nats://%s-%d.%s.%s:6222," $name $i $name $namespace -}}
{{- end }}
{{- end -}}
{{- end }}
{{- define "nats.extraRoutes" -}}
{{- range $i, $url := .Values.cluster.extraRoutes -}}
{{- printf "%s," $url -}}
{{- end -}}
{{- end }}
{{- define "nats.tlsConfig" -}}
tls {
{{- if .cert }}
cert_file: {{ .secretPath }}/{{ .secret.name }}/{{ .cert }}
{{- end }}
{{- if .key }}
key_file: {{ .secretPath }}/{{ .secret.name }}/{{ .key }}
{{- end }}
{{- if .ca }}
ca_file: {{ .secretPath }}/{{ .secret.name }}/{{ .ca }}
{{- end }}
{{- if .insecure }}
insecure: {{ .insecure }}
{{- end }}
{{- if .verify }}
verify: {{ .verify }}
{{- end }}
{{- if .verifyAndMap }}
verify_and_map: {{ .verifyAndMap }}
{{- end }}
{{- if .curvePreferences }}
curve_preferences: {{ .curvePreferences }}
{{- end }}
{{- if .timeout }}
timeout: {{ .timeout }}
{{- end }}
{{- if .cipherSuites }}
cipher_suites: {{ toRawJson .cipherSuites }}
{{- end }}
}
{{- end }}
{{/*
Return the appropriate apiVersion for networkpolicy.
*/}}
{{- define "networkPolicy.apiVersion" -}}
{{- if semverCompare ">=1.4-0, <1.7-0" .Capabilities.KubeVersion.GitVersion -}}
{{- print "extensions/v1beta1" -}}
{{- else -}}
{{- print "networking.k8s.io/v1" -}}
{{- end -}}
{{- end -}}
{{/*
Renders a value that contains template.
Usage:
{{ include "tplvalues.render" ( dict "value" .Values.path.to.the.Value "context" $) }}
*/}}
{{- define "tplvalues.render" -}}
{{- if typeIs "string" .value }}
{{- tpl .value .context }}
{{- else }}
{{- tpl (toYaml .value) .context }}
{{- end }}
{{- end -}}

551
deploy/rocket-chat/charts/nats/templates/configmap.yaml Normal file
View File

@@ -0,0 +1,551 @@
---
apiVersion: v1
kind: ConfigMap
metadata:
name: {{ include "nats.fullname" . }}-config
namespace: {{ include "nats.namespace" . }}
labels:
{{- include "nats.labels" . | nindent 4 }}
data:
nats.conf: |
# NATS Clients Port
port: {{ .Values.nats.client.port }}
# PID file shared with configuration reloader.
pid_file: "/var/run/nats/nats.pid"
{{- if .Values.nats.config }}
###########
# #
# Imports #
# #
###########
{{- range .Values.nats.config }}
include ./{{ .name }}/{{ .name }}.conf
{{- end}}
{{- end }}
###############
# #
# Monitoring #
# #
###############
http: 8222
server_name: {{- if .Values.nats.serverNamePrefix }}$SERVER_NAME{{- else }}$POD_NAME{{- end }}
{{- if .Values.nats.tls }}
#####################
# #
# TLS Configuration #
# #
#####################
{{- with .Values.nats.tls }}
{{- $nats_tls := merge (dict) . }}
{{- $_ := set $nats_tls "secretPath" "/etc/nats-certs/clients" }}
{{- tpl (include "nats.tlsConfig" $nats_tls) $ | nindent 4}}
{{- end }}
{{- if .Values.nats.tls.allowNonTLS }}
allow_non_tls: {{ .Values.nats.tls.allowNonTLS }}
{{- end }}
{{- end }}
{{- if .Values.nats.jetstream.enabled }}
###################################
# #
# NATS JetStream #
# #
###################################
jetstream {
{{- if .Values.nats.jetstream.encryption }}
{{- if .Values.nats.jetstream.encryption.key }}
key: {{ .Values.nats.jetstream.encryption.key | quote }}
{{- else if .Values.nats.jetstream.encryption.secret }}
key: $JS_KEY
{{- end}}
{{- end}}
{{- if .Values.nats.jetstream.memStorage.enabled }}
max_mem: {{ .Values.nats.jetstream.memStorage.size }}
{{- end }}
{{- if .Values.nats.jetstream.domain }}
domain: {{ .Values.nats.jetstream.domain }}
{{- end }}
{{- if .Values.nats.jetstream.fileStorage.enabled }}
store_dir: {{ .Values.nats.jetstream.fileStorage.storageDirectory }}
max_file:
{{- if .Values.nats.jetstream.fileStorage.existingClaim }}
{{- .Values.nats.jetstream.fileStorage.claimStorageSize }}
{{- else }}
{{- .Values.nats.jetstream.fileStorage.size }}
{{- end }}
{{- end }}
}
{{- end }}
{{- if .Values.mqtt.enabled }}
###################################
# #
# NATS MQTT #
# #
###################################
mqtt {
port: 1883
{{- with .Values.mqtt.tls }}
{{- $mqtt_tls := merge (dict) . }}
{{- $_ := set $mqtt_tls "secretPath" "/etc/nats-certs/mqtt" }}
{{- tpl (include "nats.tlsConfig" $mqtt_tls) $ | nindent 6}}
{{- end }}
{{- if .Values.mqtt.noAuthUser }}
no_auth_user: {{ .Values.mqtt.noAuthUser | quote }}
{{- end }}
ack_wait: {{ .Values.mqtt.ackWait | quote }}
max_ack_pending: {{ .Values.mqtt.maxAckPending }}
}
{{- end }}
{{- if .Values.cluster.enabled }}
###################################
# #
# NATS Full Mesh Clustering Setup #
# #
###################################
cluster {
port: 6222
{{- if .Values.nats.jetstream.enabled }}
{{- if .Values.cluster.name }}
name: {{ .Values.cluster.name }}
{{- else }}
name: {{ template "nats.name" . }}
{{- end }}
{{- else }}
{{- with .Values.cluster.name }}
name: {{ . }}
{{- end }}
{{- end }}
{{- with .Values.cluster.tls }}
{{- $cluster_tls := merge (dict) . }}
{{- $_ := set $cluster_tls "secretPath" "/etc/nats-certs/cluster" }}
{{- tpl (include "nats.tlsConfig" $cluster_tls) $ | nindent 6}}
{{- end }}
{{- if .Values.cluster.authorization }}
authorization {
{{- with .Values.cluster.authorization.user }}
user: {{ . }}
{{- end }}
{{- with .Values.cluster.authorization.password }}
password: {{ . }}
{{- end }}
{{- with .Values.cluster.authorization.timeout }}
timeout: {{ . }}
{{- end }}
}
{{- end }}
routes = [
{{ include "nats.clusterRoutes" . }}
{{ include "nats.extraRoutes" . }}
]
cluster_advertise: $CLUSTER_ADVERTISE
{{- with .Values.cluster.noAdvertise }}
no_advertise: {{ . }}
{{- end }}
connect_retries: {{ .Values.nats.connectRetries }}
}
{{- end }}
{{- if and .Values.nats.advertise .Values.nats.externalAccess }}
include "advertise/client_advertise.conf"
{{- end }}
{{- if or .Values.leafnodes.enabled .Values.leafnodes.remotes }}
#################
# #
# NATS Leafnode #
# #
#################
leafnodes {
{{- if .Values.leafnodes.enabled }}
listen: "0.0.0.0:{{ .Values.leafnodes.port }}"
{{- end }}
{{- if and .Values.nats.advertise .Values.nats.externalAccess }}
include "advertise/gateway_advertise.conf"
{{- end }}
{{- with .Values.leafnodes.noAdvertise }}
no_advertise: {{ . }}
{{- end }}
{{- with .Values.leafnodes.authorization }}
authorization: {
{{- with .user }}
user: {{ . }}
{{- end }}
{{- with .password }}
password: {{ . }}
{{- end }}
{{- with .account }}
account: {{ . | quote }}
{{- end }}
{{- with .timeout }}
timeout: {{ . }}
{{- end }}
{{- with .users }}
users: [
{{- range . }}
{{- toRawJson . | nindent 10 }},
{{- end }}
]
{{- end }}
}
{{- end }}
{{- with .Values.leafnodes.tls }}
{{- if .custom }}
tls {
{{- .custom | nindent 8 }}
}
{{- else }}
{{- $leafnode_tls := merge (dict) . }}
{{- $_ := set $leafnode_tls "secretPath" "/etc/nats-certs/leafnodes" }}
{{- tpl (include "nats.tlsConfig" $leafnode_tls) $ | nindent 6}}
{{- end }}
{{- end }}
remotes: [
{{- range .Values.leafnodes.remotes }}
{
{{- with .url }}
url: {{ . | quote }}
{{- end }}
{{- with .urls }}
urls: {{ toRawJson . }}
{{- end }}
{{- with .account }}
account: {{ . | quote }}
{{- end }}
{{- with .credentials }}
credentials: "/etc/nats-creds/{{ .secret.name }}/{{ .secret.key }}"
{{- end }}
{{- with .tls }}
tls: {
{{- if .custom }}
{{- .custom | nindent 10 }}
{{- else }}
{{ $secretName := tpl .secret.name $ }}
{{- with .cert }}
cert_file: /etc/nats-certs/leafnodes/{{ $secretName }}/{{ . }}
{{- end }}
{{- with .key }}
key_file: /etc/nats-certs/leafnodes/{{ $secretName }}/{{ . }}
{{- end }}
{{- with .ca }}
ca_file: /etc/nats-certs/leafnodes/{{ $secretName }}/{{ . }}
{{- end }}
{{- end }}
}
{{- end }}
}
{{- end }}
]
}
{{- end }}
{{- if .Values.gateway.enabled }}
#################
# #
# NATS Gateways #
# #
#################
gateway {
name: {{ .Values.gateway.name }}
port: {{ .Values.gateway.port }}
{{- if .Values.gateway.advertise }}
advertise: {{ .Values.gateway.advertise }}
{{- end }}
{{- if .Values.gateway.rejectUnknownCluster }}
reject_unknown_cluster: {{ .Values.gateway.rejectUnknownCluster }}
{{- end }}
{{- if .Values.gateway.authorization }}
authorization {
{{- with .Values.gateway.authorization.user }}
user: {{ . }}
{{- end }}
{{- with .Values.gateway.authorization.password }}
password: {{ . }}
{{- end }}
{{- with .Values.gateway.authorization.timeout }}
timeout: {{ . }}
{{- end }}
}
{{- end }}
{{- if and .Values.nats.advertise .Values.nats.externalAccess }}
include "advertise/gateway_advertise.conf"
{{- end }}
{{- with .Values.gateway.tls }}
{{- $gateway_tls := merge (dict) . }}
{{- $_ := set $gateway_tls "secretPath" "/etc/nats-certs/gateways" }}
{{- tpl (include "nats.tlsConfig" $gateway_tls) $ | nindent 6}}
{{- end }}
# Gateways array here
gateways: [
{{- range .Values.gateway.gateways }}
{
{{- with .name }}
name: {{ . }}
{{- end }}
{{- with .url }}
url: {{ . | quote }}
{{- end }}
{{- with .urls }}
urls: [{{ join "," . }}]
{{- end }}
},
{{- end }}
]
}
{{- end }}
{{- with .Values.nats.logging.debug }}
debug: {{ . }}
{{- end }}
{{- with .Values.nats.logging.trace }}
trace: {{ . }}
{{- end }}
{{- with .Values.nats.logging.logtime }}
logtime: {{ . }}
{{- end }}
{{- with .Values.nats.logging.connectErrorReports }}
connect_error_reports: {{ . }}
{{- end }}
{{- with .Values.nats.logging.reconnectErrorReports }}
reconnect_error_reports: {{ . }}
{{- end }}
{{- with .Values.nats.limits.maxConnections }}
max_connections: {{ . }}
{{- end }}
{{- with .Values.nats.limits.maxSubscriptions }}
max_subscriptions: {{ . }}
{{- end }}
{{- with .Values.nats.limits.maxPending }}
max_pending: {{ . }}
{{- end }}
{{- with .Values.nats.limits.maxControlLine }}
max_control_line: {{ . }}
{{- end }}
{{- with .Values.nats.limits.maxPayload }}
max_payload: {{ . }}
{{- end }}
{{- with .Values.nats.limits.pingInterval }}
ping_interval: {{ . }}
{{- end }}
{{- with .Values.nats.limits.maxPings }}
ping_max: {{ . }}
{{- end }}
{{- with .Values.nats.limits.writeDeadline }}
write_deadline: {{ . }}
{{- end }}
{{- with .Values.nats.limits.lameDuckGracePeriod }}
lame_duck_grace_period: {{ . }}
{{- end }}
{{- with .Values.nats.limits.lameDuckDuration }}
lame_duck_duration: {{ . }}
{{- end }}
{{- if .Values.websocket.enabled }}
##################
# #
# Websocket #
# #
##################
websocket {
port: {{ .Values.websocket.port }}
{{- with .Values.websocket.tls }}
{{ $secretName := tpl .secret.name $ }}
tls {
{{- with .cert }}
cert_file: /etc/nats-certs/ws/{{ $secretName }}/{{ . }}
{{- end }}
{{- with .key }}
key_file: /etc/nats-certs/ws/{{ $secretName }}/{{ . }}
{{- end }}
{{- with .ca }}
ca_file: /etc/nats-certs/ws/{{ $secretName }}/{{ . }}
{{- end }}
}
{{- else }}
no_tls: {{ .Values.websocket.noTLS }}
{{- end }}
same_origin: {{ .Values.websocket.sameOrigin }}
{{- with .Values.websocket.allowedOrigins }}
allowed_origins: {{ toRawJson . }}
{{- end }}
{{- with .Values.websocket.advertise }}
advertise: {{ . }}
{{- end }}
}
{{- end }}
{{- if .Values.auth.enabled }}
##################
# #
# Authorization #
# #
##################
{{- if .Values.auth.resolver }}
{{- if eq .Values.auth.resolver.type "memory" }}
resolver: MEMORY
include "accounts/{{ .Values.auth.resolver.configMap.key }}"
{{- end }}
{{- if eq .Values.auth.resolver.type "full" }}
{{- if .Values.auth.resolver.configMap }}
include "accounts/{{ .Values.auth.resolver.configMap.key }}"
{{- else }}
{{- with .Values.auth.resolver }}
{{- if $.Values.auth.timeout }}
authorization {
timeout: {{ $.Values.auth.timeout }}
}
{{- end }}
{{- if .operator }}
operator: {{ .operator }}
{{- end }}
{{- if .systemAccount }}
system_account: {{ .systemAccount }}
{{- end }}
{{- end }}
resolver: {
type: full
{{- with .Values.auth.resolver }}
dir: {{ .store.dir | quote }}
allow_delete: {{ .allowDelete }}
interval: {{ .interval | quote }}
{{- end }}
}
{{- end }}
{{- end }}
{{- if .Values.auth.resolver.resolverPreload }}
resolver_preload: {{ toRawJson .Values.auth.resolver.resolverPreload }}
{{- end }}
{{- if eq .Values.auth.resolver.type "URL" }}
{{- with .Values.auth.resolver.url }}
resolver: URL({{ . }})
{{- end }}
operator: /etc/nats-config/operator/{{ .Values.auth.operatorjwt.configMap.key }}
{{- end }}
{{- end }}
{{- with .Values.auth.systemAccount }}
system_account: {{ . }}
{{- end }}
{{- with .Values.auth.token }}
authorization {
token: "{{ . }}"
{{- if $.Values.auth.timeout }}
timeout: {{ $.Values.auth.timeout }}
{{- end }}
}
{{- end }}
{{- with .Values.auth.nkeys }}
{{- with .users }}
authorization {
{{- if $.Values.auth.timeout }}
timeout: {{ $.Values.auth.timeout }}
{{- end }}
users: [
{{- range . }}
{{- toRawJson . | nindent 8 }},
{{- end }}
]
}
{{- end }}
{{- end }}
{{- with .Values.auth.basic }}
{{- with .noAuthUser }}
no_auth_user: {{ . }}
{{- end }}
{{- with .users }}
authorization {
{{- if $.Values.auth.timeout }}
timeout: {{ $.Values.auth.timeout }}
{{- end }}
users: [
{{- range . }}
{{- toRawJson . | nindent 8 }},
{{- end }}
]
}
{{- end }}
{{- with .accounts }}
authorization {
{{- if $.Values.auth.timeout }}
timeout: {{ $.Values.auth.timeout }}
{{- end }}
}
accounts: {{- toRawJson . }}
{{- end }}
{{- end }}
{{- end }}

115
deploy/rocket-chat/charts/nats/templates/nats-box.yaml Normal file
View File

@@ -0,0 +1,115 @@
{{- if .Values.natsbox.enabled }}
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: {{ include "nats.fullname" . }}-box
namespace: {{ include "nats.namespace" . }}
labels:
app: {{ include "nats.fullname" . }}-box
chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
{{- if .Values.natsbox.additionalLabels }}
{{- tpl (toYaml .Values.natsbox.additionalLabels) $ | nindent 4 }}
{{- end }}
spec:
replicas: 1
selector:
matchLabels:
app: {{ include "nats.fullname" . }}-box
template:
metadata:
labels:
app: {{ include "nats.fullname" . }}-box
{{- if .Values.natsbox.podLabels }}
{{- tpl (toYaml .Values.natsbox.podLabels) $ | nindent 8 }}
{{- end }}
{{- if .Values.natsbox.podAnnotations }}
annotations:
{{- toYaml .Values.natsbox.podAnnotations | nindent 8 }}
{{- end }}
spec:
{{- with .Values.natsbox.affinity }}
affinity:
{{- tpl (toYaml .) $ | nindent 8 }}
{{- end }}
{{- with .Values.natsbox.nodeSelector }}
nodeSelector: {{ toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.natsbox.tolerations }}
tolerations: {{ toYaml . | nindent 8 }}
{{- end }}
volumes:
{{- if .Values.natsbox.credentials }}
- name: nats-sys-creds
secret:
secretName: {{ .Values.natsbox.credentials.secret.name }}
{{- end }}
{{- if .Values.natsbox.extraVolumes }}
{{- toYaml .Values.natsbox.extraVolumes | nindent 6}}
{{- end }}
{{- with .Values.nats.tls }}
{{ $secretName := tpl .secret.name $ }}
- name: {{ $secretName }}-clients-volume
secret:
secretName: {{ $secretName }}
{{- end }}
{{- with .Values.securityContext }}
securityContext:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.imagePullSecrets }}
imagePullSecrets:
{{- toYaml . | nindent 8 }}
{{- end }}
containers:
- name: nats-box
image: {{ .Values.natsbox.image }}
imagePullPolicy: {{ .Values.natsbox.pullPolicy }}
{{- if .Values.natsbox.securityContext }}
securityContext:
{{- toYaml .Values.natsbox.securityContext | nindent 10 }}
{{- end }}
resources:
{{- toYaml .Values.natsbox.resources | nindent 10 }}
env:
- name: NATS_URL
value: {{ template "nats.fullname" . }}
{{- if .Values.natsbox.credentials }}
- name: USER_CREDS
value: /etc/nats-config/creds/{{ .Values.natsbox.credentials.secret.key }}
- name: USER2_CREDS
value: /etc/nats-config/creds/{{ .Values.natsbox.credentials.secret.key }}
{{- end }}
{{- with .Values.nats.tls }}
{{ $secretName := tpl .secret.name $ }}
lifecycle:
postStart:
exec:
command:
- /bin/sh
- -c
- cp /etc/nats-certs/clients/{{ $secretName }}/* /usr/local/share/ca-certificates && update-ca-certificates
{{- end }}
command:
- "tail"
- "-f"
- "/dev/null"
volumeMounts:
{{- if .Values.natsbox.credentials }}
- name: nats-sys-creds
mountPath: /etc/nats-config/creds
{{- end }}
{{- if .Values.natsbox.extraVolumeMounts }}
{{- toYaml .Values.natsbox.extraVolumeMounts | nindent 8 }}
{{- end }}
{{- with .Values.nats.tls }}
#######################
# #
# TLS Volumes Mounts #
# #
#######################
{{ $secretName := tpl .secret.name $ }}
- name: {{ $secretName }}-clients-volume
mountPath: /etc/nats-certs/clients/{{ $secretName }}
{{- end }}
{{- end }}

79
deploy/rocket-chat/charts/nats/templates/networkpolicy.yaml Normal file
View File

@@ -0,0 +1,79 @@
{{- if .Values.networkPolicy.enabled }}
kind: NetworkPolicy
apiVersion: {{ template "networkPolicy.apiVersion" . }}
metadata:
name: {{ include "nats.fullname" . }}
namespace: {{ include "nats.namespace" . }}
labels:
{{- include "nats.labels" . | nindent 4 }}
spec:
podSelector:
matchLabels:
{{- include "nats.selectorLabels" . | nindent 6 }}
policyTypes:
- Ingress
- Egress
egress:
# Allow dns resolution
- ports:
- port: 53
protocol: UDP
# Allow outbound connections to other cluster pods
- ports:
- port: {{ .Values.nats.client.port }}
protocol: TCP
- port: 6222
protocol: TCP
- port: 8222
protocol: TCP
- port: 7777
protocol: TCP
- port: {{ .Values.leafnodes.port }}
protocol: TCP
- port: {{ .Values.gateway.port }}
protocol: TCP
to:
- podSelector:
matchLabels:
{{- include "nats.selectorLabels" . | nindent 10 }}
{{- if .Values.networkPolicy.extraEgress }}
{{- include "tplvalues.render" ( dict "value" .Values.networkPolicy.extraEgress "context" $ ) | nindent 2 }}
{{- end }}
ingress:
# Allow inbound connections
- ports:
- port: {{ .Values.nats.client.port }}
protocol: TCP
- port: 6222
protocol: TCP
- port: 8222
protocol: TCP
- port: 7777
protocol: TCP
- port: {{ .Values.leafnodes.port }}
protocol: TCP
- port: {{ .Values.gateway.port }}
protocol: TCP
{{- if not .Values.networkPolicy.allowExternal }}
from:
- podSelector:
matchLabels:
{{ include "nats.fullname" . }}-client: "true"
- podSelector:
matchLabels:
{{- include "nats.selectorLabels" . | nindent 10 }}
{{- if .Values.networkPolicy.ingressNSMatchLabels }}
- namespaceSelector:
matchLabels:
{{- toYaml .Values.networkPolicy.ingressNSMatchLabels | nindent 10 }}
{{- if .Values.networkPolicy.ingressNSPodMatchLabels }}
podSelector:
matchLabels:
{{- toYaml .Values.networkPolicy.ingressNSPodMatchLabels | nindent 10 }}
{{- end }}
{{- end }}
{{- end }}
{{- if .Values.networkPolicy.extraIngress }}
{{- include "tplvalues.render" ( dict "value" .Values.networkPolicy.extraIngress "context" $ ) | nindent 2 }}
{{- end }}
{{- end }}

20
deploy/rocket-chat/charts/nats/templates/pdb.yaml Normal file
View File

@@ -0,0 +1,20 @@
{{- if .Values.podDisruptionBudget.enabled }}
---
apiVersion: {{ .Capabilities.APIVersions.Has "policy/v1" | ternary "policy/v1" "policy/v1beta1" }}
kind: PodDisruptionBudget
metadata:
name: {{ include "nats.fullname" . }}
namespace: {{ include "nats.namespace" . }}
labels:
{{- include "nats.labels" . | nindent 4 }}
spec:
{{- if .Values.podDisruptionBudget.minAvailable }}
minAvailable: {{ .Values.podDisruptionBudget.minAvailable }}
{{- end }}
{{- if .Values.podDisruptionBudget.maxUnavailable }}
maxUnavailable: {{ .Values.podDisruptionBudget.maxUnavailable }}
{{- end }}
selector:
matchLabels:
{{- include "nats.selectorLabels" . | nindent 6 }}
{{- end }}

31
deploy/rocket-chat/charts/nats/templates/rbac.yaml Normal file
View File

@@ -0,0 +1,31 @@
{{ if and .Values.nats.externalAccess .Values.nats.advertise }}
---
apiVersion: v1
kind: ServiceAccount
metadata:
name: {{ .Values.nats.serviceAccount }}
namespace: {{ include "nats.namespace" . }}
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: {{ .Values.nats.serviceAccount }}
rules:
- apiGroups: [""]
resources:
- nodes
verbs: ["get"]
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: {{ .Values.nats.serviceAccount }}-binding
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: {{ .Values.nats.serviceAccount }}
subjects:
- kind: ServiceAccount
name: {{ .Values.nats.serviceAccount }}
namespace: {{ include "nats.namespace" . }}
{{ end }}

73
deploy/rocket-chat/charts/nats/templates/service.yaml Normal file
View File

@@ -0,0 +1,73 @@
---
apiVersion: v1
kind: Service
metadata:
name: {{ include "nats.fullname" . }}
namespace: {{ include "nats.namespace" . }}
labels:
{{- include "nats.labels" . | nindent 4 }}
{{- if .Values.serviceAnnotations}}
annotations:
{{- toYaml .Values.serviceAnnotations | nindent 4 }}
{{- end }}
spec:
selector:
{{- include "nats.selectorLabels" . | nindent 4 }}
clusterIP: None
publishNotReadyAddresses: true
{{- if .Values.topologyKeys }}
topologyKeys:
{{- toYaml .Values.topologyKeys | nindent 4 }}
{{- end }}
ports:
{{- if .Values.websocket.enabled }}
- name: websocket
port: {{ .Values.websocket.port }}
{{- if .Values.appProtocol.enabled }}
appProtocol: tcp
{{- end }}
{{- end }}
{{- if .Values.nats.profiling.enabled }}
- name: profiling
port: {{ .Values.nats.profiling.port }}
{{- if .Values.appProtocol.enabled }}
appProtocol: http
{{- end }}
{{- end }}
- name: {{ .Values.nats.client.portName }}
port: {{ .Values.nats.client.port }}
{{- if .Values.appProtocol.enabled }}
appProtocol: tcp
{{- end }}
- name: cluster
port: 6222
{{- if .Values.appProtocol.enabled }}
appProtocol: tcp
{{- end }}
- name: monitor
port: 8222
{{- if .Values.appProtocol.enabled }}
appProtocol: http
{{- end }}
- name: metrics
port: 7777
{{- if .Values.appProtocol.enabled }}
appProtocol: http
{{- end }}
- name: leafnodes
port: {{ .Values.leafnodes.port }}
{{- if .Values.appProtocol.enabled }}
appProtocol: tcp
{{- end }}
- name: gateways
port: {{ .Values.gateway.port }}
{{- if .Values.appProtocol.enabled }}
appProtocol: tcp
{{- end }}
{{- if .Values.mqtt.enabled }}
- name: mqtt
port: 1883
{{- if .Values.appProtocol.enabled }}
appProtocol: tcp
{{- end }}
{{- end }}

36
deploy/rocket-chat/charts/nats/templates/serviceMonitor.yaml Normal file
View File

@@ -0,0 +1,36 @@
{{ if and .Values.exporter.enabled .Values.exporter.serviceMonitor.enabled }}
apiVersion: monitoring.coreos.com/v1
kind: ServiceMonitor
metadata:
name: {{ template "nats.fullname" . }}
{{- if .Values.exporter.serviceMonitor.namespace }}
namespace: {{ .Values.exporter.serviceMonitor.namespace }}
{{- else }}
namespace: {{ include "nats.namespace" . }}
{{- end }}
{{- if .Values.exporter.serviceMonitor.labels }}
labels:
{{- toYaml .Values.exporter.serviceMonitor.labels | nindent 4 }}
{{- end }}
{{- if .Values.exporter.serviceMonitor.annotations }}
annotations:
{{- toYaml .Values.exporter.serviceMonitor.annotations | nindent 4 }}
{{- end }}
spec:
endpoints:
- port: metrics
{{- if .Values.exporter.serviceMonitor.path }}
path: {{ .Values.exporter.serviceMonitor.path }}
{{- end }}
{{- if .Values.exporter.serviceMonitor.interval }}
interval: {{ .Values.exporter.serviceMonitor.interval }}
{{- end }}
{{- if .Values.exporter.serviceMonitor.scrapeTimeout }}
scrapeTimeout: {{ .Values.exporter.serviceMonitor.scrapeTimeout }}
{{- end }}
namespaceSelector:
any: true
selector:
matchLabels:
{{- include "nats.selectorLabels" . | nindent 6 }}
{{- end }}

633
deploy/rocket-chat/charts/nats/templates/statefulset.yaml Normal file
View File

@@ -0,0 +1,633 @@
---
apiVersion: apps/v1
kind: StatefulSet
metadata:
name: {{ include "nats.fullname" . }}
namespace: {{ include "nats.namespace" . }}
labels:
{{- include "nats.labels" . | nindent 4 }}
{{- if .Values.statefulSetAnnotations }}
annotations:
{{- toYaml .Values.statefulSetAnnotations | nindent 4 }}
{{- end }}
spec:
selector:
matchLabels:
{{- include "nats.selectorLabels" . | nindent 6 }}
{{- if .Values.cluster.enabled }}
replicas: {{ .Values.cluster.replicas }}
{{- else }}
replicas: 1
{{- end }}
serviceName: {{ include "nats.fullname" . }}
podManagementPolicy: {{ .Values.podManagementPolicy }}
template:
metadata:
{{- if or .Values.exporter.enabled .Values.nats.configChecksumAnnotation .Values.podAnnotations }}
annotations:
{{- if .Values.exporter.enabled }}
prometheus.io/path: /metrics
prometheus.io/port: "7777"
prometheus.io/scrape: "true"
{{- end }}
{{- if .Values.nats.configChecksumAnnotation }}
checksum/config: {{ include (print $.Template.BasePath "/configmap.yaml") . | sha256sum }}
{{- end }}
{{- if .Values.podAnnotations }}
{{- toYaml .Values.podAnnotations | nindent 8 }}
{{- end }}
{{- end }}
labels:
{{- include "nats.selectorLabels" . | nindent 8 }}
{{- if .Values.statefulSetPodLabels }}
{{- tpl (toYaml .Values.statefulSetPodLabels) . | nindent 8 }}
{{- end }}
spec:
{{- with .Values.imagePullSecrets }}
imagePullSecrets:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.securityContext }}
securityContext:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.affinity }}
affinity:
{{- tpl (toYaml .) $ | nindent 8 }}
{{- end }}
{{- with .Values.nodeSelector }}
nodeSelector: {{ toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.tolerations }}
tolerations: {{ toYaml . | nindent 8 }}
{{- end }}
{{- if .Values.topologySpreadConstraints }}
topologySpreadConstraints:
{{- range .Values.topologySpreadConstraints }}
{{- if and .maxSkew .topologyKey }}
- maxSkew: {{ .maxSkew }}
topologyKey: {{ .topologyKey }}
{{- if .whenUnsatisfiable }}
whenUnsatisfiable: {{ .whenUnsatisfiable }}
{{- end }}
labelSelector:
matchLabels:
{{- include "nats.selectorLabels" $ | nindent 12 }}
{{- end }}
{{- end }}
{{- end }}
{{- if .Values.priorityClassName }}
priorityClassName: {{ .Values.priorityClassName | quote }}
{{- end }}
# Common volumes for the containers.
volumes:
- name: config-volume
{{- if .Values.nats.customConfigSecret }}
secret:
secretName: {{ .Values.nats.customConfigSecret.name }}
{{- else }}
configMap:
name: {{ include "nats.fullname" . }}-config
{{- end }}
{{- /* User extended config volumes*/}}
{{- if .Values.nats.config }}
# User extended config volumes
{{- with .Values.nats.config }}
{{- toYaml . | nindent 6 }}
{{- end }}
{{- end }}
# Local volume shared with the reloader.
- name: pid
emptyDir: {}
{{- if and .Values.auth.enabled .Values.auth.resolver }}
{{- if .Values.auth.resolver.configMap }}
- name: resolver-volume
configMap:
name: {{ .Values.auth.resolver.configMap.name }}
{{- end }}
{{- if eq .Values.auth.resolver.type "URL" }}
- name: operator-jwt-volume
configMap:
name: {{ .Values.auth.operatorjwt.configMap.name }}
{{- end }}
{{- end }}
{{- if and .Values.nats.externalAccess .Values.nats.advertise }}
# Local volume shared with the advertise config initializer.
- name: advertiseconfig
emptyDir: {}
{{- end }}
{{- if and .Values.nats.jetstream.enabled .Values.nats.jetstream.fileStorage.enabled .Values.nats.jetstream.fileStorage.existingClaim }}
# Persistent volume for jetstream running with file storage option
- name: {{ include "nats.fullname" . }}-js-pvc
persistentVolumeClaim:
claimName: {{ .Values.nats.jetstream.fileStorage.existingClaim | quote }}
{{- end }}
#################
# #
# TLS Volumes #
# #
#################
{{- with .Values.nats.tls }}
{{ $secretName := tpl .secret.name $ }}
- name: {{ $secretName }}-clients-volume
secret:
secretName: {{ $secretName }}
{{- end }}
{{- with .Values.mqtt.tls }}
{{ $secretName := tpl .secret.name $ }}
- name: {{ $secretName }}-mqtt-volume
secret:
secretName: {{ $secretName }}
{{- end }}
{{- with .Values.cluster.tls }}
{{ $secretName := tpl .secret.name $ }}
- name: {{ $secretName }}-cluster-volume
secret:
secretName: {{ $secretName }}
{{- end }}
{{- with .Values.leafnodes.tls }}
{{- if not .custom }}
{{ $secretName := tpl .secret.name $ }}
- name: {{ $secretName }}-leafnodes-volume
secret:
secretName: {{ $secretName }}
{{- end }}
{{- end }}
{{- with .Values.gateway.tls }}
{{ $secretName := tpl .secret.name $ }}
- name: {{ $secretName }}-gateways-volume
secret:
secretName: {{ $secretName }}
{{- end }}
{{- with .Values.websocket.tls }}
{{ $secretName := tpl .secret.name $ }}
- name: {{ $secretName }}-ws-volume
secret:
secretName: {{ $secretName }}
{{- end }}
{{- if .Values.leafnodes.enabled }}
#
# Leafnode credential volumes
#
{{- range .Values.leafnodes.remotes }}
{{- with .credentials }}
- name: {{ .secret.name }}-volume
secret:
secretName: {{ .secret.name }}
{{- end }}
{{- with .tls }}
- name: {{ .secret.name }}-volume
secret:
secretName: {{ .secret.name }}
{{- end }}
{{- end }}
{{- end }}
{{- if .Values.additionalVolumes }}
{{- toYaml .Values.additionalVolumes | nindent 6 }}
{{- end }}
{{- if and .Values.nats.externalAccess .Values.nats.advertise }}
# Assume that we only use the service account in case we want to
# figure out what is the current external public IP from the server
# in order to be able to advertise correctly.
serviceAccountName: {{ .Values.nats.serviceAccount }}
{{- end }}
# Required to be able to HUP signal and apply config
# reload to the server without restarting the pod.
shareProcessNamespace: true
{{- if and .Values.nats.externalAccess .Values.nats.advertise }}
# Initializer container required to be able to lookup
# the external ip on which this node is running.
initContainers:
- name: bootconfig
command:
- nats-pod-bootconfig
- -f
- /etc/nats-config/advertise/client_advertise.conf
- -gf
- /etc/nats-config/advertise/gateway_advertise.conf
env:
- name: KUBERNETES_NODE_NAME
valueFrom:
fieldRef:
apiVersion: v1
fieldPath: spec.nodeName
image: {{ .Values.bootconfig.image }}
imagePullPolicy: {{ .Values.bootconfig.pullPolicy }}
{{- if .Values.bootconfig.securityContext }}
securityContext:
{{- toYaml .Values.bootconfig.securityContext | nindent 10 }}
{{- end }}
resources:
{{- toYaml .Values.bootconfig.resources | nindent 10 }}
volumeMounts:
- mountPath: /etc/nats-config/advertise
name: advertiseconfig
subPath: advertise
{{- end }}
#################
# #
# NATS Server #
# #
#################
terminationGracePeriodSeconds: {{ .Values.nats.terminationGracePeriodSeconds }}
containers:
- name: nats
image: {{ .Values.nats.image }}
imagePullPolicy: {{ .Values.nats.pullPolicy }}
{{- if .Values.nats.securityContext }}
securityContext:
{{- toYaml .Values.nats.securityContext | nindent 10 }}
{{- end }}
resources:
{{- toYaml .Values.nats.resources | nindent 10 }}
ports:
- containerPort: {{ .Values.nats.client.port }}
name: {{ .Values.nats.client.portName }}
{{- if .Values.nats.externalAccess }}
hostPort: {{ .Values.nats.client.port }}
{{- end }}
{{- if .Values.leafnodes.enabled }}
- containerPort: {{ .Values.leafnodes.port }}
name: leafnodes
{{- if .Values.nats.externalAccess }}
hostPort: {{ .Values.leafnodes.port }}
{{- end }}
{{- end }}
{{- if .Values.gateway.enabled }}
- containerPort: {{ .Values.gateway.port }}
name: gateways
{{- if .Values.nats.externalAccess }}
hostPort: {{ .Values.gateway.port }}
{{- end }}
{{- end }}
- containerPort: 6222
name: cluster
- containerPort: 8222
name: monitor
- containerPort: 7777
name: metrics
{{- if .Values.mqtt.enabled }}
- containerPort: 1883
name: mqtt
{{- if .Values.nats.externalAccess }}
hostPort: 1883
{{- end }}
{{- end }}
{{- if .Values.websocket.enabled }}
- containerPort: {{ .Values.websocket.port }}
name: websocket
{{- if .Values.nats.externalAccess }}
hostPort: {{ .Values.websocket.port }}
{{- end }}
{{- end }}
{{- if .Values.nats.profiling.enabled }}
- containerPort: {{ .Values.nats.profiling.port }}
name: profiling
{{- end }}
command:
- "nats-server"
- "--config"
- "/etc/nats-config/nats.conf"
{{- if .Values.nats.profiling.enabled }}
- "--profile={{ .Values.nats.profiling.port }}"
{{- end }}
# Required to be able to define an environment variable
# that refers to other environment variables. This env var
# is later used as part of the configuration file.
env:
- name: POD_NAME
valueFrom:
fieldRef:
fieldPath: metadata.name
- name: SERVER_NAME
value: {{ .Values.nats.serverNamePrefix }}$(POD_NAME)
- name: POD_NAMESPACE
valueFrom:
fieldRef:
fieldPath: metadata.namespace
- name: CLUSTER_ADVERTISE
value: {{ include "nats.clusterAdvertise" . }}
{{- if .Values.nats.jetstream.enabled }}
{{- with .Values.nats.jetstream.encryption }}
{{- with .secret }}
- name: JS_KEY
valueFrom:
secretKeyRef:
name: {{ .name }}
key: {{ .key }}
{{- end }}
{{- end }}
{{- end }}
volumeMounts:
- name: config-volume
mountPath: /etc/nats-config
- name: pid
mountPath: /var/run/nats
{{- if and .Values.nats.externalAccess .Values.nats.advertise }}
- mountPath: /etc/nats-config/advertise
name: advertiseconfig
subPath: advertise
{{- end }}
{{- /* User extended config volumes*/}}
{{- range .Values.nats.config }}
# User extended config volumes
- name: {{ .name }}
mountPath: /etc/nats-config/{{ .name }}
{{- end }}
{{- if and .Values.auth.enabled .Values.auth.resolver }}
{{- if eq .Values.auth.resolver.type "memory" }}
- name: resolver-volume
mountPath: /etc/nats-config/accounts
{{- end }}
{{- if eq .Values.auth.resolver.type "full" }}
{{- if .Values.auth.resolver.configMap }}
- name: resolver-volume
mountPath: /etc/nats-config/accounts
{{- end }}
{{- if and .Values.auth.resolver .Values.auth.resolver.store }}
- name: nats-jwt-pvc
mountPath: {{ .Values.auth.resolver.store.dir }}
{{- end }}
{{- end }}
{{- if eq .Values.auth.resolver.type "URL" }}
- name: operator-jwt-volume
mountPath: /etc/nats-config/operator
{{- end }}
{{- end }}
{{- if and .Values.nats.jetstream.enabled .Values.nats.jetstream.fileStorage.enabled }}
- name: {{ include "nats.fullname" . }}-js-pvc
mountPath: {{ .Values.nats.jetstream.fileStorage.storageDirectory }}
{{- end }}
{{- with .Values.nats.tls }}
#######################
# #
# TLS Volumes Mounts #
# #
#######################
{{ $secretName := tpl .secret.name $ }}
- name: {{ $secretName }}-clients-volume
mountPath: /etc/nats-certs/clients/{{ $secretName }}
{{- end }}
{{- with .Values.mqtt.tls }}
{{ $secretName := tpl .secret.name $ }}
- name: {{ $secretName }}-mqtt-volume
mountPath: /etc/nats-certs/mqtt/{{ $secretName }}
{{- end }}
{{- with .Values.cluster.tls }}
{{- if not .custom }}
{{ $secretName := tpl .secret.name $ }}
- name: {{ $secretName }}-cluster-volume
mountPath: /etc/nats-certs/cluster/{{ $secretName }}
{{- end }}
{{- end }}
{{- with .Values.leafnodes.tls }}
{{- if not .custom }}
{{ $secretName := tpl .secret.name $ }}
- name: {{ $secretName }}-leafnodes-volume
mountPath: /etc/nats-certs/leafnodes/{{ $secretName }}
{{- end }}
{{- end }}
{{- with .Values.gateway.tls }}
{{ $secretName := tpl .secret.name $ }}
- name: {{ $secretName }}-gateways-volume
mountPath: /etc/nats-certs/gateways/{{ $secretName }}
{{- end }}
{{- with .Values.websocket.tls }}
{{ $secretName := tpl .secret.name $ }}
- name: {{ $secretName }}-ws-volume
mountPath: /etc/nats-certs/ws/{{ $secretName }}
{{- end }}
{{- if .Values.leafnodes.enabled }}
#
# Leafnode credential volumes
#
{{- range .Values.leafnodes.remotes }}
{{- with .credentials }}
- name: {{ .secret.name }}-volume
mountPath: /etc/nats-creds/{{ .secret.name }}
{{- end }}
{{- with .tls }}
- name: {{ .secret.name }}-volume
mountPath: /etc/nats-certs/leafnodes/{{ .secret.name }}
{{- end }}
{{- end }}
{{- end }}
{{- if .Values.additionalVolumeMounts }}
{{- toYaml .Values.additionalVolumeMounts | nindent 8 }}
{{- end }}
#######################
# #
# Healthcheck Probes #
# #
#######################
{{- if .Values.nats.healthcheck }}
{{- with .Values.nats.healthcheck.liveness }}
{{- if .enabled }}
livenessProbe:
httpGet:
path: /
port: 8222
initialDelaySeconds: {{ .initialDelaySeconds }}
timeoutSeconds: {{ .timeoutSeconds }}
periodSeconds: {{ .periodSeconds }}
successThreshold: {{ .successThreshold }}
failureThreshold: {{ .failureThreshold }}
{{- if .terminationGracePeriodSeconds }}
terminationGracePeriodSeconds: {{ .terminationGracePeriodSeconds }}
{{- end }}
{{- end }}
{{- end }}
{{- with .Values.nats.healthcheck.readiness }}
{{- if .enabled }}
readinessProbe:
httpGet:
path: /
port: 8222
initialDelaySeconds: {{ .initialDelaySeconds }}
timeoutSeconds: {{ .timeoutSeconds }}
periodSeconds: {{ .periodSeconds }}
successThreshold: {{ .successThreshold }}
failureThreshold: {{ .failureThreshold }}
{{- end }}
{{- end }}
{{- if .Values.nats.healthcheck.startup.enabled }}
startupProbe:
httpGet:
{{- $parts := split ":" .Values.nats.image }}
{{- $simpleVersion := $parts._1 | default "latest" | regexFind "\\d+(\\.\\d+)?(\\.\\d+)?" | default "2.7.1" }}
{{- if and .Values.nats.healthcheck.enableHealthz (or (not .Values.nats.healthcheck.detectHealthz) (semverCompare ">=2.7.1" $simpleVersion)) }}
# for NATS server versions >=2.7.1, healthz will be enabled to allow for a grace period
# in case of JetStream enabled deployments to form quorum and streams to catch up.
path: /healthz
{{- else }}
path: /
{{- end }}
port: 8222
{{- with .Values.nats.healthcheck.startup }}
initialDelaySeconds: {{ .initialDelaySeconds }}
timeoutSeconds: {{ .timeoutSeconds }}
periodSeconds: {{ .periodSeconds }}
successThreshold: {{ .successThreshold }}
failureThreshold: {{ .failureThreshold }}
{{- end }}
{{- end }}
{{- end }}
# Gracefully stop NATS Server on pod deletion or image upgrade.
#
lifecycle:
preStop:
exec:
# send the lame duck shutdown signal to trigger a graceful shutdown
# nats-server will ignore the TERM signal it receives after this
#
command:
- "nats-server"
- "-sl=ldm=/var/run/nats/nats.pid"
#################################
# #
# NATS Configuration Reloader #
# #
#################################
{{- if .Values.reloader.enabled }}
- name: reloader
image: {{ .Values.reloader.image }}
imagePullPolicy: {{ .Values.reloader.pullPolicy }}
{{- if .Values.reloader.securityContext }}
securityContext:
{{- toYaml .Values.reloader.securityContext | nindent 10 }}
{{- end }}
resources:
{{- toYaml .Values.reloader.resources | nindent 10 }}
command:
- "nats-server-config-reloader"
- "-pid"
- "/var/run/nats/nats.pid"
- "-config"
- "/etc/nats-config/nats.conf"
{{- range .Values.reloader.extraConfigs }}
- "-config"
- {{ . | quote }}
{{- end }}
volumeMounts:
- name: config-volume
mountPath: /etc/nats-config
- name: pid
mountPath: /var/run/nats
{{- if .Values.additionalVolumeMounts }}
{{- toYaml .Values.additionalVolumeMounts | nindent 8 }}
{{- end }}
{{- end }}
##############################
# #
# NATS Prometheus Exporter #
# #
##############################
{{- if .Values.exporter.enabled }}
- name: metrics
image: {{ .Values.exporter.image }}
imagePullPolicy: {{ .Values.exporter.pullPolicy }}
{{- if .Values.exporter.securityContext }}
securityContext:
{{- toYaml .Values.exporter.securityContext | nindent 10 }}
{{- end }}
resources:
{{- toYaml .Values.exporter.resources | nindent 10 }}
args:
- -connz
- -routez
- -subz
- -varz
- -prefix=nats
- -use_internal_server_id
{{- if .Values.nats.jetstream.enabled }}
- -jsz=all
{{- end }}
{{- if .Values.leafnodes.enabled }}
- -leafz
{{- end }}
- http://localhost:8222/
ports:
- containerPort: 7777
name: metrics
{{- end }}
{{- if .Values.additionalContainers }}
{{- toYaml .Values.additionalContainers | nindent 6 }}
{{- end }}
volumeClaimTemplates:
{{- if eq .Values.auth.resolver.type "full" }}
{{- if and .Values.auth.resolver .Values.auth.resolver.store }}
#####################################
# #
# Account Server Embedded JWT #
# #
#####################################
- metadata:
name: nats-jwt-pvc
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: {{ .Values.auth.resolver.store.size }}
{{- end }}
{{- end }}
{{- if and .Values.nats.jetstream.enabled .Values.nats.jetstream.fileStorage.enabled (not .Values.nats.jetstream.fileStorage.existingClaim) }}
#####################################
# #
# Jetstream New Persistent Volume #
# #
#####################################
- metadata:
name: {{ include "nats.fullname" . }}-js-pvc
{{- if .Values.nats.jetstream.fileStorage.annotations }}
annotations:
{{- toYaml .Values.nats.jetstream.fileStorage.annotations | nindent 10 }}
{{- end }}
spec:
accessModes:
{{- toYaml .Values.nats.jetstream.fileStorage.accessModes | nindent 10 }}
resources:
requests:
storage: {{ .Values.nats.jetstream.fileStorage.size }}
{{- if .Values.nats.jetstream.fileStorage.storageClassName }}
storageClassName: {{ .Values.nats.jetstream.fileStorage.storageClassName | quote }}
{{- end }}
{{- end }}

30
deploy/rocket-chat/charts/nats/templates/tests/test-request-reply.yaml Normal file
View File

@@ -0,0 +1,30 @@
apiVersion: v1
kind: Pod
metadata:
name: "{{ include "nats.fullname" . }}-test-request-reply"
labels:
{{- include "nats.labels" . | nindent 4 }}
annotations:
"helm.sh/hook": test
spec:
containers:
- name: nats-box
image: synadia/nats-box
env:
- name: NATS_HOST
value: {{ template "nats.fullname" . }}
command:
- /bin/sh
- -ec
- |
nats reply -s nats://$NATS_HOST:{{ .Values.nats.client.port }} 'name.>' --command "echo {{1}}" &
- |
"&&"
- |
name=$(nats request -s nats://$NATS_HOST:{{ .Values.nats.client.port }} name.test '' 2>/dev/null)
- |
"&&"
- |
[ $name = test ]
restartPolicy: Never