nats chart provisoning

2024-11-29 10:30:47 +01:00
parent e86898eb44
commit 18f7a91bf3
55 changed files with 2821 additions and 4 deletions
--- a/opencloud/charts/nats/files/stateful-set/jetstream-pvc.yaml
+++ b/opencloud/charts/nats/files/stateful-set/jetstream-pvc.yaml
@@ -0,0 +1,13 @@
+{{- with .Values.config.jetstream.fileStore.pvc }}
+metadata:
+  name: {{ .name }}
+spec:
+  accessModes:
+  - ReadWriteOnce
+  resources:
+    requests:
+      storage: {{ .size | quote }}
+  {{- with .storageClassName }}
+  storageClassName: {{ . | quote }}
+  {{- end }}
+{{- end }}
--- a/opencloud/charts/nats/files/stateful-set/nats-container.yaml
+++ b/opencloud/charts/nats/files/stateful-set/nats-container.yaml
@@ -0,0 +1,106 @@
+name: nats
+{{ include "nats.image" (merge (pick $.Values "global") .Values.container.image) }}
+
+ports:
+{{- range $protocol := list "nats" "leafnodes" "websocket" "mqtt" "cluster" "gateway" "monitor" "profiling" }}
+{{- $configProtocol := get $.Values.config $protocol }}
+{{- $containerPort := get $.Values.container.ports $protocol }}
+{{- if or (eq $protocol "nats") $configProtocol.enabled }}
+- {{ merge (dict "name" $protocol "containerPort" $configProtocol.port) $containerPort | toYaml | nindent 2 }}
+{{- end }}
+{{- end }}
+
+args:
+- --config
+- /etc/nats-config/nats.conf
+
+env:
+- name: POD_NAME
+  valueFrom:
+    fieldRef:
+      fieldPath: metadata.name
+- name: SERVER_NAME
+  value: {{ printf "%s$(POD_NAME)" .Values.config.serverNamePrefix | quote }}
+{{- with .Values.container.env }}
+{{- include "nats.env" . }}
+{{- end }}
+
+lifecycle:
+  preStop:
+    exec:
+      # send the lame duck shutdown signal to trigger a graceful shutdown
+      command:
+      - nats-server
+      - -sl=ldm=/var/run/nats/nats.pid
+
+{{- with .Values.config.monitor }}
+{{- if .enabled }}
+startupProbe:
+  httpGet:
+    path: /healthz
+    port: monitor
+    {{- if .tls.enabled }}
+    scheme: HTTPS
+    {{- end}}
+  initialDelaySeconds: 10
+  timeoutSeconds: 5
+  periodSeconds: 10
+  successThreshold: 1
+  failureThreshold: 90
+readinessProbe:
+  httpGet:
+    path: /healthz?js-server-only=true
+    port: monitor
+    {{- if .tls.enabled }}
+    scheme: HTTPS
+    {{- end}}
+  initialDelaySeconds: 10
+  timeoutSeconds: 5
+  periodSeconds: 10
+  successThreshold: 1
+  failureThreshold: 3
+livenessProbe:
+  httpGet:
+    path: /healthz?js-enabled-only=true
+    port: monitor
+    {{- if .tls.enabled }}
+    scheme: HTTPS
+    {{- end}}
+  initialDelaySeconds: 10
+  timeoutSeconds: 5
+  periodSeconds: 30
+  successThreshold: 1
+  failureThreshold: 3
+{{- end }}
+{{- end }}
+
+volumeMounts:
+# nats config
+- name: config
+  mountPath: /etc/nats-config
+# PID volume
+- name: pid
+  mountPath: /var/run/nats
+# JetStream PVC
+{{- with .Values.config.jetstream }}
+{{- if and .enabled .fileStore.enabled .fileStore.pvc.enabled }}
+{{- with .fileStore }}
+- name: {{ .pvc.name }}
+  mountPath: {{ .dir | quote }}
+{{- end }}
+{{- end }}
+{{- end }}
+# resolver PVC
+{{- with .Values.config.resolver }}
+{{- if and .enabled .pvc.enabled }}
+- name: {{ .pvc.name }}
+  mountPath: {{ .dir | quote }}
+{{- end }}
+{{- end }}
+# tlsCA
+{{- include "nats.tlsCAVolumeMount" $ }}
+# secrets
+{{- range (include "nats.secretNames" $ | fromJson).secretNames }}
+- name: {{ .name | quote }}
+  mountPath: {{ .dir | quote }}
+{{- end }}
--- a/opencloud/charts/nats/files/stateful-set/pod-template.yaml
+++ b/opencloud/charts/nats/files/stateful-set/pod-template.yaml
@@ -0,0 +1,71 @@
+metadata:
+  labels:
+    {{- include "nats.labels" $ | nindent 4 }}
+  annotations:
+    {{- if .Values.podTemplate.configChecksumAnnotation }}
+    {{- $configMap := include "nats.loadMergePatch" (merge (dict "file" "config-map.yaml" "ctx" $) $.Values.configMap) }}
+    checksum/config: {{ sha256sum $configMap }}
+    {{- end }}
+spec:
+  containers:
+  # nats
+  {{- $nats := dict }}
+  {{- with .Values.container }}
+  {{- $nats = include "nats.loadMergePatch" (merge (dict "file" "stateful-set/nats-container.yaml" "ctx" $) .) | fromYaml }}
+  - {{ toYaml $nats | nindent 4 }}
+  {{- end }}
+  # reloader
+  {{- with .Values.reloader }}
+  {{- if .enabled }}
+  - {{ include "nats.loadMergePatch" (merge (dict "file" "stateful-set/reloader-container.yaml" "ctx" (merge (dict "natsVolumeMounts" $nats.volumeMounts) $)) .) | nindent 4 }}
+  {{- end }}
+  {{- end }}
+  {{- with .Values.promExporter }}
+  {{- if .enabled }}
+  - {{ include "nats.loadMergePatch" (merge (dict "file" "stateful-set/prom-exporter-container.yaml" "ctx" $) .) | nindent 4 }}
+  {{- end }}
+  {{- end }}
+
+  # service discovery uses DNS; don't need service env vars
+  enableServiceLinks: false
+  
+  {{- with .Values.global.image.pullSecretNames }}
+  imagePullSecrets:
+  {{- range . }}
+  - name: {{ . | quote }}
+  {{- end }}
+  {{- end }}
+
+  {{- with .Values.serviceAccount }}
+  {{- if .enabled }}
+  serviceAccountName: {{ .name | quote }}
+  {{- end }}
+  {{- end }}
+
+  {{- if .Values.reloader.enabled }}
+  shareProcessNamespace: true
+  {{- end }}
+
+  volumes:
+  # nats config
+  - name: config
+    configMap:
+      name: {{ .Values.configMap.name }}
+  # PID volume
+  - name: pid
+    emptyDir: {}
+  # tlsCA
+  {{- include "nats.tlsCAVolume" $ | nindent 2 }}
+  # secrets
+  {{- range (include "nats.secretNames" $ | fromJson).secretNames }}
+  - name: {{ .name | quote }}
+    secret:
+      secretName: {{ .secretName | quote }}
+  {{- end }}
+
+  {{- with .Values.podTemplate.topologySpreadConstraints }}
+  topologySpreadConstraints:
+  {{- range $k, $v := . }}
+  - {{ merge (dict "topologyKey" $k "labelSelector" (dict "matchLabels" (include "nats.selectorLabels" $ | fromYaml))) $v | toYaml | nindent 4 }}
+  {{- end }}
+  {{- end}}
--- a/opencloud/charts/nats/files/stateful-set/prom-exporter-container.yaml
+++ b/opencloud/charts/nats/files/stateful-set/prom-exporter-container.yaml
@@ -0,0 +1,30 @@
+name: prom-exporter
+{{ include "nats.image" (merge (pick $.Values "global") .Values.promExporter.image) }}
+
+ports:
+- name: prom-metrics
+  containerPort: {{ .Values.promExporter.port }}
+
+{{- with .Values.promExporter.env }}
+env:
+{{- include "nats.env" . }}
+{{- end }}
+
+args:
+- -port={{ .Values.promExporter.port }}
+- -connz
+- -routez
+- -subz
+- -varz
+- -prefix=nats
+- -use_internal_server_id
+{{- if .Values.config.jetstream.enabled }}
+- -jsz=all
+{{- end }}
+{{- if .Values.config.leafnodes.enabled }}
+- -leafz
+{{- end }}
+{{- if .Values.config.gateway.enabled }}
+- -gatewayz
+{{- end }}
+- http://localhost:{{ .Values.config.monitor.port }}/
--- a/opencloud/charts/nats/files/stateful-set/reloader-container.yaml
+++ b/opencloud/charts/nats/files/stateful-set/reloader-container.yaml
@@ -0,0 +1,27 @@
+name: reloader
+{{ include "nats.image" (merge (pick $.Values "global") .Values.reloader.image) }}
+
+{{- with .Values.reloader.env }}
+env:
+{{- include "nats.env" . }}
+{{- end }}
+
+args:
+- -pid
+- /var/run/nats/nats.pid
+- -config
+- /etc/nats-config/nats.conf
+{{ include "nats.reloaderConfig" (dict "config" .config "dir" "/etc/nats-config") }}
+
+volumeMounts:
+- name: pid
+  mountPath: /var/run/nats
+{{- range $mnt := .natsVolumeMounts }}
+{{- $found := false }}
+{{- range $.Values.reloader.natsVolumeMountPrefixes }}
+{{- if and (not $found) (hasPrefix . $mnt.mountPath) }}
+{{- $found = true }}
+- {{ toYaml $mnt | nindent 2}}
+{{- end }}
+{{- end }}
+{{- end }}
--- a/opencloud/charts/nats/files/stateful-set/resolver-pvc.yaml
+++ b/opencloud/charts/nats/files/stateful-set/resolver-pvc.yaml
@@ -0,0 +1,13 @@
+{{- with .Values.config.resolver.pvc }}
+metadata:
+  name: {{ .name }}
+spec:
+  accessModes:
+  - ReadWriteOnce
+  resources:
+    requests:
+      storage: {{ .size | quote }}
+  {{- with .storageClassName }}
+  storageClassName: {{ . | quote }}
+  {{- end }}
+{{- end }}
--- a/opencloud/charts/nats/files/stateful-set/stateful-set.yaml
+++ b/opencloud/charts/nats/files/stateful-set/stateful-set.yaml
@@ -0,0 +1,37 @@
+apiVersion: apps/v1
+kind: StatefulSet
+metadata:
+  {{- include "nats.metadataNamespace" $ | nindent 2 }}
+  name: {{ .Values.statefulSet.name }}
+  labels:
+    {{- include "nats.labels" $ | nindent 4 }}
+spec:
+  selector:
+    matchLabels:
+      {{- include "nats.selectorLabels" $ | nindent 6 }}
+  {{- if .Values.config.cluster.enabled }}
+  replicas: {{ .Values.config.cluster.replicas }}
+  {{- else }}
+  replicas: 1
+  {{- end }}
+  serviceName: {{ .Values.headlessService.name }}
+  podManagementPolicy: Parallel
+  template:
+    {{- with .Values.podTemplate }}
+    {{ include "nats.loadMergePatch" (merge (dict "file" "stateful-set/pod-template.yaml" "ctx" $) .) | nindent 4 }}
+    {{- end }}
+  volumeClaimTemplates:
+  {{- with .Values.config.jetstream }}
+  {{- if and .enabled .fileStore.enabled .fileStore.pvc.enabled }}
+  {{- with .fileStore.pvc }}
+  - {{ include "nats.loadMergePatch" (merge (dict "file" "stateful-set/jetstream-pvc.yaml" "ctx" $) .) | nindent 4 }}
+  {{- end }}
+  {{- end }}
+    {{- end }}
+  {{- with .Values.config.resolver }}
+  {{- if and .enabled .pvc.enabled }}
+  {{- with .pvc }}
+  - {{ include "nats.loadMergePatch" (merge (dict "file" "stateful-set/resolver-pvc.yaml" "ctx" $) .) | nindent 4 }}
+  {{- end }}
+  {{- end }}
+  {{- end }}