diff --git a/base/apps/dkg-engine/nats-operator.yaml b/base/apps/dkg-engine/nats-operator.yaml deleted file mode 100644 index bcb4dcc..0000000 --- a/base/apps/dkg-engine/nats-operator.yaml +++ /dev/null @@ -1,115 +0,0 @@ -apiVersion: argoproj.io/v1alpha1 -kind: Application -metadata: - name: nats-operator - namespace: argocd - finalizers: - - resources-finalizer.argocd.argoproj.io -spec: - destination: - namespace: dkg-engine - server: https://kubernetes.default.svc - project: default - source: - repoURL: https://nats-io.github.io/k8s/helm/charts - chart: nats-operator - targetRevision: 0.8.3 - helm: - valuesObject: - cluster: - ## Create a NATS Cluster when installing the operator - create: true - - name: nats-integration - - ## Choose namespace for cluster deployment if clusterScoped is set to true - namespace: "dkg-engine" - - ## Nats version - ## Image tags are listed here: https://hub.docker.com/_/nats?tab=tags - version: 1.4.1 - - ## Cluster Size - size: 3 - - ## Optional custom annotations to add to Pods in the cluster - annotations: {} - - resources: - limits: - cpu: 500m - memory: 512Mi - requests: - cpu: 100m - memory: 256Mi - - ## Client Authentication - ## ref: https://github.com/nats-io/gnatsd#authentication - ## note: token not supported only user/password will work with this chart version - ## - auth: - enabled: true - - # NOTE: Only supported in Kubernetes v1.12+ clusters having the "TokenRequest" API enabled. - enableServiceAccounts: false - - ## This is where you enter a username/password for 1 user - username: "nats-user" - password: "nuts-and-bolts" - - ## This is a where you can specify 2 or more users - users: [] - # - username: "another-user-1" - # password: "another-password-1" - # - username: "another-user-2" - # password: "another-password-2" - # permissions: - # publish: ["hello.*"] - # subscribe: ["hello.world"] - - defaultPermissions: {} - # publish: ["SANDBOX.*"] - # subscribe: ["PUBLIC.>"] - - tls: - enabled: false - # serverSecret: - # routesSecret: - - ## Configuration Reload - ## NOTE: Only supported in Kubernetes v1.12+. - configReload: - enabled: false - registry: "docker.io" - repository: "connecteverything/nats-server-config-reloader" - tag: "0.2.2-v1alpha2" - pullPolicy: "IfNotPresent" - resources: {} - # limits: - # cpu: 50m - # memory: 32Mi - # requests: - # cpu: 10m - # memory: 32Mi - - ## Prometheus Metrics Exporter - ## - metrics: - enabled: false - registry: "docker.io" - repository: "synadia/prometheus-nats-exporter" - tag: "0.6.2" - pullPolicy: "IfNotPresent" - - # Prometheus Operator ServiceMonitor config - ## - servicemonitor: - enabled: false - prometheusInstance: default - syncPolicy: - automated: - prune: true - selfHeal: true - syncOptions: - - CreateNamespace=true - - ServerSideApply=true diff --git a/base/apps/dkg-engine/nats.yaml b/base/apps/dkg-engine/nats.yaml new file mode 100644 index 0000000..ff5e5a0 --- /dev/null +++ b/base/apps/dkg-engine/nats.yaml @@ -0,0 +1,168 @@ +apiVersion: argoproj.io/v1alpha1 +kind: Application +metadata: + name: nats-jetstream + namespace: argocd + finalizers: + - resources-finalizer.argocd.argoproj.io +spec: + destination: + namespace: dkg-engine + server: https://kubernetes.default.svc + project: default + source: + repoURL: https://nats-io.github.io/k8s/helm/charts + chart: nats + targetRevision: 0.19.17 + helm: + valuesObject: + nats: + serverNamePrefix: integration + + jetstream: + enabled: true + + # Jetstream Domain + domain: integration + + # Jetstream Unique Tag prevent placing a stream in the same availability zone twice. + uniqueTag: + + max_outstanding_catchup: + + ########################## + # # + # Jetstream Encryption # + # # + ########################## + encryption: + # Use key if you want to provide the key via Helm Values + # key: random_key + + # Use a secret reference if you want to get a key from a secret + # secret: + # name: "nats-jetstream-encryption" + # key: "key" + + # Use cipher if you want to choose a different cipher from the default. + # cipher: aes + + ############################# + # # + # Jetstream Memory Storage # + # # + ############################# + memStorage: + enabled: true + size: 1Gi + + ############################ + # # + # Jetstream File Storage # + # # + ############################ + fileStorage: + enabled: true + storageDirectory: /data + + # Set for use with existing PVC + # existingClaim: jetstream-pvc + # claimStorageSize: 10Gi + + # Use below block to create new persistent volume + # only used if existingClaim is not specified + size: 2Gi + storageClassName: longhorn + accessModes: + - ReadWriteOnce + annotations: + # key: "value" + + # Use below if fileStorage is not enabled but you are persisting + # data using an alternative to PVC (e.g. hostPath) + # These set the corresponding jetstream configuration in nats.conf. + # store_dir: "/data" + # max_file: "10Gi" + + ####################### + # # + # TLS Configuration # + # # + ####################### + # + # # You can find more on how to setup and trouble shoot TLS connnections at: + # + # # https://docs.nats.io/nats-server/configuration/securing_nats/tls + # + + # tls: + # allowNonTLS: false + # secret: + # name: nats-client-tls + # ca: "ca.crt" + # cert: "tls.crt" + # key: "tls.key" + + mqtt: + enabled: true + ackWait: 1m + maxAckPending: 100 + + ####################### + # # + # TLS Configuration # + # # + ####################### + # + # # You can find more on how to setup and trouble shoot TLS connnections at: + # + # # https://docs.nats.io/nats-server/configuration/securing_nats/tls + # + + # + # tls: + # secret: + # name: nats-mqtt-tls + # ca: "ca.crt" + # cert: "tls.crt" + # key: "tls.key" + cluster: + enabled: true + replicas: 3 + noAdvertise: false + + # Explicitly set routes for clustering. + # When JetStream is enabled, the serverName must be unique in the cluster. + extraRoutes: [] + + # authorization: + # user: foo + # password: pwd + # timeout: 0.5 + websocket: + enabled: true + port: 443 + noTLS: true + + sameOrigin: false + allowedOrigins: [] + + # This will optionally specify what host:port for websocket + # connections to be advertised in the cluster. + # advertise: "host:port" + + # Set the handshake timeout for websocket connections + # handshakeTimeout: 5s + + k8sClusterDomain: cluster.local + + # Define if NATS is using FQDN name for clustering (i.e. nats-0.nats.default.svc.cluster.local) or short name (i.e. nats-0.nats.default). + useFQDN: true + + syncPolicy: + automated: + prune: true + selfHeal: true + syncOptions: + - CreateNamespace=true + - ServerSideApply=true