From 2bb5a374cb63c3a3538a5c26053ddfc844dc45e2 Mon Sep 17 00:00:00 2001 From: ktatarnikov Date: Mon, 25 Nov 2024 09:57:31 +0100 Subject: [PATCH 1/4] [minio-operator] move operator back to kernel --- base/apps/{security => kernel}/minio.yaml | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename base/apps/{security => kernel}/minio.yaml (100%) diff --git a/base/apps/security/minio.yaml b/base/apps/kernel/minio.yaml similarity index 100% rename from base/apps/security/minio.yaml rename to base/apps/kernel/minio.yaml From 0a27085eff80025650c5e036cff281349f722aa9 Mon Sep 17 00:00:00 2001 From: ktatarnikov Date: Mon, 25 Nov 2024 09:57:47 +0100 Subject: [PATCH 2/4] [nats] nats operator --- base/apps/dkg-engine/nats-operator.yaml | 29 +++++++++++++++++++++++++ 1 file changed, 29 insertions(+) create mode 100644 base/apps/dkg-engine/nats-operator.yaml diff --git a/base/apps/dkg-engine/nats-operator.yaml b/base/apps/dkg-engine/nats-operator.yaml new file mode 100644 index 0000000..ca110dc --- /dev/null +++ b/base/apps/dkg-engine/nats-operator.yaml @@ -0,0 +1,29 @@ +apiVersion: argoproj.io/v1alpha1 +kind: Application +metadata: + name: nats-operator + namespace: argocd + annotations: + finalizers: + - resources-finalizer.argocd.argoproj.io +spec: + destination: + namespace: dkg-engine + server: https://kubernetes.default.svc + project: default + source: + repoURL: https://nats-io.github.io/k8s/helm/charts + chart: nats-operator + targetRevision: 0.8.3 + helm: + valuesObject: + cluster: + ## Create a NATS Cluster when installing the operator + create: false + syncPolicy: + automated: + prune: true + selfHeal: true + syncOptions: + - CreateNamespace=true + - ServerSideApply=true From 8dcd8ca4cf41797920eea1950015bce1a6ee62d3 Mon Sep 17 00:00:00 2001 From: ktatarnikov Date: Mon, 25 Nov 2024 10:04:52 +0100 Subject: [PATCH 3/4] [nats] create cluster by default --- base/apps/dkg-engine/nats-operator.yaml | 90 ++++++++++++++++++- .../validation/dkg-engine/patch-optional.yaml | 14 +++ 2 files changed, 102 insertions(+), 2 deletions(-) diff --git a/base/apps/dkg-engine/nats-operator.yaml b/base/apps/dkg-engine/nats-operator.yaml index ca110dc..bcb4dcc 100644 --- a/base/apps/dkg-engine/nats-operator.yaml +++ b/base/apps/dkg-engine/nats-operator.yaml @@ -3,7 +3,6 @@ kind: Application metadata: name: nats-operator namespace: argocd - annotations: finalizers: - resources-finalizer.argocd.argoproj.io spec: @@ -19,7 +18,94 @@ spec: valuesObject: cluster: ## Create a NATS Cluster when installing the operator - create: false + create: true + + name: nats-integration + + ## Choose namespace for cluster deployment if clusterScoped is set to true + namespace: "dkg-engine" + + ## Nats version + ## Image tags are listed here: https://hub.docker.com/_/nats?tab=tags + version: 1.4.1 + + ## Cluster Size + size: 3 + + ## Optional custom annotations to add to Pods in the cluster + annotations: {} + + resources: + limits: + cpu: 500m + memory: 512Mi + requests: + cpu: 100m + memory: 256Mi + + ## Client Authentication + ## ref: https://github.com/nats-io/gnatsd#authentication + ## note: token not supported only user/password will work with this chart version + ## + auth: + enabled: true + + # NOTE: Only supported in Kubernetes v1.12+ clusters having the "TokenRequest" API enabled. + enableServiceAccounts: false + + ## This is where you enter a username/password for 1 user + username: "nats-user" + password: "nuts-and-bolts" + + ## This is a where you can specify 2 or more users + users: [] + # - username: "another-user-1" + # password: "another-password-1" + # - username: "another-user-2" + # password: "another-password-2" + # permissions: + # publish: ["hello.*"] + # subscribe: ["hello.world"] + + defaultPermissions: {} + # publish: ["SANDBOX.*"] + # subscribe: ["PUBLIC.>"] + + tls: + enabled: false + # serverSecret: + # routesSecret: + + ## Configuration Reload + ## NOTE: Only supported in Kubernetes v1.12+. + configReload: + enabled: false + registry: "docker.io" + repository: "connecteverything/nats-server-config-reloader" + tag: "0.2.2-v1alpha2" + pullPolicy: "IfNotPresent" + resources: {} + # limits: + # cpu: 50m + # memory: 32Mi + # requests: + # cpu: 10m + # memory: 32Mi + + ## Prometheus Metrics Exporter + ## + metrics: + enabled: false + registry: "docker.io" + repository: "synadia/prometheus-nats-exporter" + tag: "0.6.2" + pullPolicy: "IfNotPresent" + + # Prometheus Operator ServiceMonitor config + ## + servicemonitor: + enabled: false + prometheusInstance: default syncPolicy: automated: prune: true diff --git a/overlays/validation/dkg-engine/patch-optional.yaml b/overlays/validation/dkg-engine/patch-optional.yaml index ac1843c..279e570 100644 --- a/overlays/validation/dkg-engine/patch-optional.yaml +++ b/overlays/validation/dkg-engine/patch-optional.yaml @@ -63,3 +63,17 @@ spec: helm: valuesObject: ingressHostName: prediction.validation +--- +apiVersion: argoproj.io/v1alpha1 +kind: Application +metadata: + name: nats-operator + namespace: argocd + finalizers: + - resources-finalizer.argocd.argoproj.io +spec: + source: + helm: + valuesObject: + cluster: + name: nats-validation From cf486efbef567b111e2a38bfc2f303903fb103ec Mon Sep 17 00:00:00 2001 From: ktatarnikov Date: Mon, 25 Nov 2024 11:52:59 +0100 Subject: [PATCH 4/4] [nats] using nats statefulset chart instead of operator --- base/apps/dkg-engine/nats-operator.yaml | 115 ---------------- base/apps/dkg-engine/nats.yaml | 168 ++++++++++++++++++++++++ 2 files changed, 168 insertions(+), 115 deletions(-) delete mode 100644 base/apps/dkg-engine/nats-operator.yaml create mode 100644 base/apps/dkg-engine/nats.yaml diff --git a/base/apps/dkg-engine/nats-operator.yaml b/base/apps/dkg-engine/nats-operator.yaml deleted file mode 100644 index bcb4dcc..0000000 --- a/base/apps/dkg-engine/nats-operator.yaml +++ /dev/null @@ -1,115 +0,0 @@ -apiVersion: argoproj.io/v1alpha1 -kind: Application -metadata: - name: nats-operator - namespace: argocd - finalizers: - - resources-finalizer.argocd.argoproj.io -spec: - destination: - namespace: dkg-engine - server: https://kubernetes.default.svc - project: default - source: - repoURL: https://nats-io.github.io/k8s/helm/charts - chart: nats-operator - targetRevision: 0.8.3 - helm: - valuesObject: - cluster: - ## Create a NATS Cluster when installing the operator - create: true - - name: nats-integration - - ## Choose namespace for cluster deployment if clusterScoped is set to true - namespace: "dkg-engine" - - ## Nats version - ## Image tags are listed here: https://hub.docker.com/_/nats?tab=tags - version: 1.4.1 - - ## Cluster Size - size: 3 - - ## Optional custom annotations to add to Pods in the cluster - annotations: {} - - resources: - limits: - cpu: 500m - memory: 512Mi - requests: - cpu: 100m - memory: 256Mi - - ## Client Authentication - ## ref: https://github.com/nats-io/gnatsd#authentication - ## note: token not supported only user/password will work with this chart version - ## - auth: - enabled: true - - # NOTE: Only supported in Kubernetes v1.12+ clusters having the "TokenRequest" API enabled. - enableServiceAccounts: false - - ## This is where you enter a username/password for 1 user - username: "nats-user" - password: "nuts-and-bolts" - - ## This is a where you can specify 2 or more users - users: [] - # - username: "another-user-1" - # password: "another-password-1" - # - username: "another-user-2" - # password: "another-password-2" - # permissions: - # publish: ["hello.*"] - # subscribe: ["hello.world"] - - defaultPermissions: {} - # publish: ["SANDBOX.*"] - # subscribe: ["PUBLIC.>"] - - tls: - enabled: false - # serverSecret: - # routesSecret: - - ## Configuration Reload - ## NOTE: Only supported in Kubernetes v1.12+. - configReload: - enabled: false - registry: "docker.io" - repository: "connecteverything/nats-server-config-reloader" - tag: "0.2.2-v1alpha2" - pullPolicy: "IfNotPresent" - resources: {} - # limits: - # cpu: 50m - # memory: 32Mi - # requests: - # cpu: 10m - # memory: 32Mi - - ## Prometheus Metrics Exporter - ## - metrics: - enabled: false - registry: "docker.io" - repository: "synadia/prometheus-nats-exporter" - tag: "0.6.2" - pullPolicy: "IfNotPresent" - - # Prometheus Operator ServiceMonitor config - ## - servicemonitor: - enabled: false - prometheusInstance: default - syncPolicy: - automated: - prune: true - selfHeal: true - syncOptions: - - CreateNamespace=true - - ServerSideApply=true diff --git a/base/apps/dkg-engine/nats.yaml b/base/apps/dkg-engine/nats.yaml new file mode 100644 index 0000000..ff5e5a0 --- /dev/null +++ b/base/apps/dkg-engine/nats.yaml @@ -0,0 +1,168 @@ +apiVersion: argoproj.io/v1alpha1 +kind: Application +metadata: + name: nats-jetstream + namespace: argocd + finalizers: + - resources-finalizer.argocd.argoproj.io +spec: + destination: + namespace: dkg-engine + server: https://kubernetes.default.svc + project: default + source: + repoURL: https://nats-io.github.io/k8s/helm/charts + chart: nats + targetRevision: 0.19.17 + helm: + valuesObject: + nats: + serverNamePrefix: integration + + jetstream: + enabled: true + + # Jetstream Domain + domain: integration + + # Jetstream Unique Tag prevent placing a stream in the same availability zone twice. + uniqueTag: + + max_outstanding_catchup: + + ########################## + # # + # Jetstream Encryption # + # # + ########################## + encryption: + # Use key if you want to provide the key via Helm Values + # key: random_key + + # Use a secret reference if you want to get a key from a secret + # secret: + # name: "nats-jetstream-encryption" + # key: "key" + + # Use cipher if you want to choose a different cipher from the default. + # cipher: aes + + ############################# + # # + # Jetstream Memory Storage # + # # + ############################# + memStorage: + enabled: true + size: 1Gi + + ############################ + # # + # Jetstream File Storage # + # # + ############################ + fileStorage: + enabled: true + storageDirectory: /data + + # Set for use with existing PVC + # existingClaim: jetstream-pvc + # claimStorageSize: 10Gi + + # Use below block to create new persistent volume + # only used if existingClaim is not specified + size: 2Gi + storageClassName: longhorn + accessModes: + - ReadWriteOnce + annotations: + # key: "value" + + # Use below if fileStorage is not enabled but you are persisting + # data using an alternative to PVC (e.g. hostPath) + # These set the corresponding jetstream configuration in nats.conf. + # store_dir: "/data" + # max_file: "10Gi" + + ####################### + # # + # TLS Configuration # + # # + ####################### + # + # # You can find more on how to setup and trouble shoot TLS connnections at: + # + # # https://docs.nats.io/nats-server/configuration/securing_nats/tls + # + + # tls: + # allowNonTLS: false + # secret: + # name: nats-client-tls + # ca: "ca.crt" + # cert: "tls.crt" + # key: "tls.key" + + mqtt: + enabled: true + ackWait: 1m + maxAckPending: 100 + + ####################### + # # + # TLS Configuration # + # # + ####################### + # + # # You can find more on how to setup and trouble shoot TLS connnections at: + # + # # https://docs.nats.io/nats-server/configuration/securing_nats/tls + # + + # + # tls: + # secret: + # name: nats-mqtt-tls + # ca: "ca.crt" + # cert: "tls.crt" + # key: "tls.key" + cluster: + enabled: true + replicas: 3 + noAdvertise: false + + # Explicitly set routes for clustering. + # When JetStream is enabled, the serverName must be unique in the cluster. + extraRoutes: [] + + # authorization: + # user: foo + # password: pwd + # timeout: 0.5 + websocket: + enabled: true + port: 443 + noTLS: true + + sameOrigin: false + allowedOrigins: [] + + # This will optionally specify what host:port for websocket + # connections to be advertised in the cluster. + # advertise: "host:port" + + # Set the handshake timeout for websocket connections + # handshakeTimeout: 5s + + k8sClusterDomain: cluster.local + + # Define if NATS is using FQDN name for clustering (i.e. nats-0.nats.default.svc.cluster.local) or short name (i.e. nats-0.nats.default). + useFQDN: true + + syncPolicy: + automated: + prune: true + selfHeal: true + syncOptions: + - CreateNamespace=true + - ServerSideApply=true