Add STAN manifests

Signed-off-by: Waldemar Quevedo <[email protected]>
cf250024 · Nov 15, 2019 · 827c78c · 827c78c
1 parent 862ac54
commit 827c78c
Show file tree

Hide file tree

Showing 3 changed files with 172 additions and 1 deletion.
diff --git a/nats-streaming-server/nats-streaming-auth-and-tls.yml b/nats-streaming-server/nats-streaming-auth-and-tls.yml
@@ -0,0 +1,166 @@
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: stan-config
+data:
+  stan.conf: |
+    port: 4222
+    http: 8222
+
+    leafnodes {
+      remotes = [
+        {
+          url: "nats://nats:7422"
+          credentials: "/var/run/nats/secrets/stan.creds"
+          tls: {
+            ca_file: "/etc/nats/certs/ca.crt",
+            cert_file: "/etc/nats/certs/tls.crt",
+            key_file: "/etc/nats/certs/tls.key",
+            timeout: 3
+          }
+        }
+      ]
+    }
+
+    streaming {
+     id: stan
+     store: file
+     dir: /data/stan/store
+
+     cluster {
+       node_id: $POD_NAME
+
+       log_path: /data/stan/log
+
+       # Explicit names of resulting peers
+       peers: ["stan-0", "stan-1", "stan-2"]
+      }
+    }
+
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: stan
+  labels:
+    app: stan
+spec:
+  selector:
+    app: stan
+  clusterIP: None
+  ports:
+  - name: metrics
+    port: 7777
+---
+apiVersion: apps/v1
+kind: StatefulSet
+metadata:
+  name: stan
+  labels:
+    app: stan
+spec:
+  selector:
+    matchLabels:
+      app: stan
+  serviceName: stan
+  replicas: 3
+  volumeClaimTemplates:
+  - metadata:
+      name: stan-sts-vol
+    spec:
+      accessModes:
+      - ReadWriteOnce
+      volumeMode: "Filesystem"
+      resources:
+        requests:
+          storage: 1Gi
+  template:
+    metadata:
+      labels:
+        app: stan
+    spec:
+      volumes:
+      - name: config-volume
+        configMap:
+          name: stan-config
+      - name: creds-volume
+        secret:
+          secretName: stan-creds
+      - name: nats-server-tls-volume
+        secret:
+          secretName: nats-server-tls
+
+      # Prevent NATS Streaming pods running in same host.
+      affinity:
+        podAntiAffinity:
+          requiredDuringSchedulingIgnoredDuringExecution:
+          - topologyKey: "kubernetes.io/hostname"
+            labelSelector:
+              matchExpressions:
+              - key: app
+                operator: In
+                values:
+                - stan
+      # STAN Server
+      containers:
+      - name: stan
+        image: nats-streaming:0.16.2
+        ports:
+        - containerPort: 8222
+          name: monitor
+        - containerPort: 7777
+          name: metrics
+        args:
+         - "-sc"
+         - "/etc/stan-config/stan.conf"
+
+        # Required to be able to define an environment variable
+        # that refers to other environment variables.  This env var
+        # is later used as part of the configuration file.
+        env:
+        - name: POD_NAME
+          valueFrom:
+            fieldRef:
+              fieldPath: metadata.name
+        - name: POD_NAMESPACE
+          valueFrom:
+            fieldRef:
+              fieldPath: metadata.namespace
+        volumeMounts:
+          - name: config-volume
+            mountPath: /etc/stan-config
+          - name: creds-volume
+            mountPath: /var/run/nats/secrets
+          - name: stan-sts-vol
+            mountPath: /data/stan
+          - name: nats-server-tls-volume
+            mountPath: /etc/nats/certs
+
+        # Disable CPU limits.
+        resources:
+          requests:
+            cpu: 0
+
+        livenessProbe:
+          httpGet:
+            path: /
+            port: 8222
+          initialDelaySeconds: 10
+          timeoutSeconds: 5
+      - name: metrics
+        image: synadia/prometheus-nats-exporter:0.6.0
+        args:
+        - -connz
+        - -routez
+        - -subz
+        - -varz
+        - -channelz
+        - -serverz
+        # - -prefix=stan
+        - -use_internal_server_id
+        - -DV
+        - http://localhost:8222/
+        ports:
+        - containerPort: 7777
+          name: metrics
diff --git a/tools/nats-box-tls.yml b/tools/nats-box-tls.yml
@@ -13,6 +13,9 @@ spec:
   - name: creds-volume
     secret:
       secretName: nats-test-creds
+  - name: stan-creds-volume
+    secret:
+      secretName: stan-creds
   - name: nats-client-tls-volume
     secret:
       secretName: nats-server-tls
@@ -29,5 +32,7 @@ spec:
         mountPath: /var/run/nats/creds/sys
       - name: creds-volume
         mountPath: /var/run/nats/creds/test
+      - name: stan-creds-volume
+        mountPath: /var/run/nats/creds/stan
       - name: nats-client-tls-volume
         mountPath: /etc/nats/certs
diff --git a/tools/nats-surveyor-tls.yml b/tools/nats-surveyor-tls.yml
@@ -53,7 +53,7 @@ spec:
         volumeMounts:
           - name: creds-volume
             mountPath: /var/run/nats/creds/sys
-          - name: nats-client-tls-volume
+          - name: nats-server-tls-volume
             mountPath: /etc/nats/certs
 
         # Disable all cpu limits for the server.