From 827c78c23c45d7553070b876de3c0d32e50d9446 Mon Sep 17 00:00:00 2001 From: Waldemar Quevedo Date: Fri, 15 Nov 2019 14:37:58 -0800 Subject: [PATCH] Add STAN manifests Signed-off-by: Waldemar Quevedo --- .../nats-streaming-auth-and-tls.yml | 166 ++++++++++++++++++ tools/nats-box-tls.yml | 5 + tools/nats-surveyor-tls.yml | 2 +- 3 files changed, 172 insertions(+), 1 deletion(-) create mode 100644 nats-streaming-server/nats-streaming-auth-and-tls.yml diff --git a/nats-streaming-server/nats-streaming-auth-and-tls.yml b/nats-streaming-server/nats-streaming-auth-and-tls.yml new file mode 100644 index 00000000..7195b692 --- /dev/null +++ b/nats-streaming-server/nats-streaming-auth-and-tls.yml @@ -0,0 +1,166 @@ +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: stan-config +data: + stan.conf: | + port: 4222 + http: 8222 + + leafnodes { + remotes = [ + { + url: "nats://nats:7422" + credentials: "/var/run/nats/secrets/stan.creds" + tls: { + ca_file: "/etc/nats/certs/ca.crt", + cert_file: "/etc/nats/certs/tls.crt", + key_file: "/etc/nats/certs/tls.key", + timeout: 3 + } + } + ] + } + + streaming { + id: stan + store: file + dir: /data/stan/store + + cluster { + node_id: $POD_NAME + + log_path: /data/stan/log + + # Explicit names of resulting peers + peers: ["stan-0", "stan-1", "stan-2"] + } + } + +--- +apiVersion: v1 +kind: Service +metadata: + name: stan + labels: + app: stan +spec: + selector: + app: stan + clusterIP: None + ports: + - name: metrics + port: 7777 +--- +apiVersion: apps/v1 +kind: StatefulSet +metadata: + name: stan + labels: + app: stan +spec: + selector: + matchLabels: + app: stan + serviceName: stan + replicas: 3 + volumeClaimTemplates: + - metadata: + name: stan-sts-vol + spec: + accessModes: + - ReadWriteOnce + volumeMode: "Filesystem" + resources: + requests: + storage: 1Gi + template: + metadata: + labels: + app: stan + spec: + volumes: + - name: config-volume + configMap: + name: stan-config + - name: creds-volume + secret: + secretName: stan-creds + - name: nats-server-tls-volume + secret: + secretName: nats-server-tls + + # Prevent NATS Streaming pods running in same host. + affinity: + podAntiAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + - topologyKey: "kubernetes.io/hostname" + labelSelector: + matchExpressions: + - key: app + operator: In + values: + - stan + # STAN Server + containers: + - name: stan + image: nats-streaming:0.16.2 + ports: + - containerPort: 8222 + name: monitor + - containerPort: 7777 + name: metrics + args: + - "-sc" + - "/etc/stan-config/stan.conf" + + # Required to be able to define an environment variable + # that refers to other environment variables. This env var + # is later used as part of the configuration file. + env: + - name: POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + volumeMounts: + - name: config-volume + mountPath: /etc/stan-config + - name: creds-volume + mountPath: /var/run/nats/secrets + - name: stan-sts-vol + mountPath: /data/stan + - name: nats-server-tls-volume + mountPath: /etc/nats/certs + + # Disable CPU limits. + resources: + requests: + cpu: 0 + + livenessProbe: + httpGet: + path: / + port: 8222 + initialDelaySeconds: 10 + timeoutSeconds: 5 + - name: metrics + image: synadia/prometheus-nats-exporter:0.6.0 + args: + - -connz + - -routez + - -subz + - -varz + - -channelz + - -serverz + # - -prefix=stan + - -use_internal_server_id + - -DV + - http://localhost:8222/ + ports: + - containerPort: 7777 + name: metrics diff --git a/tools/nats-box-tls.yml b/tools/nats-box-tls.yml index 9faa8545..d7012aa9 100644 --- a/tools/nats-box-tls.yml +++ b/tools/nats-box-tls.yml @@ -13,6 +13,9 @@ spec: - name: creds-volume secret: secretName: nats-test-creds + - name: stan-creds-volume + secret: + secretName: stan-creds - name: nats-client-tls-volume secret: secretName: nats-server-tls @@ -29,5 +32,7 @@ spec: mountPath: /var/run/nats/creds/sys - name: creds-volume mountPath: /var/run/nats/creds/test + - name: stan-creds-volume + mountPath: /var/run/nats/creds/stan - name: nats-client-tls-volume mountPath: /etc/nats/certs diff --git a/tools/nats-surveyor-tls.yml b/tools/nats-surveyor-tls.yml index 62b111d4..595523b4 100644 --- a/tools/nats-surveyor-tls.yml +++ b/tools/nats-surveyor-tls.yml @@ -53,7 +53,7 @@ spec: volumeMounts: - name: creds-volume mountPath: /var/run/nats/creds/sys - - name: nats-client-tls-volume + - name: nats-server-tls-volume mountPath: /etc/nats/certs # Disable all cpu limits for the server.