nats chart provisoning

opencloud/charts/nats/files/nats-box/contents-secret.yaml

@@ -0,0 +1,17 @@
+apiVersion: v1
+kind: Secret
+metadata:
+  {{- include "nats.metadataNamespace" $ | nindent 2 }}
+  name: {{ .Values.natsBox.contentsSecret.name }}
+  labels:
+    {{- include "natsBox.labels" $ | nindent 4 }}
+type: Opaque
+stringData:
+  {{- range $ctxKey, $ctxVal := .Values.natsBox.contexts }}
+  {{- range $secretKey, $secretVal := dict "creds" "creds" "nkey" "nk" }}
+  {{- $secret := get $ctxVal $secretKey }}
+  {{- if and $secret $secret.contents }}
+  "{{ $ctxKey }}.{{ $secretVal }}": {{ $secret.contents | quote }}
+  {{- end }}
+  {{- end }}
+  {{- end }}

opencloud/charts/nats/files/nats-box/contexts-secret/context.yaml

@@ -0,0 +1,51 @@
+{{- $contextName := .contextName }}
+
+# url
+{{- if .Values.service.enabled }}
+url: nats://{{ .Values.service.name }}
+{{- else }}
+url: nats://{{ .Values.headlessService.name }}
+{{- end }}
+
+{{- with .context }}
+
+# creds
+{{- with .creds}}
+{{- if .contents }}
+creds: /etc/nats-contents/{{ $contextName }}.creds
+{{- else if .secretName }}
+{{- $dir := trimSuffix "/" .dir }}
+creds: {{ printf "%s/%s" $dir (.key | default "nats.creds") | quote }}
+{{- end }}
+{{- end }}
+
+# nkey
+{{- with .nkey}}
+{{- if .contents }}
+nkey: /etc/nats-contents/{{ $contextName }}.nk
+{{- else if .secretName }}
+{{- $dir := trimSuffix "/" .dir }}
+nkey: {{ printf "%s/%s" $dir (.key | default "nats.nk") | quote }}
+{{- end }}
+{{- end }}
+
+# tls
+{{- with .tls }}
+{{- if .secretName }}
+{{- $dir := trimSuffix "/" .dir }}
+cert: {{ printf "%s/%s" $dir (.cert | default "tls.crt") | quote }}
+key: {{ printf "%s/%s" $dir (.key | default "tls.key") | quote }}
+{{- end }}
+{{- end }}
+
+# tlsCA
+{{- if $.Values.config.nats.tls.enabled }}
+{{- with $.Values.tlsCA }}
+{{- if and .enabled (or .configMapName .secretName) }}
+{{- $dir := trimSuffix "/" .dir }}
+ca: {{ printf "%s/%s" $dir (.key | default "ca.crt") | quote }}
+{{- end }}
+{{- end }}
+{{- end }}
+
+{{- end }}

opencloud/charts/nats/files/nats-box/contexts-secret/contexts-secret.yaml

@@ -0,0 +1,13 @@
+apiVersion: v1
+kind: Secret
+metadata:
+  {{- include "nats.metadataNamespace" $ | nindent 2 }}
+  name: {{ .Values.natsBox.contextsSecret.name }}
+  labels:
+    {{- include "natsBox.labels" $ | nindent 4 }}
+type: Opaque
+stringData:
+{{- range $ctxKey, $ctxVal := .Values.natsBox.contexts }}
+  "{{ $ctxKey }}.json": |
+    {{- include "toPrettyRawJson" (include "nats.loadMergePatch" (dict "file" "nats-box/contexts-secret/context.yaml" "merge" (.merge | default dict) "patch" (.patch | default list) "ctx" (merge (dict "contextName" $ctxKey "context" $ctxVal) $)) | fromYaml) | nindent 4 }}
+{{- end }}

opencloud/charts/nats/files/nats-box/deployment/container.yaml

@@ -0,0 +1,46 @@
+name: nats-box
+{{ include "nats.image" (merge (pick $.Values "global") .Values.natsBox.container.image) }}
+
+{{- with .Values.natsBox.container.env }}
+env:
+{{- include "nats.env" . }}
+{{- end }}
+
+command:
+- sh
+- -ec
+- |
+  work_dir="$(pwd)"
+  mkdir -p "$XDG_CONFIG_HOME/nats"
+  cd "$XDG_CONFIG_HOME/nats"
+  if ! [ -s context ]; then
+    ln -s /etc/nats-contexts context
+  fi
+  {{- if .Values.natsBox.defaultContextName }}
+  if ! [ -f context.txt ]; then
+    echo -n {{ .Values.natsBox.defaultContextName | quote }} > context.txt
+  fi
+  {{- end }}
+  cd "$work_dir"
+  exec /entrypoint.sh "$@"
+- --
+args:
+- sh
+- -ec
+- trap true INT TERM; sleep infinity & wait
+volumeMounts:
+# contexts secret
+- name: contexts
+  mountPath: /etc/nats-contexts
+# contents secret
+{{- if .hasContentsSecret }}
+- name: contents
+  mountPath: /etc/nats-contents
+{{- end }}
+# tlsCA
+{{- include "nats.tlsCAVolumeMount" $ }}
+# secrets
+{{- range (include "natsBox.secretNames" $ | fromJson).secretNames }}
+- name: {{ .name | quote }}
+  mountPath: {{ .dir | quote }}
+{{- end }}

opencloud/charts/nats/files/nats-box/deployment/deployment.yaml

@@ -0,0 +1,16 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  {{- include "nats.metadataNamespace" $ | nindent 2 }}
+  name: {{ .Values.natsBox.deployment.name }}
+  labels:
+    {{- include "natsBox.labels" $ | nindent 4 }}
+spec:
+  selector:
+    matchLabels:
+      {{- include "natsBox.selectorLabels" $ | nindent 6 }}
+  replicas: 1
+  template:
+    {{- with .Values.natsBox.podTemplate }}
+    {{ include "nats.loadMergePatch" (merge (dict "file" "nats-box/deployment/pod-template.yaml" "ctx" $) .) | nindent 4 }}
+    {{- end }}

opencloud/charts/nats/files/nats-box/deployment/pod-template.yaml

@@ -0,0 +1,44 @@
+metadata:
+  labels:
+    {{- include "natsBox.labels" $ | nindent 4 }}
+spec:
+  containers:
+  {{- with .Values.natsBox.container }}
+  - {{ include "nats.loadMergePatch" (merge (dict "file" "nats-box/deployment/container.yaml" "ctx" $) .) | nindent 4 }}
+  {{- end }}
+
+  # service discovery uses DNS; don't need service env vars
+  enableServiceLinks: false
+  
+  {{- with .Values.global.image.pullSecretNames }}
+  imagePullSecrets:
+  {{- range . }}
+  - name: {{ . | quote }}
+  {{- end }}
+  {{- end }}
+
+  {{- with .Values.natsBox.serviceAccount }}
+  {{- if .enabled }}
+  serviceAccountName: {{ .name | quote }}
+  {{- end }}
+  {{- end }}
+
+  volumes:
+  # contexts secret
+  - name: contexts
+    secret:
+      secretName: {{ .Values.natsBox.contextsSecret.name }}
+  # contents secret
+  {{- if .hasContentsSecret }}
+  - name: contents
+    secret:
+      secretName: {{ .Values.natsBox.contentsSecret.name }}
+  {{- end }}
+  # tlsCA
+  {{- include "nats.tlsCAVolume" $ | nindent 2 }}
+  # secrets
+  {{- range (include "natsBox.secretNames" $ | fromJson).secretNames }}
+  - name: {{ .name | quote }}
+    secret:
+      secretName: {{ .secretName | quote }}
+  {{- end }}

opencloud/charts/nats/files/nats-box/service-account.yaml

@@ -0,0 +1,7 @@
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  {{- include "nats.metadataNamespace" $ | nindent 2 }}
+  name: {{ .Values.natsBox.serviceAccount.name }}
+  labels:
+    {{- include "natsBox.labels" $ | nindent 4 }}