################################################################################
# Global options
################################################################################
global:
image:
# global image pull policy to use for all container images in the chart
# can be overridden by individual image pullPolicy
pullPolicy:
# global list of secret names to use as image pull secrets for all pod specs in the chart
# secrets must exist in the same namespace
# https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
pullSecretNames: []
# global registry to use for all container images in the chart
# can be overridden by individual image registry
registry:
# global labels will be applied to all resources deployed by the chart
labels: {}
################################################################################
# Common options
################################################################################
# override name of the chart
nameOverride:
# override full name of the chart+release
fullnameOverride:
# override the namespace that resources are installed into
namespaceOverride:
# reference a common CA Certificate or Bundle in all nats config `tls` blocks and nats-box contexts
# note: `tls.verify` still must be set in the appropriate nats config `tls` blocks to require mTLS
tlsCA:
enabled: false
# set configMapName in order to mount an existing configMap to dir
configMapName:
# set secretName in order to mount an existing secretName to dir
secretName:
# directory to mount the configMap or secret to
dir: /etc/nats-ca-cert
# key in the configMap or secret that contains the CA Certificate or Bundle
key: ca.crt
################################################################################
# NATS Stateful Set and associated resources
################################################################################
############################################################
# NATS config
############################################################
config:
cluster:
enabled: false
port: 6222
# must be 2 or higher when jetstream is enabled
replicas: 3
# apply to generated route URLs that connect to other pods in the StatefulSet
routeURLs:
# if both user and password are set, they will be added to route URLs
# and the cluster authorization block
user:
password:
# set to true to use FQDN in route URLs
useFQDN: false
k8sClusterDomain: cluster.local
tls:
enabled: false
# set secretName in order to mount an existing secret to dir
secretName:
dir: /etc/nats-certs/cluster
cert: tls.crt
key: tls.key
# merge or patch the tls config
# https://docs.nats.io/running-a-nats-service/configuration/securing_nats/tls
merge: {}
patch: []
# merge or patch the cluster config
# https://docs.nats.io/running-a-nats-service/configuration/clustering/cluster_config
merge: {}
patch: []
jetstream:
enabled: false
fileStore:
enabled: true
dir: /data
############################################################
# stateful set -> volume claim templates -> jetstream pvc
############################################################
pvc:
enabled: true
size: 10Gi
storageClassName:
# merge or patch the jetstream pvc
# https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.24/#persistentvolumeclaim-v1-core
merge: {}
patch: []
# defaults to "{{ include "nats.fullname" $ }}-js"
name:
# defaults to the PVC size
maxSize:
memoryStore:
enabled: false
# ensure that container has a sufficient memory limit greater than maxSize
maxSize: 1Gi
# merge or patch the jetstream config
# https://docs.nats.io/running-a-nats-service/configuration#jetstream
merge: {}
patch: []
nats:
port: 4222
tls:
enabled: false
# set secretName in order to mount an existing secret to dir
secretName:
dir: /etc/nats-certs/nats
cert: tls.crt
key: tls.key
# merge or patch the tls config
# https://docs.nats.io/running-a-nats-service/configuration/securing_nats/tls
merge: {}
patch: []
leafnodes:
enabled: false
port: 7422
tls:
enabled: false
# set secretName in order to mount an existing secret to dir
secretName:
dir: /etc/nats-certs/leafnodes
cert: tls.crt
key: tls.key
# merge or patch the tls config
# https://docs.nats.io/running-a-nats-service/configuration/securing_nats/tls
merge: {}
patch: []
# merge or patch the leafnodes config
# https://docs.nats.io/running-a-nats-service/configuration/leafnodes/leafnode_conf
merge: {}
patch: []
websocket:
enabled: false
port: 8080
tls:
enabled: false
# set secretName in order to mount an existing secret to dir
secretName:
dir: /etc/nats-certs/websocket
cert: tls.crt
key: tls.key
# merge or patch the tls config
# https://docs.nats.io/running-a-nats-service/configuration/securing_nats/tls
merge: {}
patch: []
############################################################
# ingress
############################################################
# service must be enabled also
ingress:
enabled: false
# must contain at least 1 host otherwise ingress will not be created
hosts: []
path: /
pathType: Exact
# sets to the ingress class name
className:
# set to an existing secret name to enable TLS on the ingress; applies to all hosts
tlsSecretName:
# merge or patch the ingress
# https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.24/#ingress-v1-networking-k8s-io
merge: {}
patch: []
# defaults to "{{ include "nats.fullname" $ }}-ws"
name:
# merge or patch the websocket config
# https://docs.nats.io/running-a-nats-service/configuration/websocket/websocket_conf
merge: {}
patch: []
mqtt:
enabled: false
port: 1883
tls:
enabled: false
# set secretName in order to mount an existing secret to dir
secretName:
dir: /etc/nats-certs/mqtt
cert: tls.crt
key: tls.key
# merge or patch the tls config
# https://docs.nats.io/running-a-nats-service/configuration/securing_nats/tls
merge: {}
patch: []
# merge or patch the mqtt config
# https://docs.nats.io/running-a-nats-service/configuration/mqtt/mqtt_config
merge: {}
patch: []
gateway:
enabled: false
port: 7222
tls:
enabled: false
# set secretName in order to mount an existing secret to dir
secretName:
dir: /etc/nats-certs/gateway
cert: tls.crt
key: tls.key
# merge or patch the tls config
# https://docs.nats.io/running-a-nats-service/configuration/securing_nats/tls
merge: {}
patch: []
# merge or patch the gateway config
# https://docs.nats.io/running-a-nats-service/configuration/gateways/gateway#gateway-configuration-block
merge: {}
patch: []
monitor:
enabled: true
port: 8222
tls:
# config.nats.tls must be enabled also
# when enabled, monitoring port will use HTTPS with the options from config.nats.tls
enabled: false
profiling:
enabled: false
port: 65432
resolver:
enabled: false
dir: /data/resolver
############################################################
# stateful set -> volume claim templates -> resolver pvc
############################################################
pvc:
enabled: true
size: 1Gi
storageClassName:
# merge or patch the pvc
# https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.24/#persistentvolumeclaim-v1-core
merge: {}
patch: []
# defaults to "{{ include "nats.fullname" $ }}-resolver"
name:
# merge or patch the resolver
# https://docs.nats.io/running-a-nats-service/configuration/securing_nats/auth_intro/jwt/resolver
merge: {}
patch: []
# adds a prefix to the server name, which defaults to the pod name
# helpful for ensuring server name is unique in a super cluster
serverNamePrefix: ""
# merge or patch the nats config
# https://docs.nats.io/running-a-nats-service/configuration
# following special rules apply
# 1. strings that start with << and end with >> will be unquoted
# use this for variables and numbers with units
# 2. keys ending in $include will be switched to include directives
# keys are sorted alphabetically, use prefix before $includes to control includes ordering
# paths should be relative to /etc/nats-config/nats.conf
# example:
#
# merge:
# $include: ./my-config.conf
# zzz$include: ./my-config-last.conf
# server_name: nats
# authorization:
# token: << $TOKEN >>
# jetstream:
# max_memory_store: << 1GB >>
#
# will yield the config:
# {
# include ./my-config.conf;
# "authorization": {
# "token": $TOKEN
# },
# "jetstream": {
# "max_memory_store": 1GB
# },
# "server_name": "nats",
# include ./my-config-last.conf;
# }
merge: {}
patch: []
############################################################
# stateful set -> pod template -> nats container
############################################################
container:
image:
repository: nats
tag: 2.10.22-alpine
pullPolicy:
registry:
# container port options
# must be enabled in the config section also
# https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.24/#containerport-v1-core
ports:
nats: {}
leafnodes: {}
websocket: {}
mqtt: {}
cluster: {}
gateway: {}
monitor: {}
profiling: {}
# map with key as env var name, value can be string or map
# example:
#
# env:
# GOMEMLIMIT: 7GiB
# TOKEN:
# valueFrom:
# secretKeyRef:
# name: nats-auth
# key: token
env: {}
# merge or patch the container
# https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.24/#container-v1-core
merge: {}
patch: []
############################################################
# stateful set -> pod template -> reloader container
############################################################
reloader:
enabled: true
image:
repository: natsio/nats-server-config-reloader
tag: 0.16.0
pullPolicy:
registry:
# env var map, see nats.env for an example
env: {}
# all nats container volume mounts with the following prefixes
# will be mounted into the reloader container
natsVolumeMountPrefixes:
- /etc/
# merge or patch the container
# https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.24/#container-v1-core
merge: {}
patch: []
############################################################
# stateful set -> pod template -> prom-exporter container
############################################################
# config.monitor must be enabled
promExporter:
enabled: false
image:
repository: natsio/prometheus-nats-exporter
tag: 0.15.0
pullPolicy:
registry:
port: 7777
# env var map, see nats.env for an example
env: {}
# merge or patch the container
# https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.24/#container-v1-core
merge: {}
patch: []
############################################################
# prometheus pod monitor
############################################################
podMonitor:
enabled: false
# merge or patch the pod monitor
# https://prometheus-operator.dev/docs/operator/api/#monitoring.coreos.com/v1.PodMonitor
merge: {}
patch: []
# defaults to "{{ include "nats.fullname" $ }}"
name:
############################################################
# service
############################################################
service:
enabled: true
# service port options
# additional boolean field enable to control whether port is exposed in the service
# must be enabled in the config section also
# https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.24/#serviceport-v1-core
ports:
nats:
enabled: true
leafnodes:
enabled: true
websocket:
enabled: true
mqtt:
enabled: true
cluster:
enabled: false
gateway:
enabled: false
monitor:
enabled: false
profiling:
enabled: false
# merge or patch the service
# https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.24/#service-v1-core
merge: {}
patch: []
# defaults to "{{ include "nats.fullname" $ }}"
name:
############################################################
# other nats extension points
############################################################
# stateful set
statefulSet:
# merge or patch the stateful set
# https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.24/#statefulset-v1-apps
merge: {}
patch: []
# defaults to "{{ include "nats.fullname" $ }}"
name:
# stateful set -> pod template
podTemplate:
# adds a hash of the ConfigMap as a pod annotation
# this will cause the StatefulSet to roll when the ConfigMap is updated
configChecksumAnnotation: true
# map of topologyKey: topologySpreadConstraint
# labelSelector will be added to match StatefulSet pods
#
# topologySpreadConstraints:
# kubernetes.io/hostname:
# maxSkew: 1
#
topologySpreadConstraints: {}
# merge or patch the pod template
# https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.24/#pod-v1-core
merge: {}
patch: []
# headless service
headlessService:
# merge or patch the headless service
# https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.24/#service-v1-core
merge: {}
patch: []
# defaults to "{{ include "nats.fullname" $ }}-headless"
name:
# config map
configMap:
# merge or patch the config map
# https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.24/#configmap-v1-core
merge: {}
patch: []
# defaults to "{{ include "nats.fullname" $ }}-config"
name:
# pod disruption budget
podDisruptionBudget:
enabled: true
# merge or patch the pod disruption budget
# https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.24/#poddisruptionbudget-v1-policy
merge: {}
patch: []
# defaults to "{{ include "nats.fullname" $ }}"
name:
# service account
serviceAccount:
enabled: false
# merge or patch the service account
# https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.24/#serviceaccount-v1-core
merge: {}
patch: []
# defaults to "{{ include "nats.fullname" $ }}"
name:
############################################################
# natsBox
#
# NATS Box Deployment and associated resources
############################################################
natsBox:
enabled: true
############################################################
# NATS contexts
############################################################
contexts:
default:
creds:
# set contents in order to create a secret with the creds file contents
contents:
# set secretName in order to mount an existing secret to dir
secretName:
# defaults to /etc/nats-creds/<context-name>
dir:
key: nats.creds
nkey:
# set contents in order to create a secret with the nkey file contents
contents:
# set secretName in order to mount an existing secret to dir
secretName:
# defaults to /etc/nats-nkeys/<context-name>
dir:
key: nats.nk
# used to connect with client certificates
tls:
# set secretName in order to mount an existing secret to dir
secretName:
# defaults to /etc/nats-certs/<context-name>
dir:
cert: tls.crt
key: tls.key
# merge or patch the context
# https://docs.nats.io/using-nats/nats-tools/nats_cli#nats-contexts
merge: {}
patch: []
# name of context to select by default
defaultContextName: default
############################################################
# deployment -> pod template -> nats-box container
############################################################
container:
image:
repository: natsio/nats-box
tag: 0.14.5
pullPolicy:
registry:
# env var map, see nats.env for an example
env: {}
# merge or patch the container
# https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.24/#container-v1-core
merge: {}
patch: []
############################################################
# other nats-box extension points
############################################################
# deployment
deployment:
# merge or patch the deployment
# https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.24/#deployment-v1-apps
merge: {}
patch: []
# defaults to "{{ include "nats.fullname" $ }}-box"
name:
# deployment -> pod template
podTemplate:
# merge or patch the pod template
# https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.24/#pod-v1-core
merge: {}
patch: []
# contexts secret
contextsSecret:
# merge or patch the context secret
# https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.24/#secret-v1-core
merge: {}
patch: []
# defaults to "{{ include "nats.fullname" $ }}-box-contexts"
name:
# contents secret
contentsSecret:
# merge or patch the contents secret
# https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.24/#secret-v1-core
merge: {}
patch: []
# defaults to "{{ include "nats.fullname" $ }}-box-contents"
name:
# service account
serviceAccount:
enabled: false
# merge or patch the service account
# https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.24/#serviceaccount-v1-core
merge: {}
patch: []
# defaults to "{{ include "nats.fullname" $ }}-box"
name:
################################################################################
# Extra user-defined resources
################################################################################
#
# add arbitrary user-generated resources
# example:
#
# config:
# websocket:
# enabled: true
# extraResources:
# - apiVersion: networking.istio.io/v1beta1
# kind: VirtualService
# metadata:
# name:
# $tplYaml: >
# {{ include "nats.fullname" $ | quote }}
# labels:
# $tplYaml: |
# {{ include "nats.labels" $ }}
# spec:
# hosts:
# - demo.nats.io
# gateways:
# - my-gateway
# http:
# - name: default
# match:
# - name: root
# uri:
# exact: /
# route:
# - destination:
# host:
# $tplYaml: >
# {{ .Values.service.name | quote }}
# port:
# number:
# $tplYaml: >
# {{ .Values.config.websocket.port }}
#
extraResources: []