################################################################################ # Global options ################################################################################ global: image: # global image pull policy to use for all container images in the chart # can be overridden by individual image pullPolicy pullPolicy: # global list of secret names to use as image pull secrets for all pod specs in the chart # secrets must exist in the same namespace # https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ pullSecretNames: [] # global registry to use for all container images in the chart # can be overridden by individual image registry registry: # global labels will be applied to all resources deployed by the chart labels: {} ################################################################################ # Common options ################################################################################ # override name of the chart nameOverride: # override full name of the chart+release fullnameOverride: # override the namespace that resources are installed into namespaceOverride: # reference a common CA Certificate or Bundle in all nats config `tls` blocks and nats-box contexts # note: `tls.verify` still must be set in the appropriate nats config `tls` blocks to require mTLS tlsCA: enabled: false # set configMapName in order to mount an existing configMap to dir configMapName: # set secretName in order to mount an existing secretName to dir secretName: # directory to mount the configMap or secret to dir: /etc/nats-ca-cert # key in the configMap or secret that contains the CA Certificate or Bundle key: ca.crt ################################################################################ # NATS Stateful Set and associated resources ################################################################################ ############################################################ # NATS config ############################################################ config: cluster: enabled: false port: 6222 # must be 2 or higher when jetstream is enabled replicas: 3 # apply to generated route URLs that connect to other pods in the StatefulSet routeURLs: # if both user and password are set, they will be added to route URLs # and the cluster authorization block user: password: # set to true to use FQDN in route URLs useFQDN: false k8sClusterDomain: cluster.local tls: enabled: false # set secretName in order to mount an existing secret to dir secretName: dir: /etc/nats-certs/cluster cert: tls.crt key: tls.key # merge or patch the tls config # https://docs.nats.io/running-a-nats-service/configuration/securing_nats/tls merge: {} patch: [] # merge or patch the cluster config # https://docs.nats.io/running-a-nats-service/configuration/clustering/cluster_config merge: {} patch: [] jetstream: enabled: false fileStore: enabled: true dir: /data ############################################################ # stateful set -> volume claim templates -> jetstream pvc ############################################################ pvc: enabled: true size: 10Gi storageClassName: # merge or patch the jetstream pvc # https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.24/#persistentvolumeclaim-v1-core merge: {} patch: [] # defaults to "{{ include "nats.fullname" $ }}-js" name: # defaults to the PVC size maxSize: memoryStore: enabled: false # ensure that container has a sufficient memory limit greater than maxSize maxSize: 1Gi # merge or patch the jetstream config # https://docs.nats.io/running-a-nats-service/configuration#jetstream merge: {} patch: [] nats: port: 4222 tls: enabled: false # set secretName in order to mount an existing secret to dir secretName: dir: /etc/nats-certs/nats cert: tls.crt key: tls.key # merge or patch the tls config # https://docs.nats.io/running-a-nats-service/configuration/securing_nats/tls merge: {} patch: [] leafnodes: enabled: false port: 7422 tls: enabled: false # set secretName in order to mount an existing secret to dir secretName: dir: /etc/nats-certs/leafnodes cert: tls.crt key: tls.key # merge or patch the tls config # https://docs.nats.io/running-a-nats-service/configuration/securing_nats/tls merge: {} patch: [] # merge or patch the leafnodes config # https://docs.nats.io/running-a-nats-service/configuration/leafnodes/leafnode_conf merge: {} patch: [] websocket: enabled: false port: 8080 tls: enabled: false # set secretName in order to mount an existing secret to dir secretName: dir: /etc/nats-certs/websocket cert: tls.crt key: tls.key # merge or patch the tls config # https://docs.nats.io/running-a-nats-service/configuration/securing_nats/tls merge: {} patch: [] ############################################################ # ingress ############################################################ # service must be enabled also ingress: enabled: false # must contain at least 1 host otherwise ingress will not be created hosts: [] path: / pathType: Exact # sets to the ingress class name className: # set to an existing secret name to enable TLS on the ingress; applies to all hosts tlsSecretName: # merge or patch the ingress # https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.24/#ingress-v1-networking-k8s-io merge: {} patch: [] # defaults to "{{ include "nats.fullname" $ }}-ws" name: # merge or patch the websocket config # https://docs.nats.io/running-a-nats-service/configuration/websocket/websocket_conf merge: {} patch: [] mqtt: enabled: false port: 1883 tls: enabled: false # set secretName in order to mount an existing secret to dir secretName: dir: /etc/nats-certs/mqtt cert: tls.crt key: tls.key # merge or patch the tls config # https://docs.nats.io/running-a-nats-service/configuration/securing_nats/tls merge: {} patch: [] # merge or patch the mqtt config # https://docs.nats.io/running-a-nats-service/configuration/mqtt/mqtt_config merge: {} patch: [] gateway: enabled: false port: 7222 tls: enabled: false # set secretName in order to mount an existing secret to dir secretName: dir: /etc/nats-certs/gateway cert: tls.crt key: tls.key # merge or patch the tls config # https://docs.nats.io/running-a-nats-service/configuration/securing_nats/tls merge: {} patch: [] # merge or patch the gateway config # https://docs.nats.io/running-a-nats-service/configuration/gateways/gateway#gateway-configuration-block merge: {} patch: [] monitor: enabled: true port: 8222 tls: # config.nats.tls must be enabled also # when enabled, monitoring port will use HTTPS with the options from config.nats.tls enabled: false profiling: enabled: false port: 65432 resolver: enabled: false dir: /data/resolver ############################################################ # stateful set -> volume claim templates -> resolver pvc ############################################################ pvc: enabled: true size: 1Gi storageClassName: # merge or patch the pvc # https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.24/#persistentvolumeclaim-v1-core merge: {} patch: [] # defaults to "{{ include "nats.fullname" $ }}-resolver" name: # merge or patch the resolver # https://docs.nats.io/running-a-nats-service/configuration/securing_nats/auth_intro/jwt/resolver merge: {} patch: [] # adds a prefix to the server name, which defaults to the pod name # helpful for ensuring server name is unique in a super cluster serverNamePrefix: "" # merge or patch the nats config # https://docs.nats.io/running-a-nats-service/configuration # following special rules apply # 1. strings that start with << and end with >> will be unquoted # use this for variables and numbers with units # 2. keys ending in $include will be switched to include directives # keys are sorted alphabetically, use prefix before $includes to control includes ordering # paths should be relative to /etc/nats-config/nats.conf # example: # # merge: # $include: ./my-config.conf # zzz$include: ./my-config-last.conf # server_name: nats # authorization: # token: << $TOKEN >> # jetstream: # max_memory_store: << 1GB >> # # will yield the config: # { # include ./my-config.conf; # "authorization": { # "token": $TOKEN # }, # "jetstream": { # "max_memory_store": 1GB # }, # "server_name": "nats", # include ./my-config-last.conf; # } merge: {} patch: [] ############################################################ # stateful set -> pod template -> nats container ############################################################ container: image: repository: nats tag: 2.10.22-alpine pullPolicy: registry: # container port options # must be enabled in the config section also # https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.24/#containerport-v1-core ports: nats: {} leafnodes: {} websocket: {} mqtt: {} cluster: {} gateway: {} monitor: {} profiling: {} # map with key as env var name, value can be string or map # example: # # env: # GOMEMLIMIT: 7GiB # TOKEN: # valueFrom: # secretKeyRef: # name: nats-auth # key: token env: {} # merge or patch the container # https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.24/#container-v1-core merge: {} patch: [] ############################################################ # stateful set -> pod template -> reloader container ############################################################ reloader: enabled: true image: repository: natsio/nats-server-config-reloader tag: 0.16.0 pullPolicy: registry: # env var map, see nats.env for an example env: {} # all nats container volume mounts with the following prefixes # will be mounted into the reloader container natsVolumeMountPrefixes: - /etc/ # merge or patch the container # https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.24/#container-v1-core merge: {} patch: [] ############################################################ # stateful set -> pod template -> prom-exporter container ############################################################ # config.monitor must be enabled promExporter: enabled: false image: repository: natsio/prometheus-nats-exporter tag: 0.15.0 pullPolicy: registry: port: 7777 # env var map, see nats.env for an example env: {} # merge or patch the container # https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.24/#container-v1-core merge: {} patch: [] ############################################################ # prometheus pod monitor ############################################################ podMonitor: enabled: false # merge or patch the pod monitor # https://prometheus-operator.dev/docs/operator/api/#monitoring.coreos.com/v1.PodMonitor merge: {} patch: [] # defaults to "{{ include "nats.fullname" $ }}" name: ############################################################ # service ############################################################ service: enabled: true # service port options # additional boolean field enable to control whether port is exposed in the service # must be enabled in the config section also # https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.24/#serviceport-v1-core ports: nats: enabled: true leafnodes: enabled: true websocket: enabled: true mqtt: enabled: true cluster: enabled: false gateway: enabled: false monitor: enabled: false profiling: enabled: false # merge or patch the service # https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.24/#service-v1-core merge: {} patch: [] # defaults to "{{ include "nats.fullname" $ }}" name: ############################################################ # other nats extension points ############################################################ # stateful set statefulSet: # merge or patch the stateful set # https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.24/#statefulset-v1-apps merge: {} patch: [] # defaults to "{{ include "nats.fullname" $ }}" name: # stateful set -> pod template podTemplate: # adds a hash of the ConfigMap as a pod annotation # this will cause the StatefulSet to roll when the ConfigMap is updated configChecksumAnnotation: true # map of topologyKey: topologySpreadConstraint # labelSelector will be added to match StatefulSet pods # # topologySpreadConstraints: # kubernetes.io/hostname: # maxSkew: 1 # topologySpreadConstraints: {} # merge or patch the pod template # https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.24/#pod-v1-core merge: {} patch: [] # headless service headlessService: # merge or patch the headless service # https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.24/#service-v1-core merge: {} patch: [] # defaults to "{{ include "nats.fullname" $ }}-headless" name: # config map configMap: # merge or patch the config map # https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.24/#configmap-v1-core merge: {} patch: [] # defaults to "{{ include "nats.fullname" $ }}-config" name: # pod disruption budget podDisruptionBudget: enabled: true # merge or patch the pod disruption budget # https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.24/#poddisruptionbudget-v1-policy merge: {} patch: [] # defaults to "{{ include "nats.fullname" $ }}" name: # service account serviceAccount: enabled: false # merge or patch the service account # https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.24/#serviceaccount-v1-core merge: {} patch: [] # defaults to "{{ include "nats.fullname" $ }}" name: ############################################################ # natsBox # # NATS Box Deployment and associated resources ############################################################ natsBox: enabled: true ############################################################ # NATS contexts ############################################################ contexts: default: creds: # set contents in order to create a secret with the creds file contents contents: # set secretName in order to mount an existing secret to dir secretName: # defaults to /etc/nats-creds/ dir: key: nats.creds nkey: # set contents in order to create a secret with the nkey file contents contents: # set secretName in order to mount an existing secret to dir secretName: # defaults to /etc/nats-nkeys/ dir: key: nats.nk # used to connect with client certificates tls: # set secretName in order to mount an existing secret to dir secretName: # defaults to /etc/nats-certs/ dir: cert: tls.crt key: tls.key # merge or patch the context # https://docs.nats.io/using-nats/nats-tools/nats_cli#nats-contexts merge: {} patch: [] # name of context to select by default defaultContextName: default ############################################################ # deployment -> pod template -> nats-box container ############################################################ container: image: repository: natsio/nats-box tag: 0.14.5 pullPolicy: registry: # env var map, see nats.env for an example env: {} # merge or patch the container # https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.24/#container-v1-core merge: {} patch: [] ############################################################ # other nats-box extension points ############################################################ # deployment deployment: # merge or patch the deployment # https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.24/#deployment-v1-apps merge: {} patch: [] # defaults to "{{ include "nats.fullname" $ }}-box" name: # deployment -> pod template podTemplate: # merge or patch the pod template # https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.24/#pod-v1-core merge: {} patch: [] # contexts secret contextsSecret: # merge or patch the context secret # https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.24/#secret-v1-core merge: {} patch: [] # defaults to "{{ include "nats.fullname" $ }}-box-contexts" name: # contents secret contentsSecret: # merge or patch the contents secret # https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.24/#secret-v1-core merge: {} patch: [] # defaults to "{{ include "nats.fullname" $ }}-box-contents" name: # service account serviceAccount: enabled: false # merge or patch the service account # https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.24/#serviceaccount-v1-core merge: {} patch: [] # defaults to "{{ include "nats.fullname" $ }}-box" name: ################################################################################ # Extra user-defined resources ################################################################################ # # add arbitrary user-generated resources # example: # # config: # websocket: # enabled: true # extraResources: # - apiVersion: networking.istio.io/v1beta1 # kind: VirtualService # metadata: # name: # $tplYaml: > # {{ include "nats.fullname" $ | quote }} # labels: # $tplYaml: | # {{ include "nats.labels" $ }} # spec: # hosts: # - demo.nats.io # gateways: # - my-gateway # http: # - name: default # match: # - name: root # uri: # exact: / # route: # - destination: # host: # $tplYaml: > # {{ .Values.service.name | quote }} # port: # number: # $tplYaml: > # {{ .Values.config.websocket.port }} # extraResources: []