From b6809b70df61aafb42ac4d561d29ecd0013a8e24 Mon Sep 17 00:00:00 2001 From: Caleb Lloyd <2414837+caleblloyd@users.noreply.github.com> Date: Sat, 24 Jun 2023 09:13:05 -0400 Subject: [PATCH] [helm nats 1.x] config.cluster.routeURLs options (#746) * [helm nats 1.x] config.cluster.routeURLs options Signed-off-by: Caleb Lloyd * update comments Signed-off-by: Caleb Lloyd --------- Signed-off-by: Caleb Lloyd --- helm/charts/nats/README.md | 40 +++------------------- helm/charts/nats/files/config/cluster.yaml | 17 ++++++++- helm/charts/nats/test/config_test.go | 15 ++++++-- helm/charts/nats/test/ports_test.go | 6 ++-- helm/charts/nats/values.yaml | 10 ++++++ 5 files changed, 46 insertions(+), 42 deletions(-) diff --git a/helm/charts/nats/README.md b/helm/charts/nats/README.md index 6cc146d8..3a1a858a 100644 --- a/helm/charts/nats/README.md +++ b/helm/charts/nats/README.md @@ -183,43 +183,13 @@ Anything in `values.yaml` can be templated: yaml template ``` -Example - add cluster authorization: +Example - change service name: ```yaml -config: - cluster: - enabled: true - merge: - authorization: - user: foo - password: - $tplYaml: > - {{ bcrypt "bar" }} - routes: - - $tplYamlSpread: | - {{- range $i, $_ := until (int $.Values.config.cluster.replicas) }} - - {{ printf "nats://foo:bar@%s-%d.%s:6222" $.Values.statefulSet.name $i $.Values.headlessService.name }} - {{- end }} -``` - -templates to the `nats.conf`: - -``` -{ - "cluster": { - "authorization": { - "password": "$2a$10$iPs.JbHVKFlFnE.NAN.jF.I1PNi72UycEE83TzyUd1rZsXfFQteQ6", - "user": "foo" - }, - "routes": [ - "nats://foo:bar@nats-0.nats-headless:6222", - "nats://foo:bar@nats-1.nats-headless:6222", - "nats://foo:bar@nats-2.nats-headless:6222" - ] - }, - "port": 4222, - ... -} +service: + name: + $tplYaml: >- + {{ include "nats.fullname" . }}-svc ``` ### NATS Config Units and Variables diff --git a/helm/charts/nats/files/config/cluster.yaml b/helm/charts/nats/files/config/cluster.yaml index 86b93733..a9b3dc17 100644 --- a/helm/charts/nats/files/config/cluster.yaml +++ b/helm/charts/nats/files/config/cluster.yaml @@ -4,8 +4,23 @@ port: {{ .port }} no_advertise: true routes: {{- $proto := ternary "tls" "nats" .tls.enabled }} +{{- $auth := "" }} +{{- if and .routeURLs.user .routeURLs.password }} + {{- $auth = printf "%s:%s@" (urlquery .routeURLs.user) (urlquery .routeURLs.password) -}} +{{- end }} +{{- $domain := $.Values.headlessService.name }} +{{- if .routeURLs.useFQDN }} + {{- $domain = printf "%s.%s.svc.%s" $domain $.Release.Namespace .routeURLs.k8sClusterDomain }} +{{- end }} +{{- $port := (int .port) }} {{- range $i, $_ := until (int .replicas) }} -- {{ printf "%s://%s-%d.%s:6222" $proto $.Values.statefulSet.name $i $.Values.headlessService.name }} +- {{ printf "%s://%s%s-%d.%s:%d" $proto $auth $.Values.statefulSet.name $i $domain $port }} +{{- end }} + +{{- if and .routeURLs.user .routeURLs.password }} +authorization: + user: {{ .routeURLs.user | quote }} + password: {{ .routeURLs.password | quote }} {{- end }} {{- with .tls }} diff --git a/helm/charts/nats/test/config_test.go b/helm/charts/nats/test/config_test.go index d0eed4d8..993f649c 100644 --- a/helm/charts/nats/test/config_test.go +++ b/helm/charts/nats/test/config_test.go @@ -144,6 +144,11 @@ config: cluster: enabled: true replicas: 2 + routeURLs: + user: foo + password: bar + useFQDN: true + k8sClusterDomain: foo.bar.local resolver: enabled: true dir: /mnt/resolver @@ -155,12 +160,16 @@ config: expected := DefaultResources(t, test) expected.Conf.Value["cluster"] = map[string]any{ + "authorization": map[string]any{ + "user": "foo", + "password": "bar", + }, "name": "nats", "no_advertise": true, "port": int64(6222), "routes": []any{ - "nats://nats-0.nats-headless:6222", - "nats://nats-1.nats-headless:6222", + "nats://foo:bar@nats-0.nats-headless.nats.svc.foo.bar.local:6222", + "nats://foo:bar@nats-1.nats-headless.nats.svc.foo.bar.local:6222", }, } expected.Conf.Value["jetstream"] = map[string]any{ @@ -214,7 +223,7 @@ config: ctr := &expected.StatefulSet.Value.Spec.Template.Spec.Containers[0] ctr.Env[1].Value = "test_$(POD_NAME)" - + ctr.VolumeMounts = append(ctr.VolumeMounts, corev1.VolumeMount{ MountPath: "/mnt", Name: test.FullName + "-js", diff --git a/helm/charts/nats/test/ports_test.go b/helm/charts/nats/test/ports_test.go index db5733bb..1bbf3c3a 100644 --- a/helm/charts/nats/test/ports_test.go +++ b/helm/charts/nats/test/ports_test.go @@ -111,9 +111,9 @@ service: "no_advertise": true, "port": int64(1005), "routes": []any{ - "nats://nats-0.nats-headless:6222", - "nats://nats-1.nats-headless:6222", - "nats://nats-2.nats-headless:6222", + "nats://nats-0.nats-headless:1005", + "nats://nats-1.nats-headless:1005", + "nats://nats-2.nats-headless:1005", }, } expected.Conf.Value["gateway"] = map[string]any{ diff --git a/helm/charts/nats/values.yaml b/helm/charts/nats/values.yaml index d77bd2a4..7fad0418 100644 --- a/helm/charts/nats/values.yaml +++ b/helm/charts/nats/values.yaml @@ -27,6 +27,16 @@ config: # must be 2 or higher when jetstream is enabled replicas: 3 + # apply to generated route URLs that connect to other pods in the StatefulSet + routeURLs: + # if both user and password are set, they will be added to route URLs + # and the cluster authorization block + user: + password: + # set to true to use FQDN in route URLs + useFQDN: false + k8sClusterDomain: cluster.local + tls: enabled: false # set secretName in order to mount an existing secret to dir