Skip to content

Commit

Permalink
build(repo): Add DNS/TLS for Nats on helmchart
Browse files Browse the repository at this point in the history
  • Loading branch information
@pedronauck
pedronauck committed Dec 17, 2024
1 parent 86db991 commit 7169f19
Show file tree
Hide file tree
Showing 12 changed files with 226 additions and 222 deletions.
2 changes: 1 addition & 1 deletion cluster/charts/fuel-streams/Chart.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,7 @@ apiVersion: v2
appVersion: "1.0"
description: A Helm chart for Kubernetes
name: fuel-streams
version: 0.4.10
version: 0.5.0
dependencies:
- name: nats
version: 1.2.6
Expand Down
51 changes: 51 additions & 0 deletions cluster/charts/fuel-streams/templates/_blocks.tpl
View file
Original file line number Diff line number Diff line change
Expand Up @@ -57,4 +57,55 @@ readinessProbe:
startupProbe:
{{- include "merge" (dict "context" .context "service" .service "defaultKey" "startupProbe" "path" "config.startupProbe") | nindent 2 }}
{{- end }}
{{- end }}

{{/*
Configure NATS StatefulSet with accounts configuration volume.
Parameters:
- context: Root context for accessing global values (optional, defaults to root context)
- replicas: Number of replicas for the StatefulSet (optional)
Returns: StatefulSet spec configuration with accounts volume mounted from ConfigMap
Example:
{{- include "nats-statefulset-accounts" (dict "context" . "replicas" 3) | nindent 8 }}
*/}}
{{- define "nats-statefulset-accounts" -}}
{{- $context := .context | default . }}
spec:
{{- if .replicas }}
replicas: {{ .replicas }}
{{- end }}
template:
spec:
volumes:
- name: nats-accounts
configMap:
name: {{ include "fuel-streams.fullname" $context }}-nats-accounts
{{- end }}

{{/*
Configure NATS container volume mounts for accounts.
Parameters:
- None
Returns: Volume mount configuration for NATS accounts
Example:
{{- include "nats-container-volume-mounts" . | nindent 8 }}
*/}}
{{- define "nats-container-volume-mounts" -}}
- name: nats-accounts
mountPath: /etc/nats-accounts
{{- end }}

{{/*
Configure NATS container envFrom settings.
Parameters:
- None
Returns: EnvFrom configuration for NATS
Example:
{{- include "nats-container-env-from" . | nindent 8 }}
*/}}
{{- define "nats-container-env-from" -}}
{{- $context := .context | default . }}
- secretRef:
name: {{ include "fuel-streams.fullname" $context }}-nats-accounts
optional: true
{{- end }}
31 changes: 24 additions & 7 deletions cluster/charts/fuel-streams/templates/_helpers.tpl
View file
Original file line number Diff line number Diff line change
Expand Up @@ -49,26 +49,43 @@ Includes:
- Selector labels (app name and instance)
- App version (if defined)
- Managed-by label indicating Helm management
Parameters:
- name: Optional custom name to use instead of the default name
- .: Full context (passed automatically or as "context")
Returns: Map - A set of key-value pairs representing Kubernetes labels
Example:
{{- include "fuel-streams.labels" . }}
# Or with custom name:
{{- include "fuel-streams.labels" (dict "name" "custom-name" "context" $) }}
*/}}
{{- define "fuel-streams.labels" -}}
helm.sh/chart: {{ include "fuel-streams.chart" . }}
{{ include "fuel-streams.selectorLabels" . }}
{{- if .Chart.AppVersion }}
app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
{{- $context := default . .context -}}
helm.sh/chart: {{ include "fuel-streams.chart" $context }}
{{ include "fuel-streams.selectorLabels" (dict "name" .name "context" $context) }}
{{- if $context.Chart.AppVersion }}
app.kubernetes.io/version: {{ $context.Chart.AppVersion | quote }}
{{- end }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
app.kubernetes.io/managed-by: {{ $context.Release.Service }}
{{- end }}

{{/*
Selector labels
Core identifying labels used for object selection and service discovery.
These labels should be used consistently across all related resources.
Parameters:
- name: Optional custom name to use instead of the default name
- .: Full context (passed automatically or as "context")
Returns: Map - A set of key-value pairs for Kubernetes selector labels
Example:
{{- include "fuel-streams.selectorLabels" . }}
# Or with custom name:
{{- include "fuel-streams.selectorLabels" (dict "name" "custom-name" "context" $) }}
*/}}
{{- define "fuel-streams.selectorLabels" -}}
app.kubernetes.io/name: {{ include "fuel-streams.name" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
{{- $context := default . .context -}}
{{- $name := default (include "fuel-streams.name" $context) .name -}}
app.kubernetes.io/name: {{ $name }}
app.kubernetes.io/instance: {{ $context.Release.Name }}
{{- end }}

{{/*
Expand Down
3 changes: 1 addition & 2 deletions cluster/charts/fuel-streams/templates/_hpa.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -9,8 +9,7 @@ kind: HorizontalPodAutoscaler
metadata:
{{- include "k8s.metadata" (dict "context" $context "suffix" (printf "-%s" $service.name)) | nindent 2 }}
labels:
{{- include "fuel-streams.labels" $context | nindent 4 }}
app.kubernetes.io/component: {{ $service.name }}
{{- include "fuel-streams.labels" (dict "name" $service.name "context" $context) | nindent 4 }}
spec:
scaleTargetRef:
apiVersion: apps/v1
Expand Down
11 changes: 3 additions & 8 deletions cluster/charts/fuel-streams/templates/consumer/statefulset.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -7,28 +7,24 @@ metadata:
annotations:
{{- include "set-value" (dict "context" $consumer "path" "config.annotations") | nindent 4 }}
labels:
{{- include "fuel-streams.labels" . | nindent 4 }}
{{- include "fuel-streams.labels" (dict "name" "consumer" "context" .) | nindent 4 }}
{{- include "set-value" (dict "context" $consumer "path" "config.labels") | nindent 4 }}
app.kubernetes.io/component: consumer
spec:
serviceName: {{ include "fuel-streams.fullname" . }}-consumer
{{- if not $consumer.autoscaling.enabled }}
replicas: {{ $consumer.config.replicaCount }}
{{- end }}
selector:
matchLabels:
{{- include "fuel-streams.selectorLabels" . | nindent 6 }}
{{- include "set-value" (dict "context" $consumer "path" "config.selectorLabels") | nindent 6 }}
app.kubernetes.io/component: consumer
{{- include "fuel-streams.selectorLabels" (dict "name" "consumer" "context" .) | nindent 6 }}

template:
metadata:
annotations:
{{- include "set-value" (dict "context" $consumer "path" "config.podAnnotations") | nindent 8 }}
labels:
{{- include "fuel-streams.selectorLabels" . | nindent 8 }}
{{- include "fuel-streams.labels" (dict "name" "consumer" "context" .) | nindent 8 }}
{{- include "set-value" (dict "context" $consumer "path" "config.labels") | nindent 8 }}
app.kubernetes.io/component: consumer

spec:
{{- if .Values.serviceAccount.create }}
Expand Down Expand Up @@ -79,6 +75,5 @@ spec:
{{- toYaml . | nindent 12 }}
{{- end }}


{{- include "k8s.hpa" (dict "context" . "service" (dict "name" "consumer" "autoscaling" $consumer.autoscaling)) }}
{{- end }}
49 changes: 27 additions & 22 deletions cluster/charts/fuel-streams/templates/nats/certificate.yaml
View file
Original file line number Diff line number Diff line change
@@ -1,23 +1,48 @@
{{- $cert := .Values.natsExternalService.certificate}}
{{- $service := .Values.natsExternalService.service }}
{{- if and .Values.natsExternalService.enabled $service.dns }}
apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
{{- include "k8s.metadata" (dict "context" . "suffix" "-nats-cert") | nindent 2 }}
annotations:
{{- include "set-value" (dict "context" $cert "path" "annotations") | nindent 4 }}
labels:
{{- include "fuel-streams.labels" (dict "name" "nats-client" "context" .) | nindent 4 }}
{{- include "set-value" (dict "context" $cert "path" "labels") | nindent 4 }}
app.kubernetes.io/component: nats
spec:
secretName: {{ include "fuel-streams.fullname" . }}-nats-tls
duration: {{ $cert.duration }}
renewBefore: {{ $cert.renewBefore }}
dnsNames:
- {{ $service.dns }}
issuerRef:
name: {{ $cert.issuer }}
kind: ClusterIssuer
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
{{- include "k8s.metadata" (dict "context" . "suffix" "-nats-cert-validator") | nindent 2 }}
labels:
{{- include "fuel-streams.labels" . | nindent 4 }}
{{- include "fuel-streams.labels" (dict "name" "nats-client" "context" .) | nindent 4 }}
{{- include "set-value" (dict "context" $cert "path" "labels") | nindent 4 }}
app.kubernetes.io/service: external-ws
app.kubernetes.io/component: nats
annotations:
cert-manager.io/cluster-issuer: {{ $cert.issuer }}
kubernetes.io/ingress.class: nginx
acme.cert-manager.io/http01-ingress-class: nginx
nginx.ingress.kubernetes.io/ssl-redirect: "false"
nginx.ingress.kubernetes.io/force-ssl-redirect: "false"
cert-manager.io/common-name: {{ $service.dns }}
{{- include "set-value" (dict "context" $cert "path" "annotations") | nindent 4 }}
spec:
ingressClassName: nginx
tls:
- hosts:
- {{ $service.dns }}
secretName: {{ include "fuel-streams.fullname" . }}-nats-tls
rules:
- host: {{ $service.dns }}
http:
Expand All @@ -29,24 +54,4 @@ spec:
name: cm-acme-http-solver
port:
number: 8089
---
apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
{{- include "k8s.metadata" (dict "context" . "suffix" "-nats-cert") | nindent 2 }}
labels:
{{- include "fuel-streams.labels" . | nindent 4 }}
{{- include "set-value" (dict "context" $cert "path" "labels") | nindent 4 }}
app.kubernetes.io/service: external-ws
annotations:
{{- include "set-value" (dict "context" $cert "path" "annotations") | nindent 4 }}
spec:
secretName: {{ include "fuel-streams.fullname" . }}-nats-tls
duration: {{ $cert.duration }}
renewBefore: {{ $cert.renewBefore }}
dnsNames:
- {{ $service.dns }}
issuerRef:
name: {{ $cert.issuer }}
kind: ClusterIssuer
{{- end }}
21 changes: 8 additions & 13 deletions cluster/charts/fuel-streams/templates/nats/external-service.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3,13 +3,9 @@
apiVersion: v1
kind: Service
metadata:
{{- include "k8s.metadata" (dict "context" . "suffix" "-nats-external") | nindent 2 }}
labels:
{{- include "fuel-streams.labels" . | nindent 4 }}
{{- include "set-value" (dict "context" $service "path" "labels") | nindent 4 }}
app.kubernetes.io/service: external-ws
{{- include "k8s.metadata" (dict "context" . "suffix" "-nats-client-nlb") | nindent 2 }}
annotations:
external-dns.alpha.kubernetes.io/hostname: {{ $service.dns | quote }}
external-dns.alpha.kubernetes.io/hostname: {{ $service.dns }}
external-dns.alpha.kubernetes.io/cloudflare-proxied: "false"
service.beta.kubernetes.io/aws-load-balancer-attributes: load_balancing.cross_zone.enabled=true
service.beta.kubernetes.io/aws-load-balancer-backend-protocol: tcp
Expand All @@ -19,15 +15,15 @@ metadata:
service.beta.kubernetes.io/aws-load-balancer-type: external
service.beta.kubernetes.io/aws-load-balancer-additional-resource-tags: "WebSocket=true"
{{- include "set-value" (dict "context" $service "path" "annotations") | nindent 2 }}
labels:
{{- include "fuel-streams.labels" (dict "name" "nats-client" "context" .) | nindent 4 }}
{{- include "set-value" (dict "context" $service "path" "labels") | nindent 4 }}
app.kubernetes.io/component: nats
spec:
type: LoadBalancer
loadBalancerClass: service.k8s.aws/nlb
externalTrafficPolicy: Local
ports:
- name: http-acme
port: 80
targetPort: 8089
protocol: TCP
- appProtocol: tcp
name: nats
port: 4222
Expand All @@ -39,7 +35,6 @@ spec:
protocol: TCP
targetPort: websocket
selector:
{{- include "fuel-streams.selectorLabels" . | nindent 4 }}
app.kubernetes.io/service: external-ws
{{- include "fuel-streams.selectorLabels" (dict "name" "nats-client" "context" .) | nindent 4 }}
app.kubernetes.io/component: nats
{{- end }}

10 changes: 3 additions & 7 deletions cluster/charts/fuel-streams/templates/publisher/statefulset.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -7,28 +7,24 @@ metadata:
annotations:
{{- include "set-value" (dict "context" $publisher "path" "config.annotations") | nindent 4 }}
labels:
{{- include "fuel-streams.labels" . | nindent 4 }}
{{- include "fuel-streams.labels" (dict "name" "publisher" "context" .) | nindent 4 }}
{{- include "set-value" (dict "context" $publisher "path" "config.labels") | nindent 4 }}
app.kubernetes.io/component: publisher
spec:
serviceName: {{ include "fuel-streams.fullname" . }}-publisher
{{- if not $publisher.autoscaling.enabled }}
replicas: {{ $publisher.replicas }}
{{- end }}
selector:
matchLabels:
{{- include "fuel-streams.selectorLabels" . | nindent 6 }}
{{- include "set-value" (dict "context" $publisher "path" "config.selectorLabels") | nindent 6 }}
app.kubernetes.io/component: publisher
{{- include "fuel-streams.selectorLabels" (dict "name" "publisher" "context" .) | nindent 6 }}

template:
metadata:
annotations:
{{- include "set-value" (dict "context" $publisher "path" "config.podAnnotations") | nindent 8 }}
labels:
{{- include "fuel-streams.selectorLabels" . | nindent 8 }}
{{- include "fuel-streams.labels" (dict "name" "publisher" "context" .) | nindent 8 }}
{{- include "set-value" (dict "context" $publisher "path" "config.labels") | nindent 8 }}
app.kubernetes.io/component: publisher

spec:
{{- if .Values.serviceAccount.create }}
Expand Down
4 changes: 3 additions & 1 deletion cluster/charts/fuel-streams/templates/secret-creator.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,7 @@ kind: Role
metadata:
{{- include "k8s.metadata" (dict "context" . "suffix" "-secret-creator") | nindent 2 }}
labels:
{{- include "fuel-streams.labels" . | nindent 2 }}
{{- include "fuel-streams.labels" (dict "name" "secret-creator" "context" .) | nindent 2 }}
rules:
- apiGroups: [""] # "" indicates the core API group
resources: ["pods"]
Expand All @@ -20,6 +20,8 @@ apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
{{- include "k8s.metadata" (dict "context" . "suffix" "-secret-creator") | nindent 2 }}
labels:
{{- include "fuel-streams.labels" (dict "name" "secret-creator" "context" .) | nindent 2 }}
subjects:
- kind: ServiceAccount
name: {{ include "fuel-streams.serviceAccountName" . }}
Expand Down
2 changes: 1 addition & 1 deletion cluster/charts/fuel-streams/templates/service-account.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4,6 +4,6 @@ kind: ServiceAccount
metadata:
{{- include "k8s.metadata" (dict "context" . "suffix" "-service-account") | nindent 2 }}
labels:
{{- include "fuel-streams.labels" . | nindent 4 }}
{{- include "fuel-streams.labels" (dict "name" "service-account" "context" .) | nindent 4 }}
automountServiceAccountToken: {{ .Values.serviceAccount.automount }}
{{- end -}}
14 changes: 3 additions & 11 deletions cluster/charts/fuel-streams/templates/webserver/deployment.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -7,31 +7,23 @@ metadata:
annotations:
{{- include "set-value" (dict "context" $webserver "path" "config.annotations") | nindent 4 }}
labels:
{{- include "fuel-streams.labels" . | nindent 4 }}
{{- include "fuel-streams.labels" (dict "name" "webserver" "context" .) | nindent 4 }}
{{- include "set-value" (dict "context" $webserver "path" "config.labels") | nindent 4 }}
app.kubernetes.io/component: webserver
app.kubernetes.io/service: external-ws

spec:
{{- if not $webserver.autoscaling.enabled }}
replicas: {{ $webserver.config.replicaCount }}
{{- end }}
selector:
matchLabels:
{{- include "fuel-streams.selectorLabels" . | nindent 6 }}
{{- include "set-value" (dict "context" $webserver "path" "config.selectorLabels") | nindent 6 }}
app.kubernetes.io/component: webserver
app.kubernetes.io/service: external-ws
{{- include "fuel-streams.selectorLabels" (dict "name" "webserver" "context" .) | nindent 6 }}

template:
metadata:
annotations:
{{- include "set-value" (dict "context" $webserver "path" "config.podAnnotations") | nindent 8 }}
labels:
{{- include "fuel-streams.selectorLabels" . | nindent 8 }}
{{- include "fuel-streams.labels" (dict "name" "webserver" "context" .) | nindent 8 }}
{{- include "set-value" (dict "context" $webserver "path" "config.labels") | nindent 8 }}
app.kubernetes.io/component: webserver
app.kubernetes.io/service: external-ws

spec:
{{- if .Values.serviceAccount.create }}
Expand Down
Loading

0 comments on commit 7169f19

Please sign in to comment.