Skip to content

ZEISS/natz-operator

BranchesTags

Repository files navigation

Kubernetes Operator for NATS Accounting

Release Taylor Swift Volkswagen License

A Kubernetes operator for NATS accounting.

Open in GitHub Codespaces

Installation

Helm can be used to install the natz-operator to your Kubernetes cluster.

helm repo add natz-operator https://zeiss.github.io/natz-operator/helm/charts
helm repo update
helm search repo natz-operator

Usage

There are three custom account resources that can be used to configure the operator.

  • NatsOperator
  • NatsAccount
  • NatsUser
  • NatsConfiguration
  • NatsGateway

These can be configured with NatsKey to provide a private key and additional signing keys for the operator and accounts.

Creating the operator for the NATS accounting.

apiVersion: natz.zeiss.com/v1alpha1
kind: NatsKey
metadata:
  name: natsoperator-sample-private-key
spec:
  type: Operator
---
apiVersion: natz.zeiss.com/v1alpha1
kind: NatsKey
metadata:
  name: natsoperator-demo-signing-key
spec:
  type: Operator
---
apiVersion: natz.zeiss.com/v1alpha1
kind: NatsOperator
metadata:
  name: natsoperator-sample
spec:
  privateKey:
    name: natsoperator-sample-private-key
  signingKeys:
    - name: natsoperator-demo-signing-key

Creating the system account for the operator.

apiVersion: natz.zeiss.com/v1alpha1
kind: NatsKey
metadata:
  name: natsoperator-system-private-key
spec:
  type: Account
---
apiVersion: natz.zeiss.com/v1alpha1
kind: NatsKey
metadata:
  name: natsoperator-system-signing-key
spec:
  type: Account
---
apiVersion: natz.zeiss.com/v1alpha1
kind: NatsAccount
metadata:
  name: natsoperator-system
spec:
  signerKeyRef:
    name: natsoperator-sample-private-key
  privateKey:
    name: natsoperator-system-private-key
  signingKeys:
    - name: natsoperator-system-signing-key
  exports:
    - name: account-monitoring-services
      subject: $SYS.REQ.ACCOUNT.*.*
      type: 2
      response_type: Stream
      account_token_position: 4
      description: "Request account specific monitoring services for: SUBSZ, CONNZ, LEAFZ, JSZ and INFO"
      info_url: "https://docs.nats.io/nats-server/configuration/sys_accounts"
    - name: account-monitoring-streams
      subject: $SYS.ACCOUNT.*.>"
      type: 1
      account_token_position: 3
      description: "Account specific monitoring stream"
      info_url: "https://docs.nats.io/nats-server/configuration/sys_accounts"
  limits:
    exports: -1
    imports: -1
    subs: -1
    payload: -1
    data: -1
    conn: -1
    wildcards: true
    disallow_bearer: true

Creating a user account.

apiVersion: natz.zeiss.com/v1alpha1
kind: NatsUser
metadata:
  name: knative-eventing-user
spec:
  accountRef:
    namespace: default
    name: knative-eventing-account
  limits:
    payload: -1
    subs: -1
    data: -1

NATS Configuration

The NATS configuration can be created using the following configuration.

apiVersion: natz.zeiss.com/v1alpha1
kind: NatsConfig
metadata:
  name: nats-default-config
spec:
  operatorRef:
    name: natsoperator-sample
  systemAccountRef:
    name: natsoperator-system

This creates a new ConfigMap with the NATS configuration. This configuration can be merged with the NATS operator configuration.

Gateways

NATS gateways can be created using the following configuration.

⚠️ do not store passwords in the YAMl configuration files.

apiVersion: v1
kind: Secret
metadata:
  name: gateway-north-secret
data:
  username: demo
  password: NjJlYjE2NWMwNzBhNDFkNWMxYjU4ZDlkM2Q3MjVjYTE=
---
apiVersion: natz.zeiss.com/v1alpha1
kind: NatsGateway
metadata:
  name: harry
spec:
  url: nats://nats.north:4222
  username:
    secretKeyRef:
      key: username
      name: gateway-north-secret
  password:
    secretKeyRef:
      key: password
      name: gateway-north-secret

NATS Operator

In order to create a configuration for the NATS operator, you can use the following configuration.

apiVersion: natz.zeiss.com/v1alpha1
kind: NatsConfig
metadata:
  name: nats-default-config
spec:
  operatorRef:
    name: natsoperator-sample
  systemAccountRef:
    name: natsoperator-system

The operator can be integrated with the NATS operator.

config:
  jetstream:
    enabled: true
    fileStore:
      pvc:
        size: 2Gi
  resolver:
    enabled: true
    merge:
      type: full
      interval: "2m"
      timeout: "1.9s"
  merge:
    00$include: "../custom-auth/auth.conf"
    debug: true
container:
  patch:
    - op: add
      path: "/volumeMounts/-"
      value:
        name: auth-config
        mountPath: "/etc/custom-auth"
statefulSet:
  patch:
    - op: add
      path: /spec/template/spec/volumes/-
      value:
        name: auth-config
        configMap:
          name: nats-default-configs

Development

You can use minikube to test the operator.

minikube start

The operator can be built and tested using the following commands.

make generate
make install

Then you can start the operator using the following command.

make up

License

Apache 2.0

About

An operator to setup NATS accounting

zeiss.github.io/natz-operator/

Topics

golang nats operator k8s

Resources

Readme

License

Apache-2.0 license
Activity
Custom properties

Stars

0 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases 26

natz-operator-1.0.0-beta.1 Latest
Dec 18, 2024
+ 25 releases

Packages

 
 
 

Contributors 3

  •  
  •  
  •  

Languages