Merge pull request #1293 from ripienaar/generate_k8s

Adds a "server generate" bundle for kubernetes clusters

Author: ripienaar

cli/server_generate.go

@@ -1,4 +1,4 @@
-// Copyright 2024 The NATS Authors
+// Copyright 2024-2025 The NATS Authors
 // Licensed under the Apache License, Version 2.0 (the "License");
 // you may not use this file except in compliance with the License.
 // You may obtain a copy of the License at
@@ -113,6 +113,7 @@ func (c *serverGenerateCmd) pickEmbedded() error {
 	list := map[string]string{
 		"Development Super Cluster using Docker Compose": "fs:///natsbuilder",
 		"'nats auth' managed NATS Server configuration":  "fs:///operator",
+		"'nats auth' managed NATS Cluster in Kubernetes": "fs:///operatork8s",
 		"Synadia Cloud Leafnode Configuration":           "fs:///ngsleafnodeconfig",
 	}
 

cli/server_mapping_command.go

@@ -1,4 +1,4 @@
-// Copyright 2020-2024 The NATS Authors
+// Copyright 2020-2025 The NATS Authors
 // Licensed under the Apache License, Version 2.0 (the "License");
 // you may not use this file except in compliance with the License.
 // You may obtain a copy of the License at
@@ -80,6 +80,8 @@ func (c *SrvMappingCmd) mappingAction(_ *fisk.ParseContext) error {
 
 	fmt.Println("Enter subjects to test, empty subject terminates.")
 	fmt.Println()
+	fmt.Println("NOTE: This only tests mappings, it does not add them to the server")
+	fmt.Println()
 
 	for {
 		c.subj = ""

internal/scaffold/store/operatork8s/bundle.yaml

@@ -0,0 +1,6 @@
+description: Generates configuration for an operator based NATS Server managed by Kubernetes
+contact: https://github.com/nats-io/natscli/issues
+source: https://github.com/nats-io/natscli/
+version: 0.0.1
+requires:
+  operator: true

internal/scaffold/store/operatork8s/form.yaml

@@ -0,0 +1,73 @@
+name: nats-server.conf
+description: |
+  Operator Managed NATS Server for Kubernetes
+
+  This will guide you through a series of question to create a NATS Cluster
+  configuration managed by a NATS Operator using the nats Helm Chart.
+  
+  To use this an Operator should have been created using the "nats auth" command.
+
+  For more information about Decentralized Authentication please read:
+  
+    https://docs.nats.io/running-a-nats-service/configuration/securing_nats/auth_intro/jwt
+
+  For more information about the Helm chart please read:
+  
+    https://github.com/nats-io/k8s/tree/main/helm/charts/nats
+  
+  Deploy the resulting Cluster using helm:
+  
+    helm repo add nats https://nats-io.github.io/k8s/helm/charts/
+    helm upgrade --install nats nats/nats -f values.yaml
+
+  To access the cluster you can use kubectl:
+  
+    kubectl port-forward service/nats 4222
+  
+  Once set up you can create credentials and push your accounts.
+
+properties:
+  - name: replicas
+    description: How many server pods to start
+    type: integer
+    default: "3"
+
+  - name: streams
+    description: Enables JetStream in the cluster
+    type: bool
+    default: "true"
+
+  - name: jetstream
+    description: |
+      JetStream configuration
+      
+      We will now configure the NATS JetStream persistence layer. Setting the limits 
+      to -1 means a dynamic value will be chosen by the server at start. We strongly 
+      suggest setting specific limits.
+
+      See https://docs.nats.io/nats-concepts/jetstream for more information
+    conditional: "input.streams == true"
+    properties:
+      - name: storage
+        description: The maximum amount of PVC resources to allocate
+        help: Valid values look like '10Gi'
+        default: "10Gi"
+
+  - name: resolver
+    description: |
+      NATS Resolver Configuration
+      
+      We will now configure where the NATS Server will store account JWT files. 
+      JWT files are pushed to the server using 'nats auth account push' and 
+      describe the full configuration for each account.
+      
+      Every server in a cluster needs a resolver configuration.
+    properties:
+      - name: allow_delete
+        description: Should the server allow accounts to be deleted
+        default: "true"
+        type: bool
+      - name: limit
+        description: The maximum amount of accounts to allow
+        default: "1000"
+        type: integer

internal/scaffold/store/operatork8s/scaffold.json

@@ -0,0 +1 @@
+{}

internal/scaffold/store/operatork8s/scaffold/values.yaml

@@ -0,0 +1,25 @@
+natsBox:
+  enabled: false
+
+config:
+  cluster:
+    enabled: true
+    replicas: {{ .replicas }}
+  resolver:
+    enabled: true
+    merge:
+      type: full
+      interval: 2m
+      timeout: 1.9s
+{{ if .jetstream }}
+  jetstream:
+      enabled: true
+      fileStore:
+        pvc:
+          size: {{ .jetstream.storage }}
+  {{ end }}
+  merge:
+    operator: {{ .Requirements.Operator.JWT }}
+    system_account: {{ .Requirements.Operator.SystemAccount.Subject }}
+    resolver_preload:
+      SYS_ACCOUNT_ID: {{ .Requirements.Operator.SystemAccount.JWT }}