diff --git a/charts/testkube-enterprise/Chart.lock b/charts/testkube-enterprise/Chart.lock index 3939f229d..d37654e7f 100644 --- a/charts/testkube-enterprise/Chart.lock +++ b/charts/testkube-enterprise/Chart.lock @@ -21,10 +21,10 @@ dependencies: repository: https://charts.bitnami.com/bitnami version: 15.6.16 - name: nats - repository: https://nats-io.github.io/k8s/helm/charts/ - version: 1.2.6 + repository: file://./charts/nats + version: 1.2.6-1 - name: minio repository: https://charts.bitnami.com/bitnami version: 14.7.0 -digest: sha256:ee2cf81d011858957a838c3c19f0123ff859797ea8af7abb7baf9d9cfb1685dc -generated: "2024-10-28T19:18:28.108028+01:00" +digest: sha256:85c2bb96725dd2eca17c2bb68a296f2ae2660c8eb782ffca65d9c1c9a7dbe67a +generated: "2024-10-30T20:09:13.077375+01:00" diff --git a/charts/testkube-enterprise/Chart.yaml b/charts/testkube-enterprise/Chart.yaml index 7d5656287..ba6ca009c 100644 --- a/charts/testkube-enterprise/Chart.yaml +++ b/charts/testkube-enterprise/Chart.yaml @@ -30,9 +30,9 @@ dependencies: repository: https://charts.bitnami.com/bitnami condition: mongodb.enabled - name: nats - version: 1.2.6 - repository: https://nats-io.github.io/k8s/helm/charts/ - condition: nats.enabled + condition: testkube-api.nats.enabled + version: 1.2.6-1 + repository: "file://./charts/nats" - name: minio version: 14.7.0 repository: https://charts.bitnami.com/bitnami diff --git a/charts/testkube-enterprise/charts/nats/.helmignore b/charts/testkube-enterprise/charts/nats/.helmignore new file mode 100644 index 000000000..240dfde2a --- /dev/null +++ b/charts/testkube-enterprise/charts/nats/.helmignore @@ -0,0 +1,26 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*.orig +*~ +# Various IDEs +.project +.idea/ +*.tmproj +.vscode/ + +# template tests +/test diff --git a/charts/testkube-enterprise/charts/nats/Chart.yaml b/charts/testkube-enterprise/charts/nats/Chart.yaml new file mode 100644 index 000000000..87361de0b --- /dev/null +++ b/charts/testkube-enterprise/charts/nats/Chart.yaml @@ -0,0 +1,15 @@ +apiVersion: v2 +appVersion: 2.10.22 +description: A Helm chart for the NATS.io High Speed Cloud Native Distributed Communications Technology. +name: nats +keywords: +- nats +- messaging +- cncf +version: 1.2.6-1 +home: http://github.com/nats-io/k8s +maintainers: +- email: info@nats.io + name: The NATS Authors + url: https://github.com/nats-io +icon: https://nats.io/img/nats-icon-color.png diff --git a/charts/testkube-enterprise/charts/nats/README.md b/charts/testkube-enterprise/charts/nats/README.md new file mode 100644 index 000000000..0916999df --- /dev/null +++ b/charts/testkube-enterprise/charts/nats/README.md @@ -0,0 +1,329 @@ +# NATS Server + +--- + +[NATS](https://nats.io) is a simple, secure and performant communications system for digital systems, services and devices. +NATS is part of the Cloud Native Computing Foundation ([CNCF](https://cncf.io)). +NATS has over [30 client language implementations](https://nats.io/download/), and its server can run on-premise, in the cloud, at the edge, and even on a Raspberry Pi. +NATS can secure and simplify design and operation of modern distributed systems. + +```shell +helm repo add nats https://nats-io.github.io/k8s/helm/charts/ +helm upgrade --install nats nats/nats +``` + +## Upgrade Nodes + +- **Upgrading from 0.x**: The `values.yaml` schema changed significantly from 0.x to 1.x. Read [UPGRADING.md](UPGRADING.md) for instructions on upgrading a 0.x release to 1.x. + +## Values + +There are a handful of explicitly defined options which are documented with comments in the [values.yaml](values.yaml) file. + +Everything in the NATS Config or Kubernetes Resources can be overridden by `merge` and `patch`, which is supported for the following values: + +| key | type | enabled by default | +|----------------------------------|-----------------------------------------------------------------------------------------------------------------------------|-----------------------------------------| +| `config` | [NATS Config](https://docs.nats.io/running-a-nats-service/configuration) | yes | +| `config.cluster` | [NATS Cluster](https://docs.nats.io/running-a-nats-service/configuration/clustering/cluster_config) | no | +| `config.cluster.tls` | [NATS TLS](https://docs.nats.io/running-a-nats-service/configuration/securing_nats/tls) | no | +| `config.jetstream` | [NATS JetStream](https://docs.nats.io/running-a-nats-service/configuration#jetstream) | no | +| `config.jetstream.fileStore.pvc` | [k8s PVC](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.24/#persistentvolumeclaim-v1-core) | yes, when `config.jetstream` is enabled | +| `config.nats.tls` | [NATS TLS](https://docs.nats.io/running-a-nats-service/configuration/securing_nats/tls) | no | +| `config.leafnodes` | [NATS LeafNodes](https://docs.nats.io/running-a-nats-service/configuration/leafnodes/leafnode_conf) | no | +| `config.leafnodes.tls` | [NATS TLS](https://docs.nats.io/running-a-nats-service/configuration/securing_nats/tls) | no | +| `config.websocket` | [NATS WebSocket](https://docs.nats.io/running-a-nats-service/configuration/websocket/websocket_conf) | no | +| `config.websocket.tls` | [NATS TLS](https://docs.nats.io/running-a-nats-service/configuration/securing_nats/tls) | no | +| `config.websocket.ingress` | [k8s Ingress](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.24/#ingress-v1-networking-k8s-io) | no | +| `config.mqtt` | [NATS MQTT](https://docs.nats.io/running-a-nats-service/configuration/mqtt/mqtt_config) | no | +| `config.mqtt.tls` | [NATS TLS](https://docs.nats.io/running-a-nats-service/configuration/securing_nats/tls) | no | +| `config.gateway` | [NATS Gateway](https://docs.nats.io/running-a-nats-service/configuration/gateways/gateway#gateway-configuration-block) | no | +| `config.gateway.tls` | [NATS TLS](https://docs.nats.io/running-a-nats-service/configuration/securing_nats/tls) | no | +| `config.resolver` | [NATS Resolver](https://docs.nats.io/running-a-nats-service/configuration/securing_nats/auth_intro/jwt/resolver) | no | +| `config.resolver.pvc` | [k8s PVC](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.24/#persistentvolumeclaim-v1-core) | yes, when `config.resolver` is enabled | +| `container` | nats [k8s Container](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.24/#container-v1-core) | yes | +| `reloader` | config reloader [k8s Container](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.24/#container-v1-core) | yes | +| `promExporter` | prometheus exporter [k8s Container](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.24/#container-v1-core) | no | +| `promExporter.podMonitor` | [prometheus PodMonitor](https://prometheus-operator.dev/docs/operator/api/#monitoring.coreos.com/v1.PodMonitor) | no | +| `service` | [k8s Service](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.24/#service-v1-core) | yes | +| `statefulSet` | [k8s StatefulSet](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.24/#statefulset-v1-apps) | yes | +| `podTemplate` | [k8s PodTemplate](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.24/#pod-v1-core) | yes | +| `headlessService` | [k8s Service](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.24/#service-v1-core) | yes | +| `configMap` | [k8s ConfigMap](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.24/#configmap-v1-core) | yes | +| `natsBox.contexts.default` | [NATS Context](https://docs.nats.io/using-nats/nats-tools/nats_cli#nats-contexts) | yes | +| `natsBox.contexts.[name]` | [NATS Context](https://docs.nats.io/using-nats/nats-tools/nats_cli#nats-contexts) | no | +| `natsBox.container` | nats-box [k8s Container](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.24/#container-v1-core) | yes | +| `natsBox.deployment` | [k8s Deployment](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.24/#deployment-v1-apps) | yes | +| `natsBox.podTemplate` | [k8s PodTemplate](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.24/#pod-v1-core) | yes | +| `natsBox.contextsSecret` | [k8s Secret](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.24/#secret-v1-core) | yes | +| `natsBox.contentsSecret` | [k8s Secret](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.24/#secret-v1-core) | yes | + +### Merge + +Merging is performed using the Helm `merge` function. Example - add NATS accounts and container resources: + +```yaml +config: + merge: + accounts: + A: + users: + - {user: a, password: a} + B: + users: + - {user: b, password: b} +natsBox: + contexts: + a: + merge: {user: a, password: a} + b: + merge: {user: b, password: b} + defaultContextName: a +``` + +## Patch + +Patching is performed using [JSON Patch](https://jsonpatch.com/). Example - add additional route to end of route list: + +```yaml +config: + cluster: + enabled: true + patch: + - op: add + path: /routes/- + value: nats://demo.nats.io:6222 +``` + +## Common Configurations + +### JetStream Cluster on 3 separate hosts + +```yaml +config: + cluster: + enabled: true + replicas: 3 + jetstream: + enabled: true + fileStore: + pvc: + size: 10Gi + +podTemplate: + topologySpreadConstraints: + kubernetes.io/hostname: + maxSkew: 1 + whenUnsatisfiable: DoNotSchedule +``` + +### NATS Container Resources + +```yaml +container: + env: + # different from k8s units, suffix must be B, KiB, MiB, GiB, or TiB + # should be ~90% of memory limit + GOMEMLIMIT: 7GiB + merge: + # recommended limit is at least 2 CPU cores and 8Gi Memory for production JetStream clusters + resources: + requests: + cpu: "2" + memory: 8Gi + limits: + cpu: "2" + memory: 8Gi +``` + +### Specify Image Version + +```yaml +container: + image: + tag: x.y.z-alpine +``` + +### Operator Mode with NATS Resolver + +Run `nsc generate config --nats-resolver` and replace the `OPERATOR_JWT`, `SYS_ACCOUNT_ID`, and `SYS_ACCOUNT_JWT` with your values. +Make sure that you do not include the trailing `,` in the `SYS_ACCOUNT_JWT`. + +``` +config: + resolver: + enabled: true + merge: + type: full + interval: 2m + timeout: 1.9s + merge: + operator: OPERATOR_JWT + system_account: SYS_ACCOUNT_ID + resolver_preload: + SYS_ACCOUNT_ID: SYS_ACCOUNT_JWT +``` + + +## Accessing NATS + +The chart contains 2 services by default, `service` and `headlessService`. + +### `service` + +The `service` is intended to be accessed by NATS Clients. It is a `ClusterIP` service by default, however it can easily be changed to a different service type. + +The `nats`, `websocket`, `leafnodes`, and `mqtt` ports will be exposed through this service by default if they are enabled. + +Example: change this service type to a `LoadBalancer`: + +```yaml +service: + merge: + spec: + type: LoadBalancer +``` + +### `headlessService` + +The `headlessService` is used for NATS Servers in the Stateful Set to discover one another. It is primarily intended to be used for Cluster Route connections. + +### TLS Considerations + +The TLS Certificate used for Client Connections should have a SAN covering DNS Name that clients access the `service` at. + +The TLS Certificate used for Cluster Route Connections should have a SAN covering the DNS Name that routes access each other on the `headlessService` at. This is `*.` by default. + +## Advanced Features + +### Templating Values + +Anything in `values.yaml` can be templated: + +- maps matching the following syntax will be templated and parsed as YAML: + ```yaml + $tplYaml: | + yaml template + ``` +- maps matching the follow syntax will be templated, parsed as YAML, and spread into the parent map/slice + ```yaml + $tplYamlSpread: | + yaml template + ``` + +Example - change service name: + +```yaml +service: + name: + $tplYaml: >- + {{ include "nats.fullname" . }}-svc +``` + +### NATS Config Units and Variables + +NATS configuration extends JSON, and can represent Units and Variables. They must be wrapped in `<< >>` in order to template correctly. Example: + +```yaml +config: + merge: + authorization: + # variable + token: << $TOKEN >> + # units + max_payload: << 2MB >> +``` + +templates to the `nats.conf`: + +``` +{ + "authorization": { + "token": $TOKEN + }, + "max_payload": 2MB, + "port": 4222, + ... +} +``` + +### NATS Config Includes + +Any NATS Config key ending in `$include` will be replaced with an include directive. Included files should be in paths relative to `/etc/nats-config`. Multiple `$include` keys are supported by using a prefix, and will be sorted alphabetically. Example: + +```yaml +config: + merge: + 00$include: auth.conf + 01$include: params.conf +configMap: + merge: + data: + auth.conf: | + accounts: { + A: { + users: [ + {user: a, password: a} + ] + }, + B: { + users: [ + {user: b, password: b} + ] + }, + } + params.conf: | + max_payload: 2MB +``` + +templates to the `nats.conf`: + +``` +include auth.conf; +"port": 4222, +... +include params.conf; +``` + +### Extra Resources + +Enables adding additional arbitrary resources. Example - expose WebSocket via VirtualService in Istio: + +```yaml +config: + websocket: + enabled: true +extraResources: +- apiVersion: networking.istio.io/v1beta1 + kind: VirtualService + metadata: + namespace: + $tplYamlSpread: > + {{ include "nats.metadataNamespace" $ }} + name: + $tplYaml: > + {{ include "nats.fullname" $ | quote }} + labels: + $tplYaml: | + {{ include "nats.labels" $ }} + spec: + hosts: + - demo.nats.io + gateways: + - my-gateway + http: + - name: default + match: + - name: root + uri: + exact: / + route: + - destination: + host: + $tplYaml: > + {{ .Values.service.name | quote }} + port: + number: + $tplYaml: > + {{ .Values.config.websocket.port }} +``` diff --git a/charts/testkube-enterprise/charts/nats/UPGRADING.md b/charts/testkube-enterprise/charts/nats/UPGRADING.md new file mode 100644 index 000000000..9cc177991 --- /dev/null +++ b/charts/testkube-enterprise/charts/nats/UPGRADING.md @@ -0,0 +1,155 @@ +# Upgrading from 0.x to 1.x + +Instructions for upgrading an existing `nats` 0.x release to 1.x. + +## Rename Immutable Fields + +There are a number of immutable fields in the NATS Stateful Set and NATS Box deployment. All 1.x `values.yaml` files targeting an existing 0.x release will require some or all of these settings: + +```yaml +config: + # required if using JetStream file storage + jetstream: + # uncomment the next line if using JetStream file storage + # enabled: true + fileStore: + pvc: + name: + $tplYaml: >- + {{ include "nats.fullname" . }}-js-pvc + # set other PVC options here to make it match 0.x, refer to values.yaml for schema + + # required if using a full or cache resolver + resolver: + # uncomment the next line if using a full or cache resolver + # enabled: true + pvc: + name: nats-jwt-pvc + # set other PVC options here to make it match 0.x, refer to values.yaml for schema + +# required +statefulSet: + patch: + - op: remove + path: /spec/selector/matchLabels/app.kubernetes.io~1component + - $tplYamlSpread: |- + {{- if and + .Values.config.jetstream.enabled + .Values.config.jetstream.fileStore.enabled + .Values.config.jetstream.fileStore.pvc.enabled + .Values.config.resolver.enabled + .Values.config.resolver.pvc.enabled + }} + - op: move + from: /spec/volumeClaimTemplates/0 + path: /spec/volumeClaimTemplates/1 + {{- else}} + [] + {{- end }} + +# required +headlessService: + name: + $tplYaml: >- + {{ include "nats.fullname" . }} + +# required unless 0.x values explicitly set nats.serviceAccount.create=false +serviceAccount: + enabled: true + +# required to use new ClusterIP service for Clients accessing NATS +# if using TLS, this may require adding another SAN +service: + # uncomment the next line to disable the new ClusterIP service + # enabled: false + name: + $tplYaml: >- + {{ include "nats.fullname" . }}-svc + +# required if using NatsBox +natsBox: + deployment: + patch: + - op: replace + path: /spec/selector/matchLabels + value: + app: nats-box + - op: add + path: /spec/template/metadata/labels/app + value: nats-box +``` + +## Update NATS Config to new values.yaml schema + +Most values that control the NATS Config have changed and moved under the `config` key. Refer to the 1.x Chart's [values.yaml](values.yaml) for the complete schema. + +After migrating to the new values schema, ensure that changes you expect in the NATS Config files match by templating the old and new config files. + +Template your old 0.x Config Map, this example uses a file called `values-old.yaml`: + +```sh +helm template \ + --version "0.x" \ + -f values-old.yaml \ + -s templates/configmap.yaml \ + nats \ + nats/nats +``` + +Template your new 1.x Config Map, this example uses a file called `values.yaml`: + +```sh +helm template \ + --version "^1-beta" \ + -f values.yaml \ + -s templates/config-map.yaml \ + nats \ + nats/nats +``` + +## Update Kubernetes Resources to new values.yaml schema + +Most values that control Kubernetes Resources have been changed. Refer to the 1.x Chart's [values.yaml](values.yaml) for the complete schema. + +After migrating to the new values schema, ensure that changes you expect in resources match by templating the old and new resources. + +| Resource | 0.x Template File | 1.x Template File | +|-------------------------|---------------------------------|-------------------------------------------| +| Config Map | `templates/configmap.yaml` | `templates/config-map.yaml` | +| Stateful Set | `templates/statefulset.yaml` | `templates/stateful-set.yaml` | +| Headless Service | `templates/service.yaml` | `templates/headless-service.yaml` | +| ClusterIP Service | N/A | `templates/service.yaml` | +| Network Policy | `templates/networkpolicy.yaml` | N/A | +| Pod Disruption Budget | `templates/pdb.yaml` | `templates/pod-disruption-budget.yaml` | +| Service Account | `templates/rbac.yaml` | `templates/service-account.yaml` | +| Resource | `templates/` | `templates/` | +| Resource | `templates/` | `templates/` | +| Prometheus Monitor | `templates/serviceMonitor.yaml` | `templates/pod-monitor.yaml` | +| NatsBox Deployment | `templates/nats-box.yaml` | `templates/nats-box/deployment.yaml` | +| NatsBox Service Account | N/A | `templates/nats-box/service-account.yaml` | +| NatsBox Contents Secret | N/A | `templates/nats-box/contents-secret.yaml` | +| NatsBox Contexts Secret | N/A | `templates/nats-box/contexts-secret.yaml` | + +For example, to check that the Stateful Set matches: + +Template your old 0.x Stateful Set, this example uses a file called `values-old.yaml`: + +```sh +helm template \ + --version "0.x" \ + -f values-old.yaml \ + -s templates/statefulset.yaml \ + nats \ + nats/nats +``` + +Template your new 1.x Stateful Set, this example uses a file called `values.yaml`: + +```sh +helm template \ + --version "^1-beta" \ + -f values.yaml \ + -s templates/stateful-set.yaml \ + nats \ + nats/nats +``` diff --git a/charts/testkube-enterprise/charts/nats/files/config-map.yaml b/charts/testkube-enterprise/charts/nats/files/config-map.yaml new file mode 100644 index 000000000..89ee3c281 --- /dev/null +++ b/charts/testkube-enterprise/charts/nats/files/config-map.yaml @@ -0,0 +1,10 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + {{- include "nats.metadataNamespace" $ | nindent 2 }} + name: {{ .Values.configMap.name }} + labels: + {{- include "nats.labels" $ | nindent 4 }} +data: + nats.conf: | + {{- include "nats.formatConfig" .config | nindent 4 }} diff --git a/charts/testkube-enterprise/charts/nats/files/config/cluster.yaml b/charts/testkube-enterprise/charts/nats/files/config/cluster.yaml new file mode 100644 index 000000000..719cb8ade --- /dev/null +++ b/charts/testkube-enterprise/charts/nats/files/config/cluster.yaml @@ -0,0 +1,32 @@ +{{- with .Values.config.cluster }} +name: {{ $.Values.statefulSet.name }} +port: {{ .port }} +no_advertise: true +routes: +{{- $proto := ternary "tls" "nats" .tls.enabled }} +{{- $auth := "" }} +{{- if and .routeURLs.user .routeURLs.password }} + {{- $auth = printf "%s:%s@" (urlquery .routeURLs.user) (urlquery .routeURLs.password) -}} +{{- end }} +{{- $domain := $.Values.headlessService.name }} +{{- if .routeURLs.useFQDN }} + {{- $domain = printf "%s.%s.svc.%s" $domain (include "nats.namespace" $) .routeURLs.k8sClusterDomain }} +{{- end }} +{{- $port := (int .port) }} +{{- range $i, $_ := until (int .replicas) }} +- {{ printf "%s://%s%s-%d.%s:%d" $proto $auth $.Values.statefulSet.name $i $domain $port }} +{{- end }} + +{{- if and .routeURLs.user .routeURLs.password }} +authorization: + user: {{ .routeURLs.user | quote }} + password: {{ .routeURLs.password | quote }} +{{- end }} + +{{- with .tls }} +{{- if .enabled }} +tls: + {{- include "nats.loadMergePatch" (merge (dict "file" "config/tls.yaml" "ctx" (merge (dict "tls" .) $)) .) | nindent 2 }} +{{- end }} +{{- end }} +{{- end }} diff --git a/charts/testkube-enterprise/charts/nats/files/config/config.yaml b/charts/testkube-enterprise/charts/nats/files/config/config.yaml new file mode 100644 index 000000000..92fd96f1a --- /dev/null +++ b/charts/testkube-enterprise/charts/nats/files/config/config.yaml @@ -0,0 +1,114 @@ +{{- with .Values.config }} + +server_name: << $SERVER_NAME >> +lame_duck_grace_period: 10s +lame_duck_duration: 30s +pid_file: /var/run/nats/nats.pid + +######################################## +# NATS +######################################## +{{- with .nats }} +port: {{ .port }} + +{{- with .tls }} +{{- if .enabled }} +tls: + {{- include "nats.loadMergePatch" (merge (dict "file" "config/tls.yaml" "ctx" (merge (dict "tls" .) $)) .) | nindent 2 }} +{{- end }} +{{- end }} +{{- end }} + +######################################## +# leafnodes +######################################## +{{- with .leafnodes }} +{{- if .enabled }} +leafnodes: + {{- include "nats.loadMergePatch" (merge (dict "file" "config/leafnodes.yaml" "ctx" $) .) | nindent 2 }} +{{- end }} +{{- end }} + +######################################## +# websocket +######################################## +{{- with .websocket }} +{{- if .enabled }} +websocket: + {{- include "nats.loadMergePatch" (merge (dict "file" "config/websocket.yaml" "ctx" $) .) | nindent 2 }} +{{- end }} +{{- end }} + +######################################## +# MQTT +######################################## +{{- with .mqtt }} +{{- if .enabled }} +mqtt: + {{- include "nats.loadMergePatch" (merge (dict "file" "config/mqtt.yaml" "ctx" $) .) | nindent 2 }} +{{- end }} +{{- end }} + +######################################## +# cluster +######################################## +{{- with .cluster }} +{{- if .enabled }} +cluster: + {{- include "nats.loadMergePatch" (merge (dict "file" "config/cluster.yaml" "ctx" $) .) | nindent 2 }} +{{- end }} +{{- end }} + +######################################## +# gateway +######################################## +{{- with .gateway }} +{{- if .enabled }} +gateway: + {{- include "nats.loadMergePatch" (merge (dict "file" "config/gateway.yaml" "ctx" $) .) | nindent 2 }} +{{- end }} +{{- end }} + +######################################## +# monitor +######################################## +{{- with .monitor }} +{{- if .enabled }} +{{- if .tls.enabled }} +https_port: {{ .port }} +{{- else }} +http_port: {{ .port }} +{{- end }} +{{- end }} +{{- end }} + +######################################## +# profiling +######################################## +{{- with .profiling }} +{{- if .enabled }} +prof_port: {{ .port }} +{{- end }} +{{- end }} + +######################################## +# jetstream +######################################## +{{- with $.Values.config.jetstream -}} +{{- if .enabled }} +jetstream: + {{- include "nats.loadMergePatch" (merge (dict "file" "config/jetstream.yaml" "ctx" $) .) | nindent 2 }} +{{- end }} +{{- end }} + +######################################## +# resolver +######################################## +{{- with $.Values.config.resolver -}} +{{- if .enabled }} +resolver: + {{- include "nats.loadMergePatch" (merge (dict "file" "config/resolver.yaml" "ctx" $) .) | nindent 2 }} +{{- end }} +{{- end }} + +{{- end }} diff --git a/charts/testkube-enterprise/charts/nats/files/config/gateway.yaml b/charts/testkube-enterprise/charts/nats/files/config/gateway.yaml new file mode 100644 index 000000000..32d4ed9f7 --- /dev/null +++ b/charts/testkube-enterprise/charts/nats/files/config/gateway.yaml @@ -0,0 +1,11 @@ +{{- with .Values.config.gateway }} +name: {{ $.Values.statefulSet.name }} +port: {{ .port }} + +{{- with .tls }} +{{- if .enabled }} +tls: + {{- include "nats.loadMergePatch" (merge (dict "file" "config/tls.yaml" "ctx" (merge (dict "tls" .) $)) .) | nindent 2 }} +{{- end }} +{{- end }} +{{- end }} diff --git a/charts/testkube-enterprise/charts/nats/files/config/jetstream.yaml b/charts/testkube-enterprise/charts/nats/files/config/jetstream.yaml new file mode 100644 index 000000000..17262f643 --- /dev/null +++ b/charts/testkube-enterprise/charts/nats/files/config/jetstream.yaml @@ -0,0 +1,23 @@ +{{- with .Values.config.jetstream }} +{{- with .memoryStore }} +{{- if .enabled }} +{{- with .maxSize }} +max_memory_store: << {{ . }} >> +{{- end }} +{{- else }} +max_memory_store: 0 +{{- end }} +{{- end }} +{{- with .fileStore }} +{{- if .enabled }} +store_dir: {{ .dir }} +{{- if .maxSize }} +max_file_store: << {{ .maxSize }} >> +{{- else if .pvc.enabled }} +max_file_store: << {{ .pvc.size }} >> +{{- end }} +{{- else }} +max_file_store: 0 +{{- end }} +{{- end }} +{{- end }} diff --git a/charts/testkube-enterprise/charts/nats/files/config/leafnodes.yaml b/charts/testkube-enterprise/charts/nats/files/config/leafnodes.yaml new file mode 100644 index 000000000..3a1d9a14a --- /dev/null +++ b/charts/testkube-enterprise/charts/nats/files/config/leafnodes.yaml @@ -0,0 +1,11 @@ +{{- with .Values.config.leafnodes }} +port: {{ .port }} +no_advertise: true + +{{- with .tls }} +{{- if .enabled }} +tls: + {{- include "nats.loadMergePatch" (merge (dict "file" "config/tls.yaml" "ctx" (merge (dict "tls" .) $)) .) | nindent 2 }} +{{- end }} +{{- end }} +{{- end }} diff --git a/charts/testkube-enterprise/charts/nats/files/config/mqtt.yaml b/charts/testkube-enterprise/charts/nats/files/config/mqtt.yaml new file mode 100644 index 000000000..e25d8a3e0 --- /dev/null +++ b/charts/testkube-enterprise/charts/nats/files/config/mqtt.yaml @@ -0,0 +1,10 @@ +{{- with .Values.config.mqtt }} +port: {{ .port }} + +{{- with .tls }} +{{- if .enabled }} +tls: + {{- include "nats.loadMergePatch" (merge (dict "file" "config/tls.yaml" "ctx" (merge (dict "tls" .) $)) .) | nindent 2 }} +{{- end }} +{{- end }} +{{- end }} diff --git a/charts/testkube-enterprise/charts/nats/files/config/protocol.yaml b/charts/testkube-enterprise/charts/nats/files/config/protocol.yaml new file mode 100644 index 000000000..288c80d75 --- /dev/null +++ b/charts/testkube-enterprise/charts/nats/files/config/protocol.yaml @@ -0,0 +1,10 @@ +{{- with .protocol }} +port: {{ .port }} + +{{- with .tls }} +{{- if .enabled }} +tls: + {{- include "nats.loadMergePatch" (merge (dict "file" "config/tls.yaml" "ctx" (merge (dict "tls" .) $)) .) | nindent 2 }} +{{- end }} +{{- end }} +{{- end }} diff --git a/charts/testkube-enterprise/charts/nats/files/config/resolver.yaml b/charts/testkube-enterprise/charts/nats/files/config/resolver.yaml new file mode 100644 index 000000000..a6761c403 --- /dev/null +++ b/charts/testkube-enterprise/charts/nats/files/config/resolver.yaml @@ -0,0 +1,3 @@ +{{- with .Values.config.resolver }} +dir: {{ .dir }} +{{- end }} diff --git a/charts/testkube-enterprise/charts/nats/files/config/tls.yaml b/charts/testkube-enterprise/charts/nats/files/config/tls.yaml new file mode 100644 index 000000000..26aee0155 --- /dev/null +++ b/charts/testkube-enterprise/charts/nats/files/config/tls.yaml @@ -0,0 +1,16 @@ +# tls +{{- with .tls }} +{{- if .secretName }} +{{- $dir := trimSuffix "/" .dir }} +cert_file: {{ printf "%s/%s" $dir (.cert | default "tls.crt") | quote }} +key_file: {{ printf "%s/%s" $dir (.key | default "tls.key") | quote }} +{{- end }} +{{- end }} + +# tlsCA +{{- with $.Values.tlsCA }} +{{- if and .enabled (or .configMapName .secretName) }} +{{- $dir := trimSuffix "/" .dir }} +ca_file: {{ printf "%s/%s" $dir (.key | default "ca.crt") | quote }} +{{- end }} +{{- end }} diff --git a/charts/testkube-enterprise/charts/nats/files/config/websocket.yaml b/charts/testkube-enterprise/charts/nats/files/config/websocket.yaml new file mode 100644 index 000000000..afcd178a7 --- /dev/null +++ b/charts/testkube-enterprise/charts/nats/files/config/websocket.yaml @@ -0,0 +1,12 @@ +{{- with .Values.config.websocket }} +port: {{ .port }} + +{{- if .tls.enabled }} +{{- with .tls }} +tls: + {{- include "nats.loadMergePatch" (merge (dict "file" "config/tls.yaml" "ctx" (merge (dict "tls" .) $)) .) | nindent 2 }} +{{- end }} +{{- else }} +no_tls: true +{{- end }} +{{- end }} diff --git a/charts/testkube-enterprise/charts/nats/files/headless-service.yaml b/charts/testkube-enterprise/charts/nats/files/headless-service.yaml new file mode 100644 index 000000000..da6552b37 --- /dev/null +++ b/charts/testkube-enterprise/charts/nats/files/headless-service.yaml @@ -0,0 +1,24 @@ +apiVersion: v1 +kind: Service +metadata: + {{- include "nats.metadataNamespace" $ | nindent 2 }} + name: {{ .Values.headlessService.name }} + labels: + {{- include "nats.labels" $ | nindent 4 }} +spec: + selector: + {{- include "nats.selectorLabels" $ | nindent 4 }} + clusterIP: None + publishNotReadyAddresses: true + ports: + {{- range $protocol := list "nats" "leafnodes" "websocket" "mqtt" "cluster" "gateway" "monitor" "profiling" }} + {{- $configProtocol := get $.Values.config $protocol }} + {{- if or (eq $protocol "nats") $configProtocol.enabled }} + {{- $tlsEnabled := false }} + {{- if hasKey $configProtocol "tls" }} + {{- $tlsEnabled = $configProtocol.tls.enabled }} + {{- end }} + {{- $appProtocol := or (eq $protocol "websocket") (eq $protocol "monitor") | ternary ($tlsEnabled | ternary "https" "http") ($tlsEnabled | ternary "tls" "tcp") }} + - {{ dict "name" $protocol "port" $configProtocol.port "targetPort" $protocol "appProtocol" $appProtocol | toYaml | nindent 4 }} + {{- end }} + {{- end }} diff --git a/charts/testkube-enterprise/charts/nats/files/ingress.yaml b/charts/testkube-enterprise/charts/nats/files/ingress.yaml new file mode 100644 index 000000000..b59f0fa5f --- /dev/null +++ b/charts/testkube-enterprise/charts/nats/files/ingress.yaml @@ -0,0 +1,34 @@ +{{- with .Values.config.websocket.ingress }} +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + {{- include "nats.metadataNamespace" $ | nindent 2 }} + name: {{ .name }} + labels: + {{- include "nats.labels" $ | nindent 4 }} +spec: + {{- with .className }} + ingressClassName: {{ . | quote }} + {{- end }} + rules: + {{- $path := .path }} + {{- $pathType := .pathType }} + {{- range .hosts }} + - host: {{ . | quote }} + http: + paths: + - path: {{ $path | quote }} + pathType: {{ $pathType | quote }} + backend: + service: + name: {{ $.Values.service.name }} + port: + name: websocket + {{- end }} + {{- if .tlsSecretName }} + tls: + - secretName: {{ .tlsSecretName | quote }} + hosts: + {{- toYaml .hosts | nindent 4 }} + {{- end }} +{{- end }} diff --git a/charts/testkube-enterprise/charts/nats/files/nats-box/contents-secret.yaml b/charts/testkube-enterprise/charts/nats/files/nats-box/contents-secret.yaml new file mode 100644 index 000000000..6e8fdb26f --- /dev/null +++ b/charts/testkube-enterprise/charts/nats/files/nats-box/contents-secret.yaml @@ -0,0 +1,17 @@ +apiVersion: v1 +kind: Secret +metadata: + {{- include "nats.metadataNamespace" $ | nindent 2 }} + name: {{ .Values.natsBox.contentsSecret.name }} + labels: + {{- include "natsBox.labels" $ | nindent 4 }} +type: Opaque +stringData: + {{- range $ctxKey, $ctxVal := .Values.natsBox.contexts }} + {{- range $secretKey, $secretVal := dict "creds" "creds" "nkey" "nk" }} + {{- $secret := get $ctxVal $secretKey }} + {{- if and $secret $secret.contents }} + "{{ $ctxKey }}.{{ $secretVal }}": {{ $secret.contents | quote }} + {{- end }} + {{- end }} + {{- end }} diff --git a/charts/testkube-enterprise/charts/nats/files/nats-box/contexts-secret/context.yaml b/charts/testkube-enterprise/charts/nats/files/nats-box/contexts-secret/context.yaml new file mode 100644 index 000000000..54480eac9 --- /dev/null +++ b/charts/testkube-enterprise/charts/nats/files/nats-box/contexts-secret/context.yaml @@ -0,0 +1,51 @@ +{{- $contextName := .contextName }} + +# url +{{- if .Values.service.enabled }} +url: nats://{{ .Values.service.name }} +{{- else }} +url: nats://{{ .Values.headlessService.name }} +{{- end }} + +{{- with .context }} + +# creds +{{- with .creds}} +{{- if .contents }} +creds: /etc/nats-contents/{{ $contextName }}.creds +{{- else if .secretName }} +{{- $dir := trimSuffix "/" .dir }} +creds: {{ printf "%s/%s" $dir (.key | default "nats.creds") | quote }} +{{- end }} +{{- end }} + +# nkey +{{- with .nkey}} +{{- if .contents }} +nkey: /etc/nats-contents/{{ $contextName }}.nk +{{- else if .secretName }} +{{- $dir := trimSuffix "/" .dir }} +nkey: {{ printf "%s/%s" $dir (.key | default "nats.nk") | quote }} +{{- end }} +{{- end }} + +# tls +{{- with .tls }} +{{- if .secretName }} +{{- $dir := trimSuffix "/" .dir }} +cert: {{ printf "%s/%s" $dir (.cert | default "tls.crt") | quote }} +key: {{ printf "%s/%s" $dir (.key | default "tls.key") | quote }} +{{- end }} +{{- end }} + +# tlsCA +{{- if $.Values.config.nats.tls.enabled }} +{{- with $.Values.tlsCA }} +{{- if and .enabled (or .configMapName .secretName) }} +{{- $dir := trimSuffix "/" .dir }} +ca: {{ printf "%s/%s" $dir (.key | default "ca.crt") | quote }} +{{- end }} +{{- end }} +{{- end }} + +{{- end }} diff --git a/charts/testkube-enterprise/charts/nats/files/nats-box/contexts-secret/contexts-secret.yaml b/charts/testkube-enterprise/charts/nats/files/nats-box/contexts-secret/contexts-secret.yaml new file mode 100644 index 000000000..0ce8d1d87 --- /dev/null +++ b/charts/testkube-enterprise/charts/nats/files/nats-box/contexts-secret/contexts-secret.yaml @@ -0,0 +1,13 @@ +apiVersion: v1 +kind: Secret +metadata: + {{- include "nats.metadataNamespace" $ | nindent 2 }} + name: {{ .Values.natsBox.contextsSecret.name }} + labels: + {{- include "natsBox.labels" $ | nindent 4 }} +type: Opaque +stringData: +{{- range $ctxKey, $ctxVal := .Values.natsBox.contexts }} + "{{ $ctxKey }}.json": | + {{- include "toPrettyRawJson" (include "nats.loadMergePatch" (dict "file" "nats-box/contexts-secret/context.yaml" "merge" (.merge | default dict) "patch" (.patch | default list) "ctx" (merge (dict "contextName" $ctxKey "context" $ctxVal) $)) | fromYaml) | nindent 4 }} +{{- end }} diff --git a/charts/testkube-enterprise/charts/nats/files/nats-box/deployment/container.yaml b/charts/testkube-enterprise/charts/nats/files/nats-box/deployment/container.yaml new file mode 100644 index 000000000..aa1753b4b --- /dev/null +++ b/charts/testkube-enterprise/charts/nats/files/nats-box/deployment/container.yaml @@ -0,0 +1,46 @@ +name: nats-box +{{ include "nats.image" (merge (pick $.Values "global") .Values.natsBox.container.image) }} + +{{- with .Values.natsBox.container.env }} +env: +{{- include "nats.env" . }} +{{- end }} + +command: +- sh +- -ec +- | + work_dir="$(pwd)" + mkdir -p "$XDG_CONFIG_HOME/nats" + cd "$XDG_CONFIG_HOME/nats" + if ! [ -s context ]; then + ln -s /etc/nats-contexts context + fi + {{- if .Values.natsBox.defaultContextName }} + if ! [ -f context.txt ]; then + echo -n {{ .Values.natsBox.defaultContextName | quote }} > context.txt + fi + {{- end }} + cd "$work_dir" + exec /entrypoint.sh "$@" +- -- +args: +- sh +- -ec +- trap true INT TERM; sleep infinity & wait +volumeMounts: +# contexts secret +- name: contexts + mountPath: /etc/nats-contexts +# contents secret +{{- if .hasContentsSecret }} +- name: contents + mountPath: /etc/nats-contents +{{- end }} +# tlsCA +{{- include "nats.tlsCAVolumeMount" $ }} +# secrets +{{- range (include "natsBox.secretNames" $ | fromJson).secretNames }} +- name: {{ .name | quote }} + mountPath: {{ .dir | quote }} +{{- end }} diff --git a/charts/testkube-enterprise/charts/nats/files/nats-box/deployment/deployment.yaml b/charts/testkube-enterprise/charts/nats/files/nats-box/deployment/deployment.yaml new file mode 100644 index 000000000..bf39dd8d5 --- /dev/null +++ b/charts/testkube-enterprise/charts/nats/files/nats-box/deployment/deployment.yaml @@ -0,0 +1,16 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + {{- include "nats.metadataNamespace" $ | nindent 2 }} + name: {{ .Values.natsBox.deployment.name }} + labels: + {{- include "natsBox.labels" $ | nindent 4 }} +spec: + selector: + matchLabels: + {{- include "natsBox.selectorLabels" $ | nindent 6 }} + replicas: 1 + template: + {{- with .Values.natsBox.podTemplate }} + {{ include "nats.loadMergePatch" (merge (dict "file" "nats-box/deployment/pod-template.yaml" "ctx" $) .) | nindent 4 }} + {{- end }} diff --git a/charts/testkube-enterprise/charts/nats/files/nats-box/deployment/pod-template.yaml b/charts/testkube-enterprise/charts/nats/files/nats-box/deployment/pod-template.yaml new file mode 100644 index 000000000..ff904bf6c --- /dev/null +++ b/charts/testkube-enterprise/charts/nats/files/nats-box/deployment/pod-template.yaml @@ -0,0 +1,44 @@ +metadata: + labels: + {{- include "natsBox.labels" $ | nindent 4 }} +spec: + containers: + {{- with .Values.natsBox.container }} + - {{ include "nats.loadMergePatch" (merge (dict "file" "nats-box/deployment/container.yaml" "ctx" $) .) | nindent 4 }} + {{- end }} + + # service discovery uses DNS; don't need service env vars + enableServiceLinks: false + + {{- with (default .Values.global.image.pullSecretNames .Values.global.imagePullSecrets) }} + imagePullSecrets: + {{- range . }} + - name: {{ . | quote }} + {{- end }} + {{- end }} + + {{- with .Values.natsBox.serviceAccount }} + {{- if .enabled }} + serviceAccountName: {{ .name | quote }} + {{- end }} + {{- end }} + + volumes: + # contexts secret + - name: contexts + secret: + secretName: {{ .Values.natsBox.contextsSecret.name }} + # contents secret + {{- if .hasContentsSecret }} + - name: contents + secret: + secretName: {{ .Values.natsBox.contentsSecret.name }} + {{- end }} + # tlsCA + {{- include "nats.tlsCAVolume" $ | nindent 2 }} + # secrets + {{- range (include "natsBox.secretNames" $ | fromJson).secretNames }} + - name: {{ .name | quote }} + secret: + secretName: {{ .secretName | quote }} + {{- end }} diff --git a/charts/testkube-enterprise/charts/nats/files/nats-box/service-account.yaml b/charts/testkube-enterprise/charts/nats/files/nats-box/service-account.yaml new file mode 100644 index 000000000..c31e52f18 --- /dev/null +++ b/charts/testkube-enterprise/charts/nats/files/nats-box/service-account.yaml @@ -0,0 +1,7 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + {{- include "nats.metadataNamespace" $ | nindent 2 }} + name: {{ .Values.natsBox.serviceAccount.name }} + labels: + {{- include "natsBox.labels" $ | nindent 4 }} diff --git a/charts/testkube-enterprise/charts/nats/files/pod-disruption-budget.yaml b/charts/testkube-enterprise/charts/nats/files/pod-disruption-budget.yaml new file mode 100644 index 000000000..fd1fdead5 --- /dev/null +++ b/charts/testkube-enterprise/charts/nats/files/pod-disruption-budget.yaml @@ -0,0 +1,12 @@ +apiVersion: policy/v1 +kind: PodDisruptionBudget +metadata: + {{- include "nats.metadataNamespace" $ | nindent 2 }} + name: {{ .Values.podDisruptionBudget.name }} + labels: + {{- include "nats.labels" $ | nindent 4 }} +spec: + maxUnavailable: 1 + selector: + matchLabels: + {{- include "nats.selectorLabels" $ | nindent 6 }} diff --git a/charts/testkube-enterprise/charts/nats/files/pod-monitor.yaml b/charts/testkube-enterprise/charts/nats/files/pod-monitor.yaml new file mode 100644 index 000000000..c6c8eae06 --- /dev/null +++ b/charts/testkube-enterprise/charts/nats/files/pod-monitor.yaml @@ -0,0 +1,13 @@ +apiVersion: monitoring.coreos.com/v1 +kind: PodMonitor +metadata: + {{- include "nats.metadataNamespace" $ | nindent 2 }} + name: {{ .Values.promExporter.podMonitor.name }} + labels: + {{- include "nats.labels" $ | nindent 4 }} +spec: + selector: + matchLabels: + {{- include "nats.selectorLabels" $ | nindent 6 }} + podMetricsEndpoints: + - port: prom-metrics diff --git a/charts/testkube-enterprise/charts/nats/files/service-account.yaml b/charts/testkube-enterprise/charts/nats/files/service-account.yaml new file mode 100644 index 000000000..22c18cc70 --- /dev/null +++ b/charts/testkube-enterprise/charts/nats/files/service-account.yaml @@ -0,0 +1,7 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + {{- include "nats.metadataNamespace" $ | nindent 2 }} + name: {{ .Values.serviceAccount.name }} + labels: + {{- include "nats.labels" $ | nindent 4 }} diff --git a/charts/testkube-enterprise/charts/nats/files/service.yaml b/charts/testkube-enterprise/charts/nats/files/service.yaml new file mode 100644 index 000000000..db08fe5b5 --- /dev/null +++ b/charts/testkube-enterprise/charts/nats/files/service.yaml @@ -0,0 +1,23 @@ +apiVersion: v1 +kind: Service +metadata: + {{- include "nats.metadataNamespace" $ | nindent 2 }} + name: {{ .Values.service.name }} + labels: + {{- include "nats.labels" $ | nindent 4 }} +spec: + selector: + {{- include "nats.selectorLabels" $ | nindent 4 }} + ports: + {{- range $protocol := list "nats" "leafnodes" "websocket" "mqtt" "cluster" "gateway" "monitor" "profiling" }} + {{- $configProtocol := get $.Values.config $protocol }} + {{- $servicePort := get $.Values.service.ports $protocol }} + {{- if and (or (eq $protocol "nats") $configProtocol.enabled) $servicePort.enabled }} + {{- $tlsEnabled := false }} + {{- if hasKey $configProtocol "tls" }} + {{- $tlsEnabled = $configProtocol.tls.enabled }} + {{- end }} + {{- $appProtocol := or (eq $protocol "websocket") (eq $protocol "monitor") | ternary ($tlsEnabled | ternary "https" "http") ($tlsEnabled | ternary "tls" "tcp") }} + - {{ merge (dict "name" $protocol "targetPort" $protocol "appProtocol" $appProtocol) (omit $servicePort "enabled") (dict "port" $configProtocol.port) | toYaml | nindent 4 }} + {{- end }} + {{- end }} diff --git a/charts/testkube-enterprise/charts/nats/files/stateful-set/jetstream-pvc.yaml b/charts/testkube-enterprise/charts/nats/files/stateful-set/jetstream-pvc.yaml new file mode 100644 index 000000000..a43f20059 --- /dev/null +++ b/charts/testkube-enterprise/charts/nats/files/stateful-set/jetstream-pvc.yaml @@ -0,0 +1,13 @@ +{{- with .Values.config.jetstream.fileStore.pvc }} +metadata: + name: {{ .name }} +spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: {{ .size | quote }} + {{- with .storageClassName }} + storageClassName: {{ . | quote }} + {{- end }} +{{- end }} diff --git a/charts/testkube-enterprise/charts/nats/files/stateful-set/nats-container.yaml b/charts/testkube-enterprise/charts/nats/files/stateful-set/nats-container.yaml new file mode 100644 index 000000000..c5402efea --- /dev/null +++ b/charts/testkube-enterprise/charts/nats/files/stateful-set/nats-container.yaml @@ -0,0 +1,106 @@ +name: nats +{{ include "nats.image" (merge (pick $.Values "global") .Values.container.image) }} + +ports: +{{- range $protocol := list "nats" "leafnodes" "websocket" "mqtt" "cluster" "gateway" "monitor" "profiling" }} +{{- $configProtocol := get $.Values.config $protocol }} +{{- $containerPort := get $.Values.container.ports $protocol }} +{{- if or (eq $protocol "nats") $configProtocol.enabled }} +- {{ merge (dict "name" $protocol "containerPort" $configProtocol.port) $containerPort | toYaml | nindent 2 }} +{{- end }} +{{- end }} + +args: +- --config +- /etc/nats-config/nats.conf + +env: +- name: POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name +- name: SERVER_NAME + value: {{ printf "%s$(POD_NAME)" .Values.config.serverNamePrefix | quote }} +{{- with .Values.container.env }} +{{- include "nats.env" . }} +{{- end }} + +lifecycle: + preStop: + exec: + # send the lame duck shutdown signal to trigger a graceful shutdown + command: + - nats-server + - -sl=ldm=/var/run/nats/nats.pid + +{{- with .Values.config.monitor }} +{{- if .enabled }} +startupProbe: + httpGet: + path: /healthz + port: monitor + {{- if .tls.enabled }} + scheme: HTTPS + {{- end}} + initialDelaySeconds: 10 + timeoutSeconds: 5 + periodSeconds: 10 + successThreshold: 1 + failureThreshold: 90 +readinessProbe: + httpGet: + path: /healthz?js-server-only=true + port: monitor + {{- if .tls.enabled }} + scheme: HTTPS + {{- end}} + initialDelaySeconds: 10 + timeoutSeconds: 5 + periodSeconds: 10 + successThreshold: 1 + failureThreshold: 3 +livenessProbe: + httpGet: + path: /healthz?js-enabled-only=true + port: monitor + {{- if .tls.enabled }} + scheme: HTTPS + {{- end}} + initialDelaySeconds: 10 + timeoutSeconds: 5 + periodSeconds: 30 + successThreshold: 1 + failureThreshold: 3 +{{- end }} +{{- end }} + +volumeMounts: +# nats config +- name: config + mountPath: /etc/nats-config +# PID volume +- name: pid + mountPath: /var/run/nats +# JetStream PVC +{{- with .Values.config.jetstream }} +{{- if and .enabled .fileStore.enabled .fileStore.pvc.enabled }} +{{- with .fileStore }} +- name: {{ .pvc.name }} + mountPath: {{ .dir | quote }} +{{- end }} +{{- end }} +{{- end }} +# resolver PVC +{{- with .Values.config.resolver }} +{{- if and .enabled .pvc.enabled }} +- name: {{ .pvc.name }} + mountPath: {{ .dir | quote }} +{{- end }} +{{- end }} +# tlsCA +{{- include "nats.tlsCAVolumeMount" $ }} +# secrets +{{- range (include "nats.secretNames" $ | fromJson).secretNames }} +- name: {{ .name | quote }} + mountPath: {{ .dir | quote }} +{{- end }} diff --git a/charts/testkube-enterprise/charts/nats/files/stateful-set/pod-template.yaml b/charts/testkube-enterprise/charts/nats/files/stateful-set/pod-template.yaml new file mode 100644 index 000000000..1d3ea6431 --- /dev/null +++ b/charts/testkube-enterprise/charts/nats/files/stateful-set/pod-template.yaml @@ -0,0 +1,71 @@ +metadata: + labels: + {{- include "nats.labels" $ | nindent 4 }} + annotations: + {{- if .Values.podTemplate.configChecksumAnnotation }} + {{- $configMap := include "nats.loadMergePatch" (merge (dict "file" "config-map.yaml" "ctx" $) $.Values.configMap) }} + checksum/config: {{ sha256sum $configMap }} + {{- end }} +spec: + containers: + # nats + {{- $nats := dict }} + {{- with .Values.container }} + {{- $nats = include "nats.loadMergePatch" (merge (dict "file" "stateful-set/nats-container.yaml" "ctx" $) .) | fromYaml }} + - {{ toYaml $nats | nindent 4 }} + {{- end }} + # reloader + {{- with .Values.reloader }} + {{- if .enabled }} + - {{ include "nats.loadMergePatch" (merge (dict "file" "stateful-set/reloader-container.yaml" "ctx" (merge (dict "natsVolumeMounts" $nats.volumeMounts) $)) .) | nindent 4 }} + {{- end }} + {{- end }} + {{- with .Values.promExporter }} + {{- if .enabled }} + - {{ include "nats.loadMergePatch" (merge (dict "file" "stateful-set/prom-exporter-container.yaml" "ctx" $) .) | nindent 4 }} + {{- end }} + {{- end }} + + # service discovery uses DNS; don't need service env vars + enableServiceLinks: false + + {{- with (default .Values.global.image.pullSecretNames .Values.global.imagePullSecrets) }} + imagePullSecrets: + {{- range . }} + - name: {{ . | quote }} + {{- end }} + {{- end }} + + {{- with .Values.serviceAccount }} + {{- if .enabled }} + serviceAccountName: {{ .name | quote }} + {{- end }} + {{- end }} + + {{- if .Values.reloader.enabled }} + shareProcessNamespace: true + {{- end }} + + volumes: + # nats config + - name: config + configMap: + name: {{ .Values.configMap.name }} + # PID volume + - name: pid + emptyDir: {} + # tlsCA + {{- include "nats.tlsCAVolume" $ | nindent 2 }} + # secrets + {{- range (include "nats.secretNames" $ | fromJson).secretNames }} + - name: {{ .name | quote }} + secret: + secretName: {{ .secretName | quote }} + {{- end }} + + {{- with .Values.podTemplate.topologySpreadConstraints }} + topologySpreadConstraints: + {{- range $k, $v := . }} + - {{ merge (dict "topologyKey" $k "labelSelector" (dict "matchLabels" (include "nats.selectorLabels" $ | fromYaml))) $v | toYaml | nindent 4 }} + {{- end }} + {{- end}} diff --git a/charts/testkube-enterprise/charts/nats/files/stateful-set/prom-exporter-container.yaml b/charts/testkube-enterprise/charts/nats/files/stateful-set/prom-exporter-container.yaml new file mode 100644 index 000000000..c3e1b6fbe --- /dev/null +++ b/charts/testkube-enterprise/charts/nats/files/stateful-set/prom-exporter-container.yaml @@ -0,0 +1,30 @@ +name: prom-exporter +{{ include "nats.image" (merge (pick $.Values "global") .Values.promExporter.image) }} + +ports: +- name: prom-metrics + containerPort: {{ .Values.promExporter.port }} + +{{- with .Values.promExporter.env }} +env: +{{- include "nats.env" . }} +{{- end }} + +args: +- -port={{ .Values.promExporter.port }} +- -connz +- -routez +- -subz +- -varz +- -prefix=nats +- -use_internal_server_id +{{- if .Values.config.jetstream.enabled }} +- -jsz=all +{{- end }} +{{- if .Values.config.leafnodes.enabled }} +- -leafz +{{- end }} +{{- if .Values.config.gateway.enabled }} +- -gatewayz +{{- end }} +- http://localhost:{{ .Values.config.monitor.port }}/ diff --git a/charts/testkube-enterprise/charts/nats/files/stateful-set/reloader-container.yaml b/charts/testkube-enterprise/charts/nats/files/stateful-set/reloader-container.yaml new file mode 100644 index 000000000..96722045f --- /dev/null +++ b/charts/testkube-enterprise/charts/nats/files/stateful-set/reloader-container.yaml @@ -0,0 +1,27 @@ +name: reloader +{{ include "nats.image" (merge (pick $.Values "global") .Values.reloader.image) }} + +{{- with .Values.reloader.env }} +env: +{{- include "nats.env" . }} +{{- end }} + +args: +- -pid +- /var/run/nats/nats.pid +- -config +- /etc/nats-config/nats.conf +{{ include "nats.reloaderConfig" (dict "config" .config "dir" "/etc/nats-config") }} + +volumeMounts: +- name: pid + mountPath: /var/run/nats +{{- range $mnt := .natsVolumeMounts }} +{{- $found := false }} +{{- range $.Values.reloader.natsVolumeMountPrefixes }} +{{- if and (not $found) (hasPrefix . $mnt.mountPath) }} +{{- $found = true }} +- {{ toYaml $mnt | nindent 2}} +{{- end }} +{{- end }} +{{- end }} diff --git a/charts/testkube-enterprise/charts/nats/files/stateful-set/resolver-pvc.yaml b/charts/testkube-enterprise/charts/nats/files/stateful-set/resolver-pvc.yaml new file mode 100644 index 000000000..3634cd826 --- /dev/null +++ b/charts/testkube-enterprise/charts/nats/files/stateful-set/resolver-pvc.yaml @@ -0,0 +1,13 @@ +{{- with .Values.config.resolver.pvc }} +metadata: + name: {{ .name }} +spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: {{ .size | quote }} + {{- with .storageClassName }} + storageClassName: {{ . | quote }} + {{- end }} +{{- end }} diff --git a/charts/testkube-enterprise/charts/nats/files/stateful-set/stateful-set.yaml b/charts/testkube-enterprise/charts/nats/files/stateful-set/stateful-set.yaml new file mode 100644 index 000000000..cd8082cbb --- /dev/null +++ b/charts/testkube-enterprise/charts/nats/files/stateful-set/stateful-set.yaml @@ -0,0 +1,37 @@ +apiVersion: apps/v1 +kind: StatefulSet +metadata: + {{- include "nats.metadataNamespace" $ | nindent 2 }} + name: {{ .Values.statefulSet.name }} + labels: + {{- include "nats.labels" $ | nindent 4 }} +spec: + selector: + matchLabels: + {{- include "nats.selectorLabels" $ | nindent 6 }} + {{- if .Values.config.cluster.enabled }} + replicas: {{ .Values.config.cluster.replicas }} + {{- else }} + replicas: 1 + {{- end }} + serviceName: {{ .Values.headlessService.name }} + podManagementPolicy: Parallel + template: + {{- with .Values.podTemplate }} + {{ include "nats.loadMergePatch" (merge (dict "file" "stateful-set/pod-template.yaml" "ctx" $) .) | nindent 4 }} + {{- end }} + volumeClaimTemplates: + {{- with .Values.config.jetstream }} + {{- if and .enabled .fileStore.enabled .fileStore.pvc.enabled }} + {{- with .fileStore.pvc }} + - {{ include "nats.loadMergePatch" (merge (dict "file" "stateful-set/jetstream-pvc.yaml" "ctx" $) .) | nindent 4 }} + {{- end }} + {{- end }} + {{- end }} + {{- with .Values.config.resolver }} + {{- if and .enabled .pvc.enabled }} + {{- with .pvc }} + - {{ include "nats.loadMergePatch" (merge (dict "file" "stateful-set/resolver-pvc.yaml" "ctx" $) .) | nindent 4 }} + {{- end }} + {{- end }} + {{- end }} diff --git a/charts/testkube-enterprise/charts/nats/templates/_helpers.tpl b/charts/testkube-enterprise/charts/nats/templates/_helpers.tpl new file mode 100644 index 000000000..ba0a51c56 --- /dev/null +++ b/charts/testkube-enterprise/charts/nats/templates/_helpers.tpl @@ -0,0 +1,282 @@ +{{/* +Expand the name of the chart. +*/}} +{{- define "nats.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "nats.fullname" -}} +{{- if .Values.fullnameOverride }} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- $name := default .Chart.Name .Values.nameOverride }} +{{- if contains $name .Release.Name }} +{{- .Release.Name | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }} +{{- end }} +{{- end }} +{{- end }} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "nats.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Print the namespace +*/}} +{{- define "nats.namespace" -}} +{{- default .Release.Namespace .Values.namespaceOverride }} +{{- end }} + +{{/* +Print the namespace for the metadata section +*/}} +{{- define "nats.metadataNamespace" -}} +{{- with .Values.namespaceOverride }} +namespace: {{ . | quote }} +{{- end }} +{{- end }} + +{{/* +Set default values. +*/}} +{{- define "nats.defaultValues" }} +{{- if not .defaultValuesSet }} + {{- $name := include "nats.fullname" . }} + {{- with .Values }} + {{- $_ := set .config.jetstream.fileStore.pvc "name" (.config.jetstream.fileStore.pvc.name | default (printf "%s-js" $name)) }} + {{- $_ := set .config.resolver.pvc "name" (.config.resolver.pvc.name | default (printf "%s-resolver" $name)) }} + {{- $_ := set .config.websocket.ingress "name" (.config.websocket.ingress.name | default (printf "%s-ws" $name)) }} + {{- $_ := set .configMap "name" (.configMap.name | default (printf "%s-config" $name)) }} + {{- $_ := set .headlessService "name" (.headlessService.name | default (printf "%s-headless" $name)) }} + {{- $_ := set .natsBox.contentsSecret "name" (.natsBox.contentsSecret.name | default (printf "%s-box-contents" $name)) }} + {{- $_ := set .natsBox.contextsSecret "name" (.natsBox.contextsSecret.name | default (printf "%s-box-contexts" $name)) }} + {{- $_ := set .natsBox.deployment "name" (.natsBox.deployment.name | default (printf "%s-box" $name)) }} + {{- $_ := set .natsBox.serviceAccount "name" (.natsBox.serviceAccount.name | default (printf "%s-box" $name)) }} + {{- $_ := set .podDisruptionBudget "name" (.podDisruptionBudget.name | default $name) }} + {{- $_ := set .service "name" (.service.name | default $name) }} + {{- $_ := set .serviceAccount "name" (.serviceAccount.name | default $name) }} + {{- $_ := set .statefulSet "name" (.statefulSet.name | default $name) }} + {{- $_ := set .promExporter.podMonitor "name" (.promExporter.podMonitor.name | default $name) }} + {{- end }} + + {{- $values := get (include "tplYaml" (dict "doc" .Values "ctx" $) | fromJson) "doc" }} + {{- $_ := set . "Values" $values }} + + {{- $hasContentsSecret := false }} + {{- range $ctxKey, $ctxVal := .Values.natsBox.contexts }} + {{- range $secretKey, $secretVal := dict "creds" "nats-creds" "nkey" "nats-nkeys" "tls" "nats-certs" }} + {{- $secret := get $ctxVal $secretKey }} + {{- if $secret }} + {{- $_ := set $secret "dir" ($secret.dir | default (printf "/etc/%s/%s" $secretVal $ctxKey)) }} + {{- if and (ne $secretKey "tls") $secret.contents }} + {{- $hasContentsSecret = true }} + {{- end }} + {{- end }} + {{- end }} + {{- end }} + {{- $_ := set $ "hasContentsSecret" $hasContentsSecret }} + + {{- with .Values.config }} + {{- $config := include "nats.loadMergePatch" (merge (dict "file" "config/config.yaml" "ctx" $) .) | fromYaml }} + {{- $_ := set $ "config" $config }} + {{- end }} + + {{- $_ := set . "defaultValuesSet" true }} +{{- end }} +{{- end }} + +{{/* +NATS labels +*/}} +{{- define "nats.labels" -}} +{{- with .Values.global.labels -}} +{{ toYaml . }} +{{ end -}} +helm.sh/chart: {{ include "nats.chart" . }} +{{ include "nats.selectorLabels" . }} +{{- if .Chart.AppVersion }} +app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} +{{- end }} +app.kubernetes.io/managed-by: {{ .Release.Service }} +{{- end }} + +{{/* +NATS selector labels +*/}} +{{- define "nats.selectorLabels" -}} +app.kubernetes.io/name: {{ include "nats.name" . }} +app.kubernetes.io/instance: {{ .Release.Name }} +app.kubernetes.io/component: nats +{{- end }} + +{{/* +NATS Box labels +*/}} +{{- define "natsBox.labels" -}} +{{- with .Values.global.labels -}} +{{ toYaml . }} +{{ end -}} +helm.sh/chart: {{ include "nats.chart" . }} +{{ include "natsBox.selectorLabels" . }} +{{- if .Chart.AppVersion }} +app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} +{{- end }} +app.kubernetes.io/managed-by: {{ .Release.Service }} +{{- end }} + +{{/* +NATS Box selector labels +*/}} +{{- define "natsBox.selectorLabels" -}} +app.kubernetes.io/name: {{ include "nats.name" . }} +app.kubernetes.io/instance: {{ .Release.Name }} +app.kubernetes.io/component: nats-box +{{- end }} + +{{/* +Override the nats.image template to use .global.imageRegistry instead of their +.global.image.registry. +*/}} +{{- define "nats.image" }} +{{- $image := printf "%s:%s" .repository .tag }} +{{- if or .registry .global.imageRegistry }} +{{- $image = printf "%s/%s" (.registry | default .global.imageRegistry) $image }} +{{- end -}} +image: {{ $image }} +{{- if or .pullPolicy .global.image.pullPolicy }} +imagePullPolicy: {{ .pullPolicy | default .global.image.pullPolicy }} +{{- end }} +{{- end }} + +{{- define "nats.secretNames" -}} +{{- $secrets := list }} +{{- range $protocol := list "nats" "leafnodes" "websocket" "mqtt" "cluster" "gateway" }} + {{- $configProtocol := get $.Values.config $protocol }} + {{- if and (or (eq $protocol "nats") $configProtocol.enabled) $configProtocol.tls.enabled $configProtocol.tls.secretName }} + {{- $secrets = append $secrets (merge (dict "name" (printf "%s-tls" $protocol)) $configProtocol.tls) }} + {{- end }} +{{- end }} +{{- toJson (dict "secretNames" $secrets) }} +{{- end }} + +{{- define "natsBox.secretNames" -}} +{{- $secrets := list }} +{{- range $ctxKey, $ctxVal := .Values.natsBox.contexts }} +{{- range $secretKey, $secretVal := dict "creds" "nats-creds" "nkey" "nats-nkeys" "tls" "nats-certs" }} + {{- $secret := get $ctxVal $secretKey }} + {{- if and $secret $secret.secretName }} + {{- $secrets = append $secrets (merge (dict "name" (printf "ctx-%s-%s" $ctxKey $secretKey)) $secret) }} + {{- end }} + {{- end }} +{{- end }} +{{- toJson (dict "secretNames" $secrets) }} +{{- end }} + +{{- define "nats.tlsCAVolume" -}} +{{- with .Values.tlsCA }} +{{- if and .enabled (or .configMapName .secretName) }} +- name: tls-ca +{{- if .configMapName }} + configMap: + name: {{ .configMapName | quote }} +{{- else if .secretName }} + secret: + secretName: {{ .secretName | quote }} +{{- end }} +{{- end }} +{{- end }} +{{- end }} + +{{- define "nats.tlsCAVolumeMount" -}} +{{- with .Values.tlsCA }} +{{- if and .enabled (or .configMapName .secretName) }} +- name: tls-ca + mountPath: {{ .dir | quote }} +{{- end }} +{{- end }} +{{- end }} + +{{/* +translates env var map to list +*/}} +{{- define "nats.env" -}} +{{- range $k, $v := . }} +{{- if kindIs "string" $v }} +- name: {{ $k | quote }} + value: {{ $v | quote }} +{{- else if kindIs "map" $v }} +- {{ merge (dict "name" $k) $v | toYaml | nindent 2 }} +{{- else }} +{{- fail (cat "env var" $k "must be string or map, got" (kindOf $v)) }} +{{- end }} +{{- end }} +{{- end }} + +{{- /* +nats.loadMergePatch +input: map with 4 keys: +- file: name of file to load +- ctx: context to pass to tpl +- merge: interface{} to merge +- patch: []interface{} valid JSON Patch document +output: JSON encoded map with 1 key: +- doc: interface{} patched json result +*/}} +{{- define "nats.loadMergePatch" -}} +{{- $doc := tpl (.ctx.Files.Get (printf "files/%s" .file)) .ctx | fromYaml | default dict -}} +{{- $doc = mergeOverwrite $doc (deepCopy (.merge | default dict)) -}} +{{- get (include "jsonpatch" (dict "doc" $doc "patch" (.patch | default list)) | fromJson ) "doc" | toYaml -}} +{{- end }} + + +{{- /* +nats.reloaderConfig +input: map with 2 keys: +- config: interface{} nats config +- dir: dir config file is in +output: YAML list of reloader config files +*/}} +{{- define "nats.reloaderConfig" -}} + {{- $dir := trimSuffix "/" .dir -}} + {{- with .config -}} + {{- if kindIs "map" . -}} + {{- range $k, $v := . -}} + {{- if or (eq $k "cert_file") (eq $k "key_file") (eq $k "ca_file") }} +- -config +- {{ $v }} + {{- else if hasSuffix "$include" $k }} +- -config +- {{ clean (printf "%s/%s" $dir $v) }} + {{- else }} + {{- include "nats.reloaderConfig" (dict "config" $v "dir" $dir) }} + {{- end -}} + {{- end -}} + {{- end -}} + {{- end -}} +{{- end -}} + + +{{- /* +nats.formatConfig +input: map[string]interface{} +output: string with following format rules +1. keys ending in $natsRaw are unquoted +2. keys ending in $natsInclude are converted to include directives +*/}} +{{- define "nats.formatConfig" -}} + {{- + (regexReplaceAll "\"<<\\s+(.*)\\s+>>\"" + (regexReplaceAll "\".*\\$include\": \"(.*)\",?" (include "toPrettyRawJson" .) "include ${1};") + "${1}") + -}} +{{- end -}} diff --git a/charts/testkube-enterprise/charts/nats/templates/_jsonpatch.tpl b/charts/testkube-enterprise/charts/nats/templates/_jsonpatch.tpl new file mode 100644 index 000000000..cd42c3bbc --- /dev/null +++ b/charts/testkube-enterprise/charts/nats/templates/_jsonpatch.tpl @@ -0,0 +1,219 @@ +{{- /* +jsonpatch +input: map with 2 keys: +- doc: interface{} valid JSON document +- patch: []interface{} valid JSON Patch document +output: JSON encoded map with 1 key: +- doc: interface{} patched json result +*/}} +{{- define "jsonpatch" -}} + {{- $params := fromJson (toJson .) -}} + {{- $patches := $params.patch -}} + {{- $docContainer := pick $params "doc" -}} + + {{- range $patch := $patches -}} + {{- if not (hasKey $patch "op") -}} + {{- fail "patch is missing op key" -}} + {{- end -}} + {{- if and (ne $patch.op "add") (ne $patch.op "remove") (ne $patch.op "replace") (ne $patch.op "copy") (ne $patch.op "move") (ne $patch.op "test") -}} + {{- fail (cat "patch has invalid op" $patch.op) -}} + {{- end -}} + {{- if not (hasKey $patch "path") -}} + {{- fail "patch is missing path key" -}} + {{- end -}} + {{- if and (or (eq $patch.op "add") (eq $patch.op "replace") (eq $patch.op "test")) (not (hasKey $patch "value")) -}} + {{- fail (cat "patch with op" $patch.op "is missing value key") -}} + {{- end -}} + {{- if and (or (eq $patch.op "copy") (eq $patch.op "move")) (not (hasKey $patch "from")) -}} + {{- fail (cat "patch with op" $patch.op "is missing from key") -}} + {{- end -}} + + {{- $opPathKeys := list "path" -}} + {{- if or (eq $patch.op "copy") (eq $patch.op "move") -}} + {{- $opPathKeys = append $opPathKeys "from" -}} + {{- end -}} + {{- $reSlice := list -}} + + {{- range $opPathKey := $opPathKeys -}} + {{- $obj := $docContainer -}} + {{- if and (eq $patch.op "copy") (eq $opPathKey "from") -}} + {{- $obj = (fromJson (toJson $docContainer)) -}} + {{- end -}} + {{- $key := "doc" -}} + {{- $lastMap := dict "root" $obj -}} + {{- $lastKey := "root" -}} + {{- $paths := (splitList "/" (get $patch $opPathKey)) -}} + {{- $firstPath := index $paths 0 -}} + {{- if ne (index $paths 0) "" -}} + {{- fail (cat "invalid" $opPathKey (get $patch $opPathKey) "must be empty string or start with /") -}} + {{- end -}} + {{- $paths = slice $paths 1 -}} + + {{- range $path := $paths -}} + {{- $path = replace "~1" "/" $path -}} + {{- $path = replace "~0" "~" $path -}} + + {{- if kindIs "slice" $obj -}} + {{- $mapObj := dict -}} + {{- range $i, $v := $obj -}} + {{- $_ := set $mapObj (toString $i) $v -}} + {{- end -}} + {{- $obj = $mapObj -}} + {{- $_ := set $lastMap $lastKey $obj -}} + {{- $reSlice = prepend $reSlice (dict "lastMap" $lastMap "lastKey" $lastKey "mapObj" $obj) -}} + {{- end -}} + + {{- if kindIs "map" $obj -}} + {{- if not (hasKey $obj $key) -}} + {{- fail (cat "key" $key "does not exist") -}} + {{- end -}} + {{- $lastKey = $key -}} + {{- $lastMap = $obj -}} + {{- $obj = index $obj $key -}} + {{- $key = $path -}} + {{- else -}} + {{- fail (cat "cannot iterate into path" $key "on type" (kindOf $obj)) -}} + {{- end -}} + {{- end -}} + + {{- $_ := set $patch (printf "%sKey" $opPathKey) $key -}} + {{- $_ := set $patch (printf "%sLastKey" $opPathKey) $lastKey -}} + {{- $_ = set $patch (printf "%sLastMap" $opPathKey) $lastMap -}} + {{- end -}} + + {{- if eq $patch.op "move" }} + {{- if and (ne $patch.path $patch.from) (hasPrefix (printf "%s/" $patch.path) (printf "%s/" $patch.from)) -}} + {{- fail (cat "from" $patch.from "may not be a child of path" $patch.path) -}} + {{- end -}} + {{- end -}} + + {{- if or (eq $patch.op "move") (eq $patch.op "copy") (eq $patch.op "test") }} + {{- $key := $patch.fromKey -}} + {{- $lastMap := $patch.fromLastMap -}} + {{- $lastKey := $patch.fromLastKey -}} + {{- $setKey := "value" -}} + {{- if eq $patch.op "test" }} + {{- $key = $patch.pathKey -}} + {{- $lastMap = $patch.pathLastMap -}} + {{- $lastKey = $patch.pathLastKey -}} + {{- $setKey = "testValue" -}} + {{- end -}} + {{- $obj := index $lastMap $lastKey -}} + + {{- if kindIs "map" $obj -}} + {{- if not (hasKey $obj $key) -}} + {{- fail (cat $key "does not exist") -}} + {{- end -}} + {{- $_ := set $patch $setKey (index $obj $key) -}} + + {{- else if kindIs "slice" $obj -}} + {{- $i := atoi $key -}} + {{- if ne $key (toString $i) -}} + {{- fail (cat "cannot convert" $key "to int") -}} + {{- end -}} + {{- if lt $i 0 -}} + {{- fail "slice index <0" -}} + {{- else if lt $i (len $obj) -}} + {{- $_ := set $patch $setKey (index $obj $i) -}} + {{- else -}} + {{- fail "slice index >= slice length" -}} + {{- end -}} + + {{- else -}} + {{- fail (cat "cannot" $patch.op $key "on type" (kindOf $obj)) -}} + {{- end -}} + {{- end -}} + + {{- if or (eq $patch.op "remove") (eq $patch.op "replace") (eq $patch.op "move") }} + {{- $key := $patch.pathKey -}} + {{- $lastMap := $patch.pathLastMap -}} + {{- $lastKey := $patch.pathLastKey -}} + {{- if eq $patch.op "move" }} + {{- $key = $patch.fromKey -}} + {{- $lastMap = $patch.fromLastMap -}} + {{- $lastKey = $patch.fromLastKey -}} + {{- end -}} + {{- $obj := index $lastMap $lastKey -}} + + {{- if kindIs "map" $obj -}} + {{- if not (hasKey $obj $key) -}} + {{- fail (cat $key "does not exist") -}} + {{- end -}} + {{- $_ := unset $obj $key -}} + + {{- else if kindIs "slice" $obj -}} + {{- $i := atoi $key -}} + {{- if ne $key (toString $i) -}} + {{- fail (cat "cannot convert" $key "to int") -}} + {{- end -}} + {{- if lt $i 0 -}} + {{- fail "slice index <0" -}} + {{- else if eq $i 0 -}} + {{- $_ := set $lastMap $lastKey (slice $obj 1) -}} + {{- else if lt $i (sub (len $obj) 1) -}} + {{- $_ := set $lastMap $lastKey (concat (slice $obj 0 $i) (slice $obj (add $i 1) (len $obj))) -}} + {{- else if eq $i (sub (len $obj) 1) -}} + {{- $_ := set $lastMap $lastKey (slice $obj 0 (sub (len $obj) 1)) -}} + {{- else -}} + {{- fail "slice index >= slice length" -}} + {{- end -}} + + {{- else -}} + {{- fail (cat "cannot" $patch.op $key "on type" (kindOf $obj)) -}} + {{- end -}} + {{- end -}} + + {{- if or (eq $patch.op "add") (eq $patch.op "replace") (eq $patch.op "move") (eq $patch.op "copy") }} + {{- $key := $patch.pathKey -}} + {{- $lastMap := $patch.pathLastMap -}} + {{- $lastKey := $patch.pathLastKey -}} + {{- $value := $patch.value -}} + {{- $obj := index $lastMap $lastKey -}} + + {{- if kindIs "map" $obj -}} + {{- $_ := set $obj $key $value -}} + + {{- else if kindIs "slice" $obj -}} + {{- $i := 0 -}} + {{- if eq $key "-" -}} + {{- $i = len $obj -}} + {{- else -}} + {{- $i = atoi $key -}} + {{- if ne $key (toString $i) -}} + {{- fail (cat "cannot convert" $key "to int") -}} + {{- end -}} + {{- end -}} + {{- if lt $i 0 -}} + {{- fail "slice index <0" -}} + {{- else if eq $i 0 -}} + {{- $_ := set $lastMap $lastKey (prepend $obj $value) -}} + {{- else if lt $i (len $obj) -}} + {{- $_ := set $lastMap $lastKey (concat (append (slice $obj 0 $i) $value) (slice $obj $i)) -}} + {{- else if eq $i (len $obj) -}} + {{- $_ := set $lastMap $lastKey (append $obj $value) -}} + {{- else -}} + {{- fail "slice index > slice length" -}} + {{- end -}} + + {{- else -}} + {{- fail (cat "cannot" $patch.op $key "on type" (kindOf $obj)) -}} + {{- end -}} + {{- end -}} + + {{- if eq $patch.op "test" }} + {{- if not (deepEqual $patch.value $patch.testValue) }} + {{- fail (cat "test failed, expected" (toJson $patch.value) "but got" (toJson $patch.testValue)) -}} + {{- end -}} + {{- end -}} + + {{- range $reSliceOp := $reSlice -}} + {{- $sliceObj := list -}} + {{- range $i := until (len $reSliceOp.mapObj) -}} + {{- $sliceObj = append $sliceObj (index $reSliceOp.mapObj (toString $i)) -}} + {{- end -}} + {{- $_ := set $reSliceOp.lastMap $reSliceOp.lastKey $sliceObj -}} + {{- end -}} + + {{- end -}} + {{- toJson $docContainer -}} +{{- end -}} diff --git a/charts/testkube-enterprise/charts/nats/templates/_toPrettyRawJson.tpl b/charts/testkube-enterprise/charts/nats/templates/_toPrettyRawJson.tpl new file mode 100644 index 000000000..612a62f9c --- /dev/null +++ b/charts/testkube-enterprise/charts/nats/templates/_toPrettyRawJson.tpl @@ -0,0 +1,28 @@ +{{- /* +toPrettyRawJson +input: interface{} valid JSON document +output: pretty raw JSON string +*/}} +{{- define "toPrettyRawJson" -}} + {{- include "toPrettyRawJsonStr" (toPrettyJson .) -}} +{{- end -}} + +{{- /* +toPrettyRawJsonStr +input: pretty JSON string +output: pretty raw JSON string +*/}} +{{- define "toPrettyRawJsonStr" -}} + {{- $s := + (regexReplaceAll "([^\\\\](?:\\\\\\\\)*)\\\\u003e" + (regexReplaceAll "([^\\\\](?:\\\\\\\\)*)\\\\u003c" + (regexReplaceAll "([^\\\\](?:\\\\\\\\)*)\\\\u0026" . "${1}&") + "${1}<") + "${1}>") + -}} + {{- if regexMatch "([^\\\\](?:\\\\\\\\)*)\\\\u00(26|3c|3e)" $s -}} + {{- include "toPrettyRawJsonStr" $s -}} + {{- else -}} + {{- $s -}} + {{- end -}} +{{- end -}} diff --git a/charts/testkube-enterprise/charts/nats/templates/_tplYaml.tpl b/charts/testkube-enterprise/charts/nats/templates/_tplYaml.tpl new file mode 100644 index 000000000..f42b9c168 --- /dev/null +++ b/charts/testkube-enterprise/charts/nats/templates/_tplYaml.tpl @@ -0,0 +1,114 @@ +{{- /* +tplYaml +input: map with 2 keys: +- doc: interface{} +- ctx: context to pass to tpl function +output: JSON encoded map with 1 key: +- doc: interface{} with any keys called tpl or tplSpread values templated and replaced + +maps matching the following syntax will be templated and parsed as YAML +{ + $tplYaml: string +} + +maps matching the follow syntax will be templated, parsed as YAML, and spread into the parent map/slice +{ + $tplYamlSpread: string +} +*/}} +{{- define "tplYaml" -}} + {{- $patch := get (include "tplYamlItr" (dict "ctx" .ctx "parentKind" "" "parentPath" "" "path" "/" "value" .doc) | fromJson) "patch" -}} + {{- include "jsonpatch" (dict "doc" .doc "patch" $patch) -}} +{{- end -}} + +{{- /* +tplYamlItr +input: map with 4 keys: +- path: string JSONPath to current element +- parentKind: string kind of parent element +- parentPath: string JSONPath to parent element +- value: interface{} +- ctx: context to pass to tpl function +output: JSON encoded map with 1 key: +- patch: list of patches to apply in order to template +*/}} +{{- define "tplYamlItr" -}} + {{- $params := . -}} + {{- $kind := kindOf $params.value -}} + {{- $patch := list -}} + {{- $joinPath := $params.path -}} + {{- if eq $params.path "/" -}} + {{- $joinPath = "" -}} + {{- end -}} + {{- $joinParentPath := $params.parentPath -}} + {{- if eq $params.parentPath "/" -}} + {{- $joinParentPath = "" -}} + {{- end -}} + + {{- if eq $kind "slice" -}} + {{- $iAdj := 0 -}} + {{- range $i, $v := $params.value -}} + {{- $iPath := printf "%s/%d" $joinPath (add $i $iAdj) -}} + {{- $itrPatch := get (include "tplYamlItr" (dict "ctx" $params.ctx "parentKind" $kind "parentPath" $params.path "path" $iPath "value" $v) | fromJson) "patch" -}} + {{- $itrLen := len $itrPatch -}} + {{- if gt $itrLen 0 -}} + {{- $patch = concat $patch $itrPatch -}} + {{- if eq (get (index $itrPatch 0) "op") "remove" -}} + {{- $iAdj = add $iAdj (sub $itrLen 2) -}} + {{- end -}} + {{- end -}} + {{- end -}} + + {{- else if eq $kind "map" -}} + {{- if and (eq (len $params.value) 1) (or (hasKey $params.value "$tplYaml") (hasKey $params.value "$tplYamlSpread")) -}} + {{- $tpl := get $params.value "$tplYaml" -}} + {{- $spread := false -}} + {{- if hasKey $params.value "$tplYamlSpread" -}} + {{- if eq $params.path "/" -}} + {{- fail "cannot $tplYamlSpread on root object" -}} + {{- end -}} + {{- $tpl = get $params.value "$tplYamlSpread" -}} + {{- $spread = true -}} + {{- end -}} + + {{- $res := tpl $tpl $params.ctx -}} + {{- $res = get (fromYaml (tpl "tpl: {{ nindent 2 .res }}" (merge (dict "res" $res) $params.ctx))) "tpl" -}} + + {{- if eq $spread false -}} + {{- $patch = append $patch (dict "op" "replace" "path" $params.path "value" $res) -}} + {{- else -}} + {{- $resKind := kindOf $res -}} + {{- if and (ne $resKind "invalid") (ne $resKind $params.parentKind) -}} + {{- fail (cat "can only $tplYamlSpread slice onto a slice or map onto a map; attempted to spread" $resKind "on" $params.parentKind "at path" $params.path) -}} + {{- end -}} + {{- $patch = append $patch (dict "op" "remove" "path" $params.path) -}} + {{- if eq $resKind "invalid" -}} + {{- /* no-op */ -}} + {{- else if eq $resKind "slice" -}} + {{- range $v := reverse $res -}} + {{- $patch = append $patch (dict "op" "add" "path" $params.path "value" $v) -}} + {{- end -}} + {{- else -}} + {{- range $k, $v := $res -}} + {{- $kPath := replace "~" "~0" $k -}} + {{- $kPath = replace "/" "~1" $kPath -}} + {{- $kPath = printf "%s/%s" $joinParentPath $kPath -}} + {{- $patch = append $patch (dict "op" "add" "path" $kPath "value" $v) -}} + {{- end -}} + {{- end -}} + {{- end -}} + {{- else -}} + {{- range $k, $v := $params.value -}} + {{- $kPath := replace "~" "~0" $k -}} + {{- $kPath = replace "/" "~1" $kPath -}} + {{- $kPath = printf "%s/%s" $joinPath $kPath -}} + {{- $itrPatch := get (include "tplYamlItr" (dict "ctx" $params.ctx "parentKind" $kind "parentPath" $params.path "path" $kPath "value" $v) | fromJson) "patch" -}} + {{- if gt (len $itrPatch) 0 -}} + {{- $patch = concat $patch $itrPatch -}} + {{- end -}} + {{- end -}} + {{- end -}} + {{- end -}} + + {{- toJson (dict "patch" $patch) -}} +{{- end -}} diff --git a/charts/testkube-enterprise/charts/nats/templates/config-map.yaml b/charts/testkube-enterprise/charts/nats/templates/config-map.yaml new file mode 100644 index 000000000..b95afda20 --- /dev/null +++ b/charts/testkube-enterprise/charts/nats/templates/config-map.yaml @@ -0,0 +1,4 @@ +{{- include "nats.defaultValues" . }} +{{- with .Values.configMap }} +{{- include "nats.loadMergePatch" (merge (dict "file" "config-map.yaml" "ctx" $) .) }} +{{- end }} diff --git a/charts/testkube-enterprise/charts/nats/templates/extra-resources.yaml b/charts/testkube-enterprise/charts/nats/templates/extra-resources.yaml new file mode 100644 index 000000000..c11f0085e --- /dev/null +++ b/charts/testkube-enterprise/charts/nats/templates/extra-resources.yaml @@ -0,0 +1,5 @@ +{{- include "nats.defaultValues" . }} +{{- range .Values.extraResources }} +--- +{{ . | toYaml }} +{{- end }} diff --git a/charts/testkube-enterprise/charts/nats/templates/headless-service.yaml b/charts/testkube-enterprise/charts/nats/templates/headless-service.yaml new file mode 100644 index 000000000..f11a83d13 --- /dev/null +++ b/charts/testkube-enterprise/charts/nats/templates/headless-service.yaml @@ -0,0 +1,4 @@ +{{- include "nats.defaultValues" . }} +{{- with .Values.headlessService }} +{{- include "nats.loadMergePatch" (merge (dict "file" "headless-service.yaml" "ctx" $) .) }} +{{- end }} diff --git a/charts/testkube-enterprise/charts/nats/templates/ingress.yaml b/charts/testkube-enterprise/charts/nats/templates/ingress.yaml new file mode 100644 index 000000000..eccd73ffd --- /dev/null +++ b/charts/testkube-enterprise/charts/nats/templates/ingress.yaml @@ -0,0 +1,6 @@ +{{- include "nats.defaultValues" . }} +{{- with .Values.config.websocket.ingress }} +{{- if and .enabled .hosts $.Values.config.websocket.enabled $.Values.service.enabled $.Values.service.ports.websocket.enabled }} +{{- include "nats.loadMergePatch" (merge (dict "file" "ingress.yaml" "ctx" $) .) }} +{{- end }} +{{- end }} diff --git a/charts/testkube-enterprise/charts/nats/templates/nats-box/contents-secret.yaml b/charts/testkube-enterprise/charts/nats/templates/nats-box/contents-secret.yaml new file mode 100644 index 000000000..db629bf7b --- /dev/null +++ b/charts/testkube-enterprise/charts/nats/templates/nats-box/contents-secret.yaml @@ -0,0 +1,10 @@ +{{- include "nats.defaultValues" . }} +{{- if .hasContentsSecret }} +{{- with .Values.natsBox }} +{{- if .enabled }} +{{- with .contentsSecret}} +{{- include "nats.loadMergePatch" (merge (dict "file" "nats-box/contents-secret.yaml" "ctx" $) .) }} +{{- end }} +{{- end }} +{{- end }} +{{- end }} diff --git a/charts/testkube-enterprise/charts/nats/templates/nats-box/contexts-secret.yaml b/charts/testkube-enterprise/charts/nats/templates/nats-box/contexts-secret.yaml new file mode 100644 index 000000000..5ae20f45a --- /dev/null +++ b/charts/testkube-enterprise/charts/nats/templates/nats-box/contexts-secret.yaml @@ -0,0 +1,8 @@ +{{- include "nats.defaultValues" . }} +{{- with .Values.natsBox }} +{{- if .enabled }} +{{- with .contextsSecret}} +{{- include "nats.loadMergePatch" (merge (dict "file" "nats-box/contexts-secret/contexts-secret.yaml" "ctx" $) .) }} +{{- end }} +{{- end }} +{{- end }} diff --git a/charts/testkube-enterprise/charts/nats/templates/nats-box/deployment.yaml b/charts/testkube-enterprise/charts/nats/templates/nats-box/deployment.yaml new file mode 100644 index 000000000..a063332a2 --- /dev/null +++ b/charts/testkube-enterprise/charts/nats/templates/nats-box/deployment.yaml @@ -0,0 +1,8 @@ +{{- include "nats.defaultValues" . }} +{{- with .Values.natsBox }} +{{- if .enabled }} +{{- with .deployment }} +{{- include "nats.loadMergePatch" (merge (dict "file" "nats-box/deployment/deployment.yaml" "ctx" $) .) }} +{{- end }} +{{- end }} +{{- end }} diff --git a/charts/testkube-enterprise/charts/nats/templates/nats-box/service-account.yaml b/charts/testkube-enterprise/charts/nats/templates/nats-box/service-account.yaml new file mode 100644 index 000000000..e11bdd363 --- /dev/null +++ b/charts/testkube-enterprise/charts/nats/templates/nats-box/service-account.yaml @@ -0,0 +1,8 @@ +{{- include "nats.defaultValues" . }} +{{- if .Values.natsBox.enabled }} +{{- with .Values.natsBox.serviceAccount }} +{{- if .enabled }} +{{- include "nats.loadMergePatch" (merge (dict "file" "nats-box/service-account.yaml" "ctx" $) .) }} +{{- end }} +{{- end }} +{{- end }} diff --git a/charts/testkube-enterprise/charts/nats/templates/pod-disruption-budget.yaml b/charts/testkube-enterprise/charts/nats/templates/pod-disruption-budget.yaml new file mode 100644 index 000000000..911722629 --- /dev/null +++ b/charts/testkube-enterprise/charts/nats/templates/pod-disruption-budget.yaml @@ -0,0 +1,6 @@ +{{- include "nats.defaultValues" . }} +{{- with .Values.podDisruptionBudget }} +{{- if .enabled }} +{{- include "nats.loadMergePatch" (merge (dict "file" "pod-disruption-budget.yaml" "ctx" $) .) }} +{{- end }} +{{- end }} diff --git a/charts/testkube-enterprise/charts/nats/templates/pod-monitor.yaml b/charts/testkube-enterprise/charts/nats/templates/pod-monitor.yaml new file mode 100644 index 000000000..0e42a43a5 --- /dev/null +++ b/charts/testkube-enterprise/charts/nats/templates/pod-monitor.yaml @@ -0,0 +1,8 @@ +{{- include "nats.defaultValues" . }} +{{- with .Values.promExporter }} +{{- if and .enabled .podMonitor.enabled }} +{{- with .podMonitor }} +{{- include "nats.loadMergePatch" (merge (dict "file" "pod-monitor.yaml" "ctx" $) .) }} +{{- end }} +{{- end }} +{{- end }} diff --git a/charts/testkube-enterprise/charts/nats/templates/service-account.yaml b/charts/testkube-enterprise/charts/nats/templates/service-account.yaml new file mode 100644 index 000000000..6c763bd3e --- /dev/null +++ b/charts/testkube-enterprise/charts/nats/templates/service-account.yaml @@ -0,0 +1,6 @@ +{{- include "nats.defaultValues" . }} +{{- with .Values.serviceAccount }} +{{- if .enabled }} +{{- include "nats.loadMergePatch" (merge (dict "file" "service-account.yaml" "ctx" $) .) }} +{{- end }} +{{- end }} diff --git a/charts/testkube-enterprise/charts/nats/templates/service.yaml b/charts/testkube-enterprise/charts/nats/templates/service.yaml new file mode 100644 index 000000000..04b0b37e7 --- /dev/null +++ b/charts/testkube-enterprise/charts/nats/templates/service.yaml @@ -0,0 +1,6 @@ +{{- include "nats.defaultValues" . }} +{{- with .Values.service }} +{{- if .enabled }} +{{- include "nats.loadMergePatch" (merge (dict "file" "service.yaml" "ctx" $) .) }} +{{- end }} +{{- end }} diff --git a/charts/testkube-enterprise/charts/nats/templates/stateful-set.yaml b/charts/testkube-enterprise/charts/nats/templates/stateful-set.yaml new file mode 100644 index 000000000..bb198323e --- /dev/null +++ b/charts/testkube-enterprise/charts/nats/templates/stateful-set.yaml @@ -0,0 +1,4 @@ +{{- include "nats.defaultValues" . }} +{{- with .Values.statefulSet }} +{{- include "nats.loadMergePatch" (merge (dict "file" "stateful-set/stateful-set.yaml" "ctx" $) .) }} +{{- end }} diff --git a/charts/testkube-enterprise/charts/nats/templates/tests/request-reply.yaml b/charts/testkube-enterprise/charts/nats/templates/tests/request-reply.yaml new file mode 100644 index 000000000..3e06edc08 --- /dev/null +++ b/charts/testkube-enterprise/charts/nats/templates/tests/request-reply.yaml @@ -0,0 +1,37 @@ +{{- include "nats.defaultValues" . }} +{{- with .Values.natsBox | deepCopy }} +{{- $natsBox := . }} +{{- if .enabled -}} +apiVersion: v1 +kind: Pod +{{- with .container }} +{{- $_ := set . "merge" (dict + "args" (list + "sh" + "-ec" + "nats reply --echo echo & pid=\"$!\"; sleep 1; nats request echo hi > /tmp/resp; kill \"$pid\"; wait; grep -qF hi /tmp/resp" + ) +) }} +{{- $_ := set . "patch" list }} +{{- end }} +{{- with .podTemplate }} +{{- $_ := set . "merge" (dict + "metadata" (dict + "name" (printf "%s-test-request-reply" $.Values.statefulSet.name) + "labels" (dict + "app.kubernetes.io/component" "test-request-reply" + ) + "annotations" (dict + "helm.sh/hook" "test" + "helm.sh/hook-delete-policy" "before-hook-creation,hook-succeeded" + ) + ) + "spec" (dict + "restartPolicy" "Never" + ) +) }} +{{- $_ := set . "patch" list }} +{{ include "nats.loadMergePatch" (merge (dict "file" "nats-box/deployment/pod-template.yaml" "ctx" (merge (dict "Values" (dict "natsBox" $natsBox)) $)) .) }} +{{- end }} +{{- end }} +{{- end }} diff --git a/charts/testkube-enterprise/charts/nats/test/chart_test.go b/charts/testkube-enterprise/charts/nats/test/chart_test.go new file mode 100644 index 000000000..bccc78847 --- /dev/null +++ b/charts/testkube-enterprise/charts/nats/test/chart_test.go @@ -0,0 +1,254 @@ +package test + +import ( + "os" + "path/filepath" + "strings" + "testing" + + "github.com/ghodss/yaml" + "github.com/gruntwork-io/terratest/modules/helm" + "github.com/gruntwork-io/terratest/modules/k8s" + "github.com/nats-io/nats-server/v2/conf" + monitoringv1 "github.com/prometheus-operator/prometheus-operator/pkg/apis/monitoring/v1" + "github.com/stretchr/testify/assert" + "github.com/stretchr/testify/require" + appsv1 "k8s.io/api/apps/v1" + corev1 "k8s.io/api/core/v1" + networkingv1 "k8s.io/api/networking/v1" + policyv1 "k8s.io/api/policy/v1" +) + +type Resources struct { + Conf Resource[map[string]any] + ConfigMap Resource[corev1.ConfigMap] + HeadlessService Resource[corev1.Service] + Ingress Resource[networkingv1.Ingress] + NatsBoxContentsSecret Resource[corev1.Secret] + NatsBoxContextsSecret Resource[corev1.Secret] + NatsBoxDeployment Resource[appsv1.Deployment] + NatsBoxServiceAccount Resource[corev1.ServiceAccount] + PodDisruptionBudget Resource[policyv1.PodDisruptionBudget] + PodMonitor Resource[monitoringv1.PodMonitor] + Service Resource[corev1.Service] + ServiceAccount Resource[corev1.ServiceAccount] + StatefulSet Resource[appsv1.StatefulSet] + ExtraConfigMap Resource[corev1.ConfigMap] + ExtraService Resource[corev1.Service] +} + +func (r *Resources) Iter() []MutableResource { + return []MutableResource{ + r.Conf.Mutable(), + r.ConfigMap.Mutable(), + r.HeadlessService.Mutable(), + r.Ingress.Mutable(), + r.NatsBoxContentsSecret.Mutable(), + r.NatsBoxContextsSecret.Mutable(), + r.NatsBoxDeployment.Mutable(), + r.NatsBoxServiceAccount.Mutable(), + r.Service.Mutable(), + r.ServiceAccount.Mutable(), + r.StatefulSet.Mutable(), + r.PodMonitor.Mutable(), + r.ExtraConfigMap.Mutable(), + r.ExtraService.Mutable(), + } +} + +type Resource[T any] struct { + ID string + HasValue bool + Value T +} + +func (r *Resource[T]) Mutable() MutableResource { + return MutableResource{ + ID: r.ID, + HasValueP: &r.HasValue, + ValueP: &r.Value, + } +} + +type MutableResource struct { + ID string + HasValueP *bool + ValueP any +} + +type K8sResource struct { + Kind string `yaml:"kind"` + Metadata K8sMetadata `yaml:"metadata"` +} + +type K8sMetadata struct { + Name string `yaml:"name"` +} + +func GenerateResources(fullName string) *Resources { + return &Resources{ + Conf: Resource[map[string]any]{ + ID: "nats.conf", + }, + ConfigMap: Resource[corev1.ConfigMap]{ + ID: "ConfigMap/" + fullName + "-config", + }, + HeadlessService: Resource[corev1.Service]{ + ID: "Service/" + fullName + "-headless", + }, + Ingress: Resource[networkingv1.Ingress]{ + ID: "Ingress/" + fullName + "-ws", + }, + NatsBoxContentsSecret: Resource[corev1.Secret]{ + ID: "Secret/" + fullName + "-box-contents", + }, + NatsBoxContextsSecret: Resource[corev1.Secret]{ + ID: "Secret/" + fullName + "-box-contexts", + }, + NatsBoxDeployment: Resource[appsv1.Deployment]{ + ID: "Deployment/" + fullName + "-box", + }, + NatsBoxServiceAccount: Resource[corev1.ServiceAccount]{ + ID: "ServiceAccount/" + fullName + "-box", + }, + PodDisruptionBudget: Resource[policyv1.PodDisruptionBudget]{ + ID: "PodDisruptionBudget/" + fullName, + }, + PodMonitor: Resource[monitoringv1.PodMonitor]{ + ID: "PodMonitor/" + fullName, + }, + Service: Resource[corev1.Service]{ + ID: "Service/" + fullName, + }, + ServiceAccount: Resource[corev1.ServiceAccount]{ + ID: "ServiceAccount/" + fullName, + }, + StatefulSet: Resource[appsv1.StatefulSet]{ + ID: "StatefulSet/" + fullName, + }, + ExtraConfigMap: Resource[corev1.ConfigMap]{ + ID: "ConfigMap/" + fullName + "-extra", + }, + ExtraService: Resource[corev1.Service]{ + ID: "Service/" + fullName + "-extra", + }, + } +} + +type Test struct { + ChartName string + ReleaseName string + Namespace string + FullName string + Values string +} + +func DefaultTest() *Test { + return &Test{ + ChartName: "nats", + ReleaseName: "nats", + Namespace: "nats", + FullName: "nats", + Values: "{}", + } +} + +func HelmRender(t *testing.T, test *Test) *Resources { + t.Helper() + + helmChartPath, err := filepath.Abs("..") + require.NoError(t, err) + + tmpFile, err := os.CreateTemp("", "values.*.yaml") + require.NoError(t, err) + defer os.Remove(tmpFile.Name()) + + if _, err := tmpFile.Write([]byte(test.Values)); err != nil { + tmpFile.Close() + require.NoError(t, err) + } + err = tmpFile.Close() + require.NoError(t, err) + + options := &helm.Options{ + ValuesFiles: []string{tmpFile.Name()}, + KubectlOptions: k8s.NewKubectlOptions("", "", test.Namespace), + } + output := helm.RenderTemplate(t, options, helmChartPath, test.ReleaseName, nil) + outputs := strings.Split(output, "---") + + resources := GenerateResources("nats") + for _, o := range outputs { + meta := K8sResource{} + err := yaml.Unmarshal([]byte(o), &meta) + require.NoError(t, err) + + id := meta.Kind + "/" + meta.Metadata.Name + for _, r := range resources.Iter() { + if id == r.ID { + helm.UnmarshalK8SYaml(t, o, r.ValueP) + *r.HasValueP = true + break + } + } + } + + require.True(t, resources.ConfigMap.HasValue) + _, ok := resources.ConfigMap.Value.Data["nats.conf"] + require.True(t, ok) + + confDir, err := os.MkdirTemp("", "") + require.NoError(t, err) + defer os.RemoveAll(confDir) + + for k, v := range resources.ConfigMap.Value.Data { + err := os.WriteFile(filepath.Join(confDir, k), []byte(v), 0o644) + require.NoError(t, err) + } + + _ = os.Setenv("POD_NAME", "nats-0") + _ = os.Setenv("SERVER_NAME", "nats-0") + resources.Conf.Value, err = conf.ParseFile(filepath.Join(confDir, "nats.conf")) + require.NoError(t, err) + resources.Conf.HasValue = true + + return resources +} + +func RenderAndCheck(t *testing.T, test *Test, expected *Resources) { + t.Helper() + actual := HelmRender(t, test) + a := assert.New(t) + + if actual.ConfigMap.Value.Data != nil { + natsConf, ok := actual.ConfigMap.Value.Data["nats.conf"] + if ok { + if expected.ConfigMap.Value.Data == nil { + expected.ConfigMap.Value.Data = map[string]string{} + } + expected.ConfigMap.Value.Data["nats.conf"] = natsConf + } + } + + if actual.StatefulSet.Value.Spec.Template.Annotations != nil { + configMapHash, ok := actual.StatefulSet.Value.Spec.Template.Annotations["checksum/config"] + if ok { + if expected.StatefulSet.Value.Spec.Template.Annotations == nil { + expected.StatefulSet.Value.Spec.Template.Annotations = map[string]string{} + } + expected.StatefulSet.Value.Spec.Template.Annotations["checksum/config"] = configMapHash + } + } + + expectedResources := expected.Iter() + actualResources := actual.Iter() + require.Len(t, actualResources, len(expectedResources)) + + for i := range expectedResources { + expectedResource := expectedResources[i] + actualResource := actualResources[i] + if a.Equal(expectedResource.HasValueP, actualResource.HasValueP) && *actualResource.HasValueP { + a.Equal(expectedResource.ValueP, actualResource.ValueP) + } + } +} diff --git a/charts/testkube-enterprise/charts/nats/test/config_test.go b/charts/testkube-enterprise/charts/nats/test/config_test.go new file mode 100644 index 000000000..cac92419d --- /dev/null +++ b/charts/testkube-enterprise/charts/nats/test/config_test.go @@ -0,0 +1,676 @@ +package test + +import ( + "testing" + + corev1 "k8s.io/api/core/v1" + "k8s.io/apimachinery/pkg/api/resource" + v1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "k8s.io/apimachinery/pkg/util/intstr" +) + +func TestConfigDisable(t *testing.T) { + t.Parallel() + test := DefaultTest() + test.Values = ` +config: + monitor: + enabled: false +` + expected := DefaultResources(t, test) + delete(expected.Conf.Value, "http_port") + + expected.StatefulSet.Value.Spec.Template.Spec.Containers[0].LivenessProbe = nil + expected.StatefulSet.Value.Spec.Template.Spec.Containers[0].ReadinessProbe = nil + expected.StatefulSet.Value.Spec.Template.Spec.Containers[0].StartupProbe = nil + + cp := expected.StatefulSet.Value.Spec.Template.Spec.Containers[0].Ports + expected.StatefulSet.Value.Spec.Template.Spec.Containers[0].Ports = []corev1.ContainerPort{cp[0]} + + hsp := expected.HeadlessService.Value.Spec.Ports + expected.HeadlessService.Value.Spec.Ports = []corev1.ServicePort{hsp[0]} + + RenderAndCheck(t, test, expected) +} + +func TestConfigJetStreamCluster(t *testing.T) { + t.Parallel() + test := DefaultTest() + test.Values = ` +config: + cluster: + enabled: true + jetstream: + enabled: true +` + expected := DefaultResources(t, test) + + expected.Conf.Value["cluster"] = map[string]any{ + "name": "nats", + "no_advertise": true, + "port": int64(6222), + "routes": []any{ + "nats://nats-0.nats-headless:6222", + "nats://nats-1.nats-headless:6222", + "nats://nats-2.nats-headless:6222", + }, + } + expected.Conf.Value["jetstream"] = map[string]any{ + "max_file_store": int64(10737418240), + "max_memory_store": int64(0), + "store_dir": "/data", + } + + replicas3 := int32(3) + expected.StatefulSet.Value.Spec.Replicas = &replicas3 + + vm := expected.StatefulSet.Value.Spec.Template.Spec.Containers[0].VolumeMounts + expected.StatefulSet.Value.Spec.Template.Spec.Containers[0].VolumeMounts = append(vm, corev1.VolumeMount{ + MountPath: "/data", + Name: test.FullName + "-js", + }) + + resource10Gi, _ := resource.ParseQuantity("10Gi") + expected.StatefulSet.Value.Spec.VolumeClaimTemplates = []corev1.PersistentVolumeClaim{ + { + ObjectMeta: v1.ObjectMeta{ + Name: test.FullName + "-js", + }, + Spec: corev1.PersistentVolumeClaimSpec{ + AccessModes: []corev1.PersistentVolumeAccessMode{ + "ReadWriteOnce", + }, + Resources: corev1.VolumeResourceRequirements{ + Requests: corev1.ResourceList{ + "storage": resource10Gi, + }, + }, + }, + }, + } + + expected.StatefulSet.Value.Spec.Template.Spec.Containers[0].Ports = []corev1.ContainerPort{ + { + Name: "nats", + ContainerPort: 4222, + }, + { + Name: "cluster", + ContainerPort: 6222, + }, + { + Name: "monitor", + ContainerPort: 8222, + }, + } + + expected.HeadlessService.Value.Spec.Ports = []corev1.ServicePort{ + { + Name: "nats", + Port: 4222, + TargetPort: intstr.FromString("nats"), + AppProtocol: &appProtocolTCP, + }, + { + Name: "cluster", + Port: 6222, + TargetPort: intstr.FromString("cluster"), + AppProtocol: &appProtocolTCP, + }, + { + Name: "monitor", + Port: 8222, + TargetPort: intstr.FromString("monitor"), + AppProtocol: &appProtocolHTTP, + }, + } + + RenderAndCheck(t, test, expected) +} + +func TestConfigOptions(t *testing.T) { + t.Parallel() + test := DefaultTest() + test.Values = ` +config: + jetstream: + enabled: true + fileStore: + dir: /mnt + pvc: + size: 5Gi + storageClassName: gp3 + maxSize: 1Gi + memoryStore: + enabled: true + maxSize: 2Gi + cluster: + enabled: true + replicas: 2 + routeURLs: + user: foo + password: bar + useFQDN: true + k8sClusterDomain: foo.bar.local + resolver: + enabled: true + dir: /mnt/resolver + pvc: + size: 5Gi + storageClassName: gp3 + serverNamePrefix: test_ +` + expected := DefaultResources(t, test) + + expected.Conf.Value["cluster"] = map[string]any{ + "authorization": map[string]any{ + "user": "foo", + "password": "bar", + }, + "name": "nats", + "no_advertise": true, + "port": int64(6222), + "routes": []any{ + "nats://foo:bar@nats-0.nats-headless.nats.svc.foo.bar.local:6222", + "nats://foo:bar@nats-1.nats-headless.nats.svc.foo.bar.local:6222", + }, + } + expected.Conf.Value["jetstream"] = map[string]any{ + "max_file_store": int64(1073741824), + "max_memory_store": int64(2147483648), + "store_dir": "/mnt", + } + expected.Conf.Value["resolver"] = map[string]any{ + "dir": "/mnt/resolver", + } + + replicas2 := int32(2) + expected.StatefulSet.Value.Spec.Replicas = &replicas2 + + resource5Gi, _ := resource.ParseQuantity("5Gi") + storageClassGp3 := "gp3" + expected.StatefulSet.Value.Spec.VolumeClaimTemplates = []corev1.PersistentVolumeClaim{ + { + ObjectMeta: v1.ObjectMeta{ + Name: test.FullName + "-js", + }, + Spec: corev1.PersistentVolumeClaimSpec{ + AccessModes: []corev1.PersistentVolumeAccessMode{ + "ReadWriteOnce", + }, + Resources: corev1.VolumeResourceRequirements{ + Requests: corev1.ResourceList{ + "storage": resource5Gi, + }, + }, + StorageClassName: &storageClassGp3, + }, + }, + { + ObjectMeta: v1.ObjectMeta{ + Name: test.FullName + "-resolver", + }, + Spec: corev1.PersistentVolumeClaimSpec{ + AccessModes: []corev1.PersistentVolumeAccessMode{ + "ReadWriteOnce", + }, + Resources: corev1.VolumeResourceRequirements{ + Requests: corev1.ResourceList{ + "storage": resource5Gi, + }, + }, + StorageClassName: &storageClassGp3, + }, + }, + } + + ctr := &expected.StatefulSet.Value.Spec.Template.Spec.Containers[0] + ctr.Env[1].Value = "test_$(POD_NAME)" + + ctr.VolumeMounts = append(ctr.VolumeMounts, corev1.VolumeMount{ + MountPath: "/mnt", + Name: test.FullName + "-js", + }, corev1.VolumeMount{ + MountPath: "/mnt/resolver", + Name: test.FullName + "-resolver", + }) + + ctr.Ports = []corev1.ContainerPort{ + { + Name: "nats", + ContainerPort: 4222, + }, + { + Name: "cluster", + ContainerPort: 6222, + }, + { + Name: "monitor", + ContainerPort: 8222, + }, + } + + expected.HeadlessService.Value.Spec.Ports = []corev1.ServicePort{ + { + Name: "nats", + Port: 4222, + TargetPort: intstr.FromString("nats"), + AppProtocol: &appProtocolTCP, + }, + { + Name: "cluster", + Port: 6222, + TargetPort: intstr.FromString("cluster"), + AppProtocol: &appProtocolTCP, + }, + { + Name: "monitor", + Port: 8222, + TargetPort: intstr.FromString("monitor"), + AppProtocol: &appProtocolHTTP, + }, + } + + RenderAndCheck(t, test, expected) +} + +func TestConfigMergePatch(t *testing.T) { + t.Parallel() + test := DefaultTest() + test.Values = ` +config: + merge: + ping_interval: 5m + patch: [{op: add, path: /ping_max, value: 3}] + cluster: + enabled: true + merge: + no_advertise: false + patch: [{op: add, path: /advertise, value: "demo.nats.io:6222"}] + jetstream: + enabled: true + merge: + max_outstanding_catchup: "<< 64MB >>" + patch: [{op: add, path: /max_file_store, value: "<< 1GB >>"}] + fileStore: + pvc: + merge: + spec: + storageClassName: gp3 + patch: [{op: add, path: /spec/accessModes/-, value: ReadWriteMany}] + leafnodes: + enabled: true + merge: + no_advertise: false + patch: [{op: add, path: /advertise, value: "demo.nats.io:7422"}] + websocket: + enabled: true + merge: + compression: true + patch: [{op: add, path: /same_origin, value: true}] + mqtt: + enabled: true + merge: + ack_wait: 1m + patch: [{op: add, path: /max_ack_pending, value: 100}] + gateway: + enabled: true + merge: + gateways: + - name: nats + url: nats://demo.nats.io:7222 + patch: [{op: add, path: /advertise, value: "demo.nats.io:7222"}] + resolver: + enabled: true + merge: + type: full + patch: [{op: add, path: /allow_delete, value: true}] + pvc: + merge: + spec: + storageClassName: gp3 + patch: [{op: add, path: /spec/accessModes/-, value: ReadWriteMany}] +` + expected := DefaultResources(t, test) + expected.Conf.Value["ping_interval"] = "5m" + expected.Conf.Value["ping_max"] = int64(3) + expected.Conf.Value["cluster"] = map[string]any{ + "name": "nats", + "no_advertise": false, + "advertise": "demo.nats.io:6222", + "port": int64(6222), + "routes": []any{ + "nats://nats-0.nats-headless:6222", + "nats://nats-1.nats-headless:6222", + "nats://nats-2.nats-headless:6222", + }, + } + expected.Conf.Value["jetstream"] = map[string]any{ + "max_memory_store": int64(0), + "store_dir": "/data", + "max_file_store": int64(1073741824), + "max_outstanding_catchup": int64(67108864), + } + expected.Conf.Value["leafnodes"] = map[string]any{ + "port": int64(7422), + "no_advertise": false, + "advertise": "demo.nats.io:7422", + } + expected.Conf.Value["websocket"] = map[string]any{ + "port": int64(8080), + "compression": true, + "no_tls": true, + "same_origin": true, + } + expected.Conf.Value["mqtt"] = map[string]any{ + "port": int64(1883), + "ack_wait": "1m", + "max_ack_pending": int64(100), + } + expected.Conf.Value["gateway"] = map[string]any{ + "port": int64(7222), + "name": "nats", + "advertise": "demo.nats.io:7222", + "gateways": []any{ + map[string]any{ + "name": "nats", + "url": "nats://demo.nats.io:7222", + }, + }, + } + expected.Conf.Value["resolver"] = map[string]any{ + "dir": "/data/resolver", + "type": "full", + "allow_delete": true, + } + + replicas3 := int32(3) + expected.StatefulSet.Value.Spec.Replicas = &replicas3 + + vm := expected.StatefulSet.Value.Spec.Template.Spec.Containers[0].VolumeMounts + expected.StatefulSet.Value.Spec.Template.Spec.Containers[0].VolumeMounts = append(vm, corev1.VolumeMount{ + MountPath: "/data", + Name: test.FullName + "-js", + }, corev1.VolumeMount{ + MountPath: "/data/resolver", + Name: test.FullName + "-resolver", + }) + + resource1Gi, _ := resource.ParseQuantity("1Gi") + resource10Gi, _ := resource.ParseQuantity("10Gi") + storageClassGp3 := "gp3" + expected.StatefulSet.Value.Spec.VolumeClaimTemplates = []corev1.PersistentVolumeClaim{ + { + ObjectMeta: v1.ObjectMeta{ + Name: test.FullName + "-js", + }, + Spec: corev1.PersistentVolumeClaimSpec{ + AccessModes: []corev1.PersistentVolumeAccessMode{ + "ReadWriteOnce", + "ReadWriteMany", + }, + Resources: corev1.VolumeResourceRequirements{ + Requests: corev1.ResourceList{ + "storage": resource10Gi, + }, + }, + StorageClassName: &storageClassGp3, + }, + }, + { + ObjectMeta: v1.ObjectMeta{ + Name: test.FullName + "-resolver", + }, + Spec: corev1.PersistentVolumeClaimSpec{ + AccessModes: []corev1.PersistentVolumeAccessMode{ + "ReadWriteOnce", + "ReadWriteMany", + }, + Resources: corev1.VolumeResourceRequirements{ + Requests: corev1.ResourceList{ + "storage": resource1Gi, + }, + }, + StorageClassName: &storageClassGp3, + }, + }, + } + + expected.StatefulSet.Value.Spec.Template.Spec.Containers[0].Ports = []corev1.ContainerPort{ + { + Name: "nats", + ContainerPort: 4222, + }, + { + Name: "leafnodes", + ContainerPort: 7422, + }, + { + Name: "websocket", + ContainerPort: 8080, + }, + { + Name: "mqtt", + ContainerPort: 1883, + }, + { + Name: "cluster", + ContainerPort: 6222, + }, + { + Name: "gateway", + ContainerPort: 7222, + }, + { + Name: "monitor", + ContainerPort: 8222, + }, + } + + expected.HeadlessService.Value.Spec.Ports = []corev1.ServicePort{ + { + Name: "nats", + Port: 4222, + TargetPort: intstr.FromString("nats"), + AppProtocol: &appProtocolTCP, + }, + { + Name: "leafnodes", + Port: 7422, + TargetPort: intstr.FromString("leafnodes"), + AppProtocol: &appProtocolTCP, + }, + { + Name: "websocket", + Port: 8080, + TargetPort: intstr.FromString("websocket"), + AppProtocol: &appProtocolHTTP, + }, + { + Name: "mqtt", + Port: 1883, + TargetPort: intstr.FromString("mqtt"), + AppProtocol: &appProtocolTCP, + }, + { + Name: "cluster", + Port: 6222, + TargetPort: intstr.FromString("cluster"), + AppProtocol: &appProtocolTCP, + }, + { + Name: "gateway", + Port: 7222, + TargetPort: intstr.FromString("gateway"), + AppProtocol: &appProtocolTCP, + }, + { + Name: "monitor", + Port: 8222, + TargetPort: intstr.FromString("monitor"), + AppProtocol: &appProtocolHTTP, + }, + } + + expected.Service.Value.Spec.Ports = []corev1.ServicePort{ + { + Name: "nats", + Port: 4222, + TargetPort: intstr.FromString("nats"), + AppProtocol: &appProtocolTCP, + }, + { + Name: "leafnodes", + Port: 7422, + TargetPort: intstr.FromString("leafnodes"), + AppProtocol: &appProtocolTCP, + }, + { + Name: "websocket", + Port: 8080, + TargetPort: intstr.FromString("websocket"), + AppProtocol: &appProtocolHTTP, + }, + { + Name: "mqtt", + Port: 1883, + TargetPort: intstr.FromString("mqtt"), + AppProtocol: &appProtocolTCP, + }, + } + + RenderAndCheck(t, test, expected) +} + +func TestConfigInclude(t *testing.T) { + t.Parallel() + test := DefaultTest() + test.Values = ` +config: + jetstream: + enabled: true + merge: + zzz$include: "js.conf" + merge: + $include: "my-config.conf" + zzz$include: "my-config-last.conf" +configMap: + merge: + data: + js.conf: | + max_file_store: 1GB + max_outstanding_catchup: 64MB + my-config.conf: | + ping_interval: "5m" + my-config-last.conf: | + ping_max: 3 +` + expected := DefaultResources(t, test) + expected.Conf.Value["ping_interval"] = "5m" + expected.Conf.Value["ping_max"] = int64(3) + expected.Conf.Value["jetstream"] = map[string]any{ + "max_file_store": int64(1073741824), + "max_memory_store": int64(0), + "max_outstanding_catchup": int64(67108864), + "store_dir": "/data", + } + + expected.ConfigMap.Value.Data = map[string]string{ + "js.conf": `max_file_store: 1GB +max_outstanding_catchup: 64MB +`, + "my-config.conf": `ping_interval: "5m" +`, + "my-config-last.conf": `ping_max: 3 +`, + } + + reloaderArgs := expected.StatefulSet.Value.Spec.Template.Spec.Containers[1].Args + reloaderArgs = append(reloaderArgs, "-config", "/etc/nats-config/my-config.conf") + reloaderArgs = append(reloaderArgs, "-config", "/etc/nats-config/js.conf") + reloaderArgs = append(reloaderArgs, "-config", "/etc/nats-config/my-config-last.conf") + expected.StatefulSet.Value.Spec.Template.Spec.Containers[1].Args = reloaderArgs + + vm := expected.StatefulSet.Value.Spec.Template.Spec.Containers[0].VolumeMounts + expected.StatefulSet.Value.Spec.Template.Spec.Containers[0].VolumeMounts = append(vm, corev1.VolumeMount{ + MountPath: "/data", + Name: test.FullName + "-js", + }) + + resource10Gi, _ := resource.ParseQuantity("10Gi") + expected.StatefulSet.Value.Spec.VolumeClaimTemplates = []corev1.PersistentVolumeClaim{ + { + ObjectMeta: v1.ObjectMeta{ + Name: test.FullName + "-js", + }, + Spec: corev1.PersistentVolumeClaimSpec{ + AccessModes: []corev1.PersistentVolumeAccessMode{ + "ReadWriteOnce", + }, + Resources: corev1.VolumeResourceRequirements{ + Requests: corev1.ResourceList{ + "storage": resource10Gi, + }, + }, + }, + }, + } + + RenderAndCheck(t, test, expected) +} + +func TestExtraResources(t *testing.T) { + t.Parallel() + test := DefaultTest() + test.Values = ` +extraResources: +- apiVersion: v1 + kind: Service + metadata: + name: + $tplYaml: > + {{ include "nats.fullname" $ }}-extra + labels: + $tplYaml: | + {{ include "nats.labels" $ }} + spec: + selector: + labels: + $tplYamlSpread: | + {{ include "nats.selectorLabels" $ | nindent 4 }} + ports: + - $tplYamlSpread: | + - name: gateway + port: 7222 + targetPort: gateway + appProtocol: tcp +- $tplYaml: | + apiVersion: v1 + kind: ConfigMap + metadata: + name: {{ include "nats.fullname" $ }}-extra + labels: + {{- include "nats.labels" $ | nindent 4 }} + data: + foo: bar +` + + expected := DefaultResources(t, test) + + expected.ExtraConfigMap.HasValue = true + expected.ExtraConfigMap.Value.Data = map[string]string{ + "foo": "bar", + } + + expected.ExtraService.HasValue = true + expected.ExtraService.Value.Spec.Ports = []corev1.ServicePort{ + { + Name: "gateway", + Port: 7222, + TargetPort: intstr.FromString("gateway"), + AppProtocol: &appProtocolTCP, + }, + } + + RenderAndCheck(t, test, expected) +} diff --git a/charts/testkube-enterprise/charts/nats/test/defaults_test.go b/charts/testkube-enterprise/charts/nats/test/defaults_test.go new file mode 100644 index 000000000..8aaf46872 --- /dev/null +++ b/charts/testkube-enterprise/charts/nats/test/defaults_test.go @@ -0,0 +1,632 @@ +package test + +import ( + "sync" + "testing" + + monitoringv1 "github.com/prometheus-operator/prometheus-operator/pkg/apis/monitoring/v1" + policyv1 "k8s.io/api/policy/v1" + + "github.com/stretchr/testify/require" + appsv1 "k8s.io/api/apps/v1" + corev1 "k8s.io/api/core/v1" + networkingv1 "k8s.io/api/networking/v1" + v1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "k8s.io/apimachinery/pkg/util/intstr" +) + +type DynamicDefaults struct { + VersionLabel string + HelmChartLabel string + NatsImage string + PromExporterImage string + ReloaderImage string + NatsBoxImage string +} + +type DynamicDefaultsGetter struct { + mu sync.Mutex + set bool + dd DynamicDefaults +} + +var ( + ddg DynamicDefaultsGetter + appProtocolTCP = "tcp" + appProtocolTLS = "tls" + appProtocolHTTP = "http" + appProtocolHTTPS = "https" +) + +func (d *DynamicDefaultsGetter) Get(t *testing.T) DynamicDefaults { + t.Helper() + + d.mu.Lock() + defer d.mu.Unlock() + if d.set { + return d.dd + } + + test := DefaultTest() + test.Values = ` +promExporter: + enabled: true +` + r := HelmRender(t, test) + + require.True(t, r.StatefulSet.HasValue) + + var ok bool + d.dd.VersionLabel, ok = r.StatefulSet.Value.Labels["app.kubernetes.io/version"] + require.True(t, ok) + d.dd.HelmChartLabel, ok = r.StatefulSet.Value.Labels["helm.sh/chart"] + require.True(t, ok) + + containers := r.StatefulSet.Value.Spec.Template.Spec.Containers + require.Len(t, containers, 3) + d.dd.NatsImage = containers[0].Image + d.dd.ReloaderImage = containers[1].Image + d.dd.PromExporterImage = containers[2].Image + + require.True(t, r.NatsBoxDeployment.HasValue) + containers = r.NatsBoxDeployment.Value.Spec.Template.Spec.Containers + require.Len(t, containers, 1) + d.dd.NatsBoxImage = containers[0].Image + + return d.dd +} + +func DefaultResources(t *testing.T, test *Test) *Resources { + fullName := test.FullName + chartName := test.ChartName + releaseName := test.ReleaseName + + dd := ddg.Get(t) + dr := GenerateResources(fullName) + + natsLabels := func() map[string]string { + return map[string]string{ + "app.kubernetes.io/component": "nats", + "app.kubernetes.io/instance": releaseName, + "app.kubernetes.io/managed-by": "Helm", + "app.kubernetes.io/name": chartName, + "app.kubernetes.io/version": dd.VersionLabel, + "helm.sh/chart": dd.HelmChartLabel, + } + } + natsSelectorLabels := func() map[string]string { + return map[string]string{ + "app.kubernetes.io/component": "nats", + "app.kubernetes.io/instance": releaseName, + "app.kubernetes.io/name": chartName, + } + } + natsBoxLabels := func() map[string]string { + return map[string]string{ + "app.kubernetes.io/component": "nats-box", + "app.kubernetes.io/instance": releaseName, + "app.kubernetes.io/managed-by": "Helm", + "app.kubernetes.io/name": chartName, + "app.kubernetes.io/version": dd.VersionLabel, + "helm.sh/chart": dd.HelmChartLabel, + } + } + natsBoxSelectorLabels := func() map[string]string { + return map[string]string{ + "app.kubernetes.io/component": "nats-box", + "app.kubernetes.io/instance": releaseName, + "app.kubernetes.io/name": chartName, + } + } + + replicas1 := int32(1) + trueBool := true + falseBool := false + exactPath := networkingv1.PathTypeExact + + return &Resources{ + Conf: Resource[map[string]any]{ + ID: dr.Conf.ID, + HasValue: true, + Value: map[string]any{ + "http_port": int64(8222), + "lame_duck_duration": "30s", + "lame_duck_grace_period": "10s", + "pid_file": "/var/run/nats/nats.pid", + "port": int64(4222), + "server_name": "nats-0", + }, + }, + ConfigMap: Resource[corev1.ConfigMap]{ + ID: dr.ConfigMap.ID, + HasValue: true, + Value: corev1.ConfigMap{ + TypeMeta: v1.TypeMeta{ + Kind: "ConfigMap", + APIVersion: "v1", + }, + ObjectMeta: v1.ObjectMeta{ + Name: fullName + "-config", + Labels: natsLabels(), + }, + }, + }, + HeadlessService: Resource[corev1.Service]{ + ID: dr.HeadlessService.ID, + HasValue: true, + Value: corev1.Service{ + TypeMeta: v1.TypeMeta{ + Kind: "Service", + APIVersion: "v1", + }, + ObjectMeta: v1.ObjectMeta{ + Name: fullName + "-headless", + Labels: natsLabels(), + }, + Spec: corev1.ServiceSpec{ + Ports: []corev1.ServicePort{ + { + Name: "nats", + Port: 4222, + TargetPort: intstr.FromString("nats"), + AppProtocol: &appProtocolTCP, + }, + { + Name: "monitor", + Port: 8222, + TargetPort: intstr.FromString("monitor"), + AppProtocol: &appProtocolHTTP, + }, + }, + Selector: natsSelectorLabels(), + ClusterIP: "None", + PublishNotReadyAddresses: true, + }, + }, + }, + Ingress: Resource[networkingv1.Ingress]{ + ID: dr.Ingress.ID, + HasValue: false, + Value: networkingv1.Ingress{ + TypeMeta: v1.TypeMeta{ + Kind: "Ingress", + APIVersion: "networking.k8s.io/v1", + }, + ObjectMeta: v1.ObjectMeta{ + Name: fullName + "-ws", + Labels: natsLabels(), + }, + Spec: networkingv1.IngressSpec{ + Rules: []networkingv1.IngressRule{ + { + Host: "demo.nats.io", + IngressRuleValue: networkingv1.IngressRuleValue{ + HTTP: &networkingv1.HTTPIngressRuleValue{ + Paths: []networkingv1.HTTPIngressPath{ + { + Path: "/", + PathType: &exactPath, + Backend: networkingv1.IngressBackend{ + Service: &networkingv1.IngressServiceBackend{ + Name: fullName, + Port: networkingv1.ServiceBackendPort{ + Name: "websocket", + }, + }, + }, + }, + }, + }, + }, + }, + }, + }, + }, + }, + NatsBoxContentsSecret: Resource[corev1.Secret]{ + ID: dr.NatsBoxContentsSecret.ID, + HasValue: false, + Value: corev1.Secret{ + TypeMeta: v1.TypeMeta{ + Kind: "Secret", + APIVersion: "v1", + }, + ObjectMeta: v1.ObjectMeta{ + Name: fullName + "-box-contents", + Labels: natsBoxLabels(), + }, + Type: "Opaque", + }, + }, + NatsBoxContextsSecret: Resource[corev1.Secret]{ + ID: dr.NatsBoxContextsSecret.ID, + HasValue: true, + Value: corev1.Secret{ + TypeMeta: v1.TypeMeta{ + Kind: "Secret", + APIVersion: "v1", + }, + ObjectMeta: v1.ObjectMeta{ + Name: fullName + "-box-contexts", + Labels: natsBoxLabels(), + }, + Type: "Opaque", + StringData: map[string]string{ + "default.json": `{ + "url": "nats://` + fullName + `" +} +`, + }, + }, + }, + NatsBoxDeployment: Resource[appsv1.Deployment]{ + ID: dr.NatsBoxDeployment.ID, + HasValue: true, + Value: appsv1.Deployment{ + TypeMeta: v1.TypeMeta{ + Kind: "Deployment", + APIVersion: "apps/v1", + }, + ObjectMeta: v1.ObjectMeta{ + Name: fullName + "-box", + Labels: natsBoxLabels(), + }, + Spec: appsv1.DeploymentSpec{ + Replicas: &replicas1, + Selector: &v1.LabelSelector{ + MatchLabels: natsBoxSelectorLabels(), + }, + Template: corev1.PodTemplateSpec{ + ObjectMeta: v1.ObjectMeta{ + Labels: natsBoxLabels(), + }, + Spec: corev1.PodSpec{ + Containers: []corev1.Container{ + { + Args: []string{ + "sh", + "-ec", + "trap true INT TERM; sleep infinity & wait", + }, + Command: []string{ + "sh", + "-ec", + `work_dir="$(pwd)" +mkdir -p "$XDG_CONFIG_HOME/nats" +cd "$XDG_CONFIG_HOME/nats" +if ! [ -s context ]; then + ln -s /etc/nats-contexts context +fi +if ! [ -f context.txt ]; then + echo -n "default" > context.txt +fi +cd "$work_dir" +exec /entrypoint.sh "$@" +`, + "--", + }, + Image: dd.NatsBoxImage, + Name: "nats-box", + VolumeMounts: []corev1.VolumeMount{ + { + MountPath: "/etc/nats-contexts", + Name: "contexts", + }, + }, + }, + }, + EnableServiceLinks: &falseBool, + Volumes: []corev1.Volume{ + { + Name: "contexts", + VolumeSource: corev1.VolumeSource{ + Secret: &corev1.SecretVolumeSource{ + SecretName: "nats-box-contexts", + }, + }, + }, + }, + }, + }, + }, + }, + }, + NatsBoxServiceAccount: Resource[corev1.ServiceAccount]{ + ID: dr.NatsBoxServiceAccount.ID, + HasValue: false, + Value: corev1.ServiceAccount{ + TypeMeta: v1.TypeMeta{ + Kind: "ServiceAccount", + APIVersion: "v1", + }, + ObjectMeta: v1.ObjectMeta{ + Name: fullName + "-box", + Labels: natsBoxLabels(), + }, + }, + }, + PodDisruptionBudget: Resource[policyv1.PodDisruptionBudget]{ + ID: dr.PodDisruptionBudget.ID, + HasValue: true, + Value: policyv1.PodDisruptionBudget{ + TypeMeta: v1.TypeMeta{ + Kind: "PodDisruptionBudget", + APIVersion: "policy/v1", + }, + ObjectMeta: v1.ObjectMeta{ + Name: fullName, + Labels: natsLabels(), + }, + Spec: policyv1.PodDisruptionBudgetSpec{ + MaxUnavailable: &intstr.IntOrString{IntVal: 1}, + Selector: &v1.LabelSelector{ + MatchLabels: natsSelectorLabels(), + }, + }, + }, + }, + PodMonitor: Resource[monitoringv1.PodMonitor]{ + ID: dr.PodMonitor.ID, + HasValue: false, + Value: monitoringv1.PodMonitor{ + TypeMeta: v1.TypeMeta{ + Kind: "PodMonitor", + APIVersion: "monitoring.coreos.com/v1", + }, + ObjectMeta: v1.ObjectMeta{ + Name: fullName, + Labels: natsLabels(), + }, + Spec: monitoringv1.PodMonitorSpec{ + PodMetricsEndpoints: []monitoringv1.PodMetricsEndpoint{ + { + Port: "prom-metrics", + }, + }, + Selector: v1.LabelSelector{ + MatchLabels: natsSelectorLabels(), + }, + }, + }, + }, + Service: Resource[corev1.Service]{ + ID: dr.Service.ID, + HasValue: true, + Value: corev1.Service{ + TypeMeta: v1.TypeMeta{ + Kind: "Service", + APIVersion: "v1", + }, + ObjectMeta: v1.ObjectMeta{ + Name: fullName, + Labels: natsLabels(), + }, + Spec: corev1.ServiceSpec{ + Ports: []corev1.ServicePort{ + { + Name: "nats", + Port: 4222, + TargetPort: intstr.FromString("nats"), + AppProtocol: &appProtocolTCP, + }, + }, + Selector: natsSelectorLabels(), + }, + }, + }, + ServiceAccount: Resource[corev1.ServiceAccount]{ + ID: dr.ServiceAccount.ID, + HasValue: false, + Value: corev1.ServiceAccount{ + TypeMeta: v1.TypeMeta{ + Kind: "ServiceAccount", + APIVersion: "v1", + }, + ObjectMeta: v1.ObjectMeta{ + Name: fullName, + Labels: natsLabels(), + }, + }, + }, + StatefulSet: Resource[appsv1.StatefulSet]{ + ID: dr.StatefulSet.ID, + HasValue: true, + Value: appsv1.StatefulSet{ + TypeMeta: v1.TypeMeta{ + Kind: "StatefulSet", + APIVersion: "apps/v1", + }, + ObjectMeta: v1.ObjectMeta{ + Name: fullName, + Labels: natsLabels(), + }, + Spec: appsv1.StatefulSetSpec{ + Replicas: &replicas1, + Selector: &v1.LabelSelector{ + MatchLabels: natsSelectorLabels(), + }, + Template: corev1.PodTemplateSpec{ + ObjectMeta: v1.ObjectMeta{ + Labels: natsLabels(), + }, + Spec: corev1.PodSpec{ + Containers: []corev1.Container{ + { + Args: []string{ + "--config", + "/etc/nats-config/nats.conf", + }, + Env: []corev1.EnvVar{ + { + Name: "POD_NAME", + ValueFrom: &corev1.EnvVarSource{ + FieldRef: &corev1.ObjectFieldSelector{ + FieldPath: "metadata.name", + }, + }, + }, + { + Name: "SERVER_NAME", + Value: "$(POD_NAME)", + }, + }, + Image: dd.NatsImage, + Lifecycle: &corev1.Lifecycle{ + PreStop: &corev1.LifecycleHandler{ + Exec: &corev1.ExecAction{ + Command: []string{ + "nats-server", + "-sl=ldm=/var/run/nats/nats.pid", + }, + }, + }, + }, + LivenessProbe: &corev1.Probe{ + ProbeHandler: corev1.ProbeHandler{ + HTTPGet: &corev1.HTTPGetAction{ + Path: "/healthz?js-enabled-only=true", + Port: intstr.FromString("monitor"), + }, + }, + InitialDelaySeconds: 10, + TimeoutSeconds: 5, + PeriodSeconds: 30, + SuccessThreshold: 1, + FailureThreshold: 3, + }, + Name: "nats", + Ports: []corev1.ContainerPort{ + { + Name: "nats", + ContainerPort: 4222, + }, + { + Name: "monitor", + ContainerPort: 8222, + }, + }, + ReadinessProbe: &corev1.Probe{ + ProbeHandler: corev1.ProbeHandler{ + HTTPGet: &corev1.HTTPGetAction{ + Path: "/healthz?js-server-only=true", + Port: intstr.FromString("monitor"), + }, + }, + InitialDelaySeconds: 10, + TimeoutSeconds: 5, + PeriodSeconds: 10, + SuccessThreshold: 1, + FailureThreshold: 3, + }, + StartupProbe: &corev1.Probe{ + ProbeHandler: corev1.ProbeHandler{ + HTTPGet: &corev1.HTTPGetAction{ + Path: "/healthz", + Port: intstr.FromString("monitor"), + }, + }, + InitialDelaySeconds: 10, + TimeoutSeconds: 5, + PeriodSeconds: 10, + SuccessThreshold: 1, + FailureThreshold: 90, + }, + VolumeMounts: []corev1.VolumeMount{ + { + MountPath: "/etc/nats-config", + Name: "config", + }, + { + MountPath: "/var/run/nats", + Name: "pid", + }, + }, + }, + { + Args: []string{ + "-pid", + "/var/run/nats/nats.pid", + "-config", + "/etc/nats-config/nats.conf", + }, + Image: dd.ReloaderImage, + Name: "reloader", + VolumeMounts: []corev1.VolumeMount{ + { + MountPath: "/var/run/nats", + Name: "pid", + }, + { + MountPath: "/etc/nats-config", + Name: "config", + }, + }, + }, + }, + EnableServiceLinks: &falseBool, + ShareProcessNamespace: &trueBool, + Volumes: []corev1.Volume{ + { + Name: "config", + VolumeSource: corev1.VolumeSource{ + ConfigMap: &corev1.ConfigMapVolumeSource{ + LocalObjectReference: corev1.LocalObjectReference{ + Name: "nats-config", + }, + }, + }, + }, + { + Name: "pid", + VolumeSource: corev1.VolumeSource{ + EmptyDir: &corev1.EmptyDirVolumeSource{}, + }, + }, + }, + }, + }, + ServiceName: fullName + "-headless", + PodManagementPolicy: "Parallel", + }, + }, + }, + ExtraConfigMap: Resource[corev1.ConfigMap]{ + ID: dr.ExtraConfigMap.ID, + HasValue: false, + Value: corev1.ConfigMap{ + TypeMeta: v1.TypeMeta{ + Kind: "ConfigMap", + APIVersion: "v1", + }, + ObjectMeta: v1.ObjectMeta{ + Name: fullName + "-extra", + Labels: natsLabels(), + }, + }, + }, + ExtraService: Resource[corev1.Service]{ + ID: dr.ExtraService.ID, + HasValue: false, + Value: corev1.Service{ + TypeMeta: v1.TypeMeta{ + Kind: "Service", + APIVersion: "v1", + }, + ObjectMeta: v1.ObjectMeta{ + Name: fullName + "-extra", + Labels: natsLabels(), + }, + Spec: corev1.ServiceSpec{ + Selector: natsSelectorLabels(), + }, + }, + }, + } +} + +func TestDefaultValues(t *testing.T) { + t.Parallel() + test := DefaultTest() + expected := DefaultResources(t, test) + RenderAndCheck(t, test, expected) +} diff --git a/charts/testkube-enterprise/charts/nats/test/go.mod b/charts/testkube-enterprise/charts/nats/test/go.mod new file mode 100644 index 000000000..68ee7ceac --- /dev/null +++ b/charts/testkube-enterprise/charts/nats/test/go.mod @@ -0,0 +1,92 @@ +module github.com/nats-io/k8s/helm/charts/nats-next + +go 1.21 + +require ( + github.com/ghodss/yaml v1.0.0 + github.com/gruntwork-io/terratest v0.46.13 + github.com/nats-io/nats-server/v2 v2.10.12 + github.com/prometheus-operator/prometheus-operator/pkg/apis/monitoring v0.72.0 + github.com/stretchr/testify v1.9.0 + k8s.io/api v0.29.3 + k8s.io/apimachinery v0.29.3 +) + +require ( + filippo.io/edwards25519 v1.1.0 // indirect + github.com/BurntSushi/toml v1.3.2 // indirect + github.com/aws/aws-sdk-go v1.51.13 // indirect + github.com/boombuler/barcode v1.0.1 // indirect + github.com/cpuguy83/go-md2man/v2 v2.0.4 // indirect + github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc // indirect + github.com/emicklei/go-restful/v3 v3.12.0 // indirect + github.com/go-errors/errors v1.5.1 // indirect + github.com/go-logr/logr v1.4.1 // indirect + github.com/go-openapi/jsonpointer v0.21.0 // indirect + github.com/go-openapi/jsonreference v0.21.0 // indirect + github.com/go-openapi/swag v0.23.0 // indirect + github.com/go-sql-driver/mysql v1.8.1 // indirect + github.com/gogo/protobuf v1.3.2 // indirect + github.com/golang/protobuf v1.5.4 // indirect + github.com/gonvenience/bunt v1.3.5 // indirect + github.com/gonvenience/neat v1.3.13 // indirect + github.com/gonvenience/term v1.0.2 // indirect + github.com/gonvenience/text v1.0.7 // indirect + github.com/gonvenience/wrap v1.2.0 // indirect + github.com/gonvenience/ytbx v1.4.4 // indirect + github.com/google/gnostic-models v0.6.8 // indirect + github.com/google/gofuzz v1.2.0 // indirect + github.com/google/uuid v1.6.0 // indirect + github.com/gruntwork-io/go-commons v0.17.1 // indirect + github.com/hashicorp/errwrap v1.1.0 // indirect + github.com/hashicorp/go-multierror v1.1.1 // indirect + github.com/homeport/dyff v1.7.1 // indirect + github.com/imdario/mergo v0.3.16 // indirect + github.com/jmespath/go-jmespath v0.4.0 // indirect + github.com/josharian/intern v1.0.0 // indirect + github.com/json-iterator/go v1.1.12 // indirect + github.com/lucasb-eyer/go-colorful v1.2.0 // indirect + github.com/mailru/easyjson v0.7.7 // indirect + github.com/mattn/go-ciede2000 v0.0.0-20170301095244-782e8c62fec3 // indirect + github.com/mattn/go-isatty v0.0.20 // indirect + github.com/mattn/go-zglob v0.0.4 // indirect + github.com/mitchellh/go-homedir v1.1.0 // indirect + github.com/mitchellh/go-ps v1.0.0 // indirect + github.com/mitchellh/hashstructure v1.1.0 // indirect + github.com/moby/spdystream v0.2.0 // indirect + github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd // indirect + github.com/modern-go/reflect2 v1.0.2 // indirect + github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 // indirect + github.com/mxk/go-flowrate v0.0.0-20140419014527-cca7078d478f // indirect + github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 // indirect + github.com/pquerna/otp v1.4.0 // indirect + github.com/russross/blackfriday/v2 v2.1.0 // indirect + github.com/sergi/go-diff v1.3.2-0.20230802210424-5b0b94c5c0d3 // indirect + github.com/spf13/pflag v1.0.5 // indirect + github.com/texttheater/golang-levenshtein v1.0.1 // indirect + github.com/urfave/cli v1.22.14 // indirect + github.com/urfave/cli/v2 v2.27.1 // indirect + github.com/virtuald/go-ordered-json v0.0.0-20170621173500-b18e6e673d74 // indirect + github.com/xrash/smetrics v0.0.0-20240312152122-5f08fbb34913 // indirect + golang.org/x/crypto v0.21.0 // indirect + golang.org/x/exp v0.0.0-20240325151524-a685a6edb6d8 // indirect + golang.org/x/net v0.22.0 // indirect + golang.org/x/oauth2 v0.18.0 // indirect + golang.org/x/sync v0.6.0 // indirect + golang.org/x/sys v0.18.0 // indirect + golang.org/x/term v0.18.0 // indirect + golang.org/x/text v0.14.0 // indirect + golang.org/x/time v0.5.0 // indirect + google.golang.org/appengine v1.6.8 // indirect + google.golang.org/protobuf v1.33.0 // indirect + gopkg.in/inf.v0 v0.9.1 // indirect + gopkg.in/yaml.v2 v2.4.0 // indirect + gopkg.in/yaml.v3 v3.0.1 // indirect + k8s.io/client-go v0.29.3 // indirect + k8s.io/klog/v2 v2.120.1 // indirect + k8s.io/kube-openapi v0.0.0-20240322212309-b815d8309940 // indirect + k8s.io/utils v0.0.0-20240310230437-4693a0247e57 // indirect + sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd // indirect + sigs.k8s.io/structured-merge-diff/v4 v4.4.1 // indirect + sigs.k8s.io/yaml v1.4.0 // indirect +) diff --git a/charts/testkube-enterprise/charts/nats/test/go.sum b/charts/testkube-enterprise/charts/nats/test/go.sum new file mode 100644 index 000000000..3f34d048f --- /dev/null +++ b/charts/testkube-enterprise/charts/nats/test/go.sum @@ -0,0 +1,247 @@ +filippo.io/edwards25519 v1.1.0 h1:FNf4tywRC1HmFuKW5xopWpigGjJKiJSV0Cqo0cJWDaA= +filippo.io/edwards25519 v1.1.0/go.mod h1:BxyFTGdWcka3PhytdK4V28tE5sGfRvvvRV7EaN4VDT4= +github.com/BurntSushi/toml v1.3.2 h1:o7IhLm0Msx3BaB+n3Ag7L8EVlByGnpq14C4YWiu/gL8= +github.com/BurntSushi/toml v1.3.2/go.mod h1:CxXYINrC8qIiEnFrOxCa7Jy5BFHlXnUU2pbicEuybxQ= +github.com/aws/aws-sdk-go v1.51.13 h1:j6lgtz9E/XFRiYYnGNrAfWvyyTsuYvWvo2RCt0zqAIs= +github.com/aws/aws-sdk-go v1.51.13/go.mod h1:LF8svs817+Nz+DmiMQKTO3ubZ/6IaTpq3TjupRn3Eqk= +github.com/bgentry/speakeasy v0.1.0/go.mod h1:+zsyZBPWlz7T6j88CTgSN5bM796AkVf0kBD4zp0CCIs= +github.com/boombuler/barcode v1.0.1-0.20190219062509-6c824513bacc/go.mod h1:paBWMcWSl3LHKBqUq+rly7CNSldXjb2rDl3JlRe0mD8= +github.com/boombuler/barcode v1.0.1 h1:NDBbPmhS+EqABEs5Kg3n/5ZNjy73Pz7SIV+KCeqyXcs= +github.com/boombuler/barcode v1.0.1/go.mod h1:paBWMcWSl3LHKBqUq+rly7CNSldXjb2rDl3JlRe0mD8= +github.com/cpuguy83/go-md2man/v2 v2.0.2/go.mod h1:tgQtvFlXSQOSOSIRvRPT7W67SCa46tRHOmNcaadrF8o= +github.com/cpuguy83/go-md2man/v2 v2.0.4 h1:wfIWP927BUkWJb2NmU/kNDYIBTh/ziUX91+lVfRxZq4= +github.com/cpuguy83/go-md2man/v2 v2.0.4/go.mod h1:tgQtvFlXSQOSOSIRvRPT7W67SCa46tRHOmNcaadrF8o= +github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= +github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= +github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc h1:U9qPSI2PIWSS1VwoXQT9A3Wy9MM3WgvqSxFWenqJduM= +github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= +github.com/emicklei/go-restful/v3 v3.12.0 h1:y2DdzBAURM29NFF94q6RaY4vjIH1rtwDapwQtU84iWk= +github.com/emicklei/go-restful/v3 v3.12.0/go.mod h1:6n3XBCmQQb25CM2LCACGz8ukIrRry+4bhvbpWn3mrbc= +github.com/ghodss/yaml v1.0.0 h1:wQHKEahhL6wmXdzwWG11gIVCkOv05bNOh+Rxn0yngAk= +github.com/ghodss/yaml v1.0.0/go.mod h1:4dBDuWmgqj2HViK6kFavaiC9ZROes6MMH2rRYeMEF04= +github.com/go-errors/errors v1.5.1 h1:ZwEMSLRCapFLflTpT7NKaAc7ukJ8ZPEjzlxt8rPN8bk= +github.com/go-errors/errors v1.5.1/go.mod h1:sIVyrIiJhuEF+Pj9Ebtd6P/rEYROXFi3BopGUQ5a5Og= +github.com/go-logr/logr v1.4.1 h1:pKouT5E8xu9zeFC39JXRDukb6JFQPXM5p5I91188VAQ= +github.com/go-logr/logr v1.4.1/go.mod h1:9T104GzyrTigFIr8wt5mBrctHMim0Nb2HLGrmQ40KvY= +github.com/go-openapi/jsonpointer v0.21.0 h1:YgdVicSA9vH5RiHs9TZW5oyafXZFc6+2Vc1rr/O9oNQ= +github.com/go-openapi/jsonpointer v0.21.0/go.mod h1:IUyH9l/+uyhIYQ/PXVA41Rexl+kOkAPDdXEYns6fzUY= +github.com/go-openapi/jsonreference v0.21.0 h1:Rs+Y7hSXT83Jacb7kFyjn4ijOuVGSvOdF2+tg1TRrwQ= +github.com/go-openapi/jsonreference v0.21.0/go.mod h1:LmZmgsrTkVg9LG4EaHeY8cBDslNPMo06cago5JNLkm4= +github.com/go-openapi/swag v0.23.0 h1:vsEVJDUo2hPJ2tu0/Xc+4noaxyEffXNIs3cOULZ+GrE= +github.com/go-openapi/swag v0.23.0/go.mod h1:esZ8ITTYEsH1V2trKHjAN8Ai7xHb8RV+YSZ577vPjgQ= +github.com/go-sql-driver/mysql v1.8.1 h1:LedoTUt/eveggdHS9qUFC1EFSa8bU2+1pZjSRpvNJ1Y= +github.com/go-sql-driver/mysql v1.8.1/go.mod h1:wEBSXgmK//2ZFJyE+qWnIsVGmvmEKlqwuVSjsCm7DZg= +github.com/gogo/protobuf v1.3.2 h1:Ov1cvc58UF3b5XjBnZv7+opcTcQFZebYjWzi34vdm4Q= +github.com/gogo/protobuf v1.3.2/go.mod h1:P1XiOD3dCwIKUDQYPy72D8LYyHL2YPYrpS2s69NZV8Q= +github.com/golang/protobuf v1.5.0/go.mod h1:FsONVRAS9T7sI+LIUmWTfcYkHO4aIWwzhcaSAoJOfIk= +github.com/golang/protobuf v1.5.2/go.mod h1:XVQd3VNwM+JqD3oG2Ue2ip4fOMUkwXdXDdiuN0vRsmY= +github.com/golang/protobuf v1.5.4 h1:i7eJL8qZTpSEXOPTxNKhASYpMn+8e5Q6AdndVa1dWek= +github.com/golang/protobuf v1.5.4/go.mod h1:lnTiLA8Wa4RWRcIUkrtSVa5nRhsEGBg48fD6rSs7xps= +github.com/gonvenience/bunt v1.3.5 h1:wSQquifvwEWtzn27k1ngLfeLaStyt0k1b/K6TrlCNAs= +github.com/gonvenience/bunt v1.3.5/go.mod h1:7ApqkVBEWvX04oJ28Q2WeI/BvJM6VtukaJAU/q/pTs8= +github.com/gonvenience/neat v1.3.13 h1:wRp1k0GX5EOpelNH3GyLaFy4SvnJ6k1U5SenmEWkXko= +github.com/gonvenience/neat v1.3.13/go.mod h1:aE3+z4XlTJ+RzlZxdFiAIIJc1ikYLALAWtX9LqjQ87Q= +github.com/gonvenience/term v1.0.2 h1:qKa2RydbWIrabGjR/fegJwpW5m+JvUwFL8mLhHzDXn0= +github.com/gonvenience/term v1.0.2/go.mod h1:wThTR+3MzWtWn7XGVW6qQ65uaVf8GHED98KmwpuEQeo= +github.com/gonvenience/text v1.0.7 h1:YmIqmgTwxnACYCG59DykgMbomwteYyNhAmEUEJtPl14= +github.com/gonvenience/text v1.0.7/go.mod h1:OAjH+mohRszffLY6OjgQcUXiSkbrIavooFpfIt1ZwAs= +github.com/gonvenience/wrap v1.2.0 h1:CwAoa60QIBVmQn/aUregAbk9FstEr17k9vCYpKF972c= +github.com/gonvenience/wrap v1.2.0/go.mod h1:iNijaTmFD8+ORmNp9iS+dSBcCJrmIwwyoYLUngToGdk= +github.com/gonvenience/ytbx v1.4.4 h1:jQopwyaLsVGuwdxSiN4WkXjsEaFNPJ3V4lUj7eyEpzo= +github.com/gonvenience/ytbx v1.4.4/go.mod h1:w37+MKCPcCMY/jpPNmEklD4xKqrOAVBO6kIWW2+uI6M= +github.com/google/gnostic-models v0.6.8 h1:yo/ABAfM5IMRsS1VnXjTBvUb61tFIHozhlYvRgGre9I= +github.com/google/gnostic-models v0.6.8/go.mod h1:5n7qKqH0f5wFt+aWF8CW6pZLLNOfYuF5OpfBSENuI8U= +github.com/google/go-cmp v0.5.5/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= +github.com/google/go-cmp v0.5.9/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY= +github.com/google/gofuzz v1.0.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg= +github.com/google/gofuzz v1.2.0 h1:xRy4A+RhZaiKjJ1bPfwQ8sedCA+YS2YcCHW6ec7JMi0= +github.com/google/gofuzz v1.2.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg= +github.com/google/uuid v1.6.0 h1:NIvaJDMOsjHA8n1jAhLSgzrAzy1Hgr+hNrb57e+94F0= +github.com/google/uuid v1.6.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= +github.com/gorilla/websocket v1.4.2/go.mod h1:YR8l580nyteQvAITg2hZ9XVh4b55+EU/adAjf1fMHhE= +github.com/gruntwork-io/go-commons v0.17.1 h1:2KS9wAqrgeOTWj33DSHzDNJ1FCprptWdLFqej+wB8x0= +github.com/gruntwork-io/go-commons v0.17.1/go.mod h1:S98JcR7irPD1bcruSvnqupg+WSJEJ6xaM89fpUZVISk= +github.com/gruntwork-io/terratest v0.46.13 h1:FDaEoZ7DtkomV8pcwLdBV/VsytdjnPRqJkIriYEYwjs= +github.com/gruntwork-io/terratest v0.46.13/go.mod h1:8sxu3Qup8TxtbzOHzq0MUrQffJj/G61/OwlsReaCwpo= +github.com/hashicorp/errwrap v1.0.0/go.mod h1:YH+1FKiLXxHSkmPseP+kNlulaMuP3n2brvKWEqk/Jc4= +github.com/hashicorp/errwrap v1.1.0 h1:OxrOeh75EUXMY8TBjag2fzXGZ40LB6IKw45YeGUDY2I= +github.com/hashicorp/errwrap v1.1.0/go.mod h1:YH+1FKiLXxHSkmPseP+kNlulaMuP3n2brvKWEqk/Jc4= +github.com/hashicorp/go-multierror v1.1.1 h1:H5DkEtf6CXdFp0N0Em5UCwQpXMWke8IA0+lD48awMYo= +github.com/hashicorp/go-multierror v1.1.1/go.mod h1:iw975J/qwKPdAO1clOe2L8331t/9/fmwbPZ6JB6eMoM= +github.com/homeport/dyff v1.7.1 h1:B3KJUtnU53H2UryxGcfYKQPrde8VjjbwlHZbczH3giQ= +github.com/homeport/dyff v1.7.1/go.mod h1:iLe5b3ymc9xmHZNuJlNVKERE8L2isQMBLxFiTXcwZY0= +github.com/imdario/mergo v0.3.16 h1:wwQJbIsHYGMUyLSPrEq1CT16AhnhNJQ51+4fdHUnCl4= +github.com/imdario/mergo v0.3.16/go.mod h1:WBLT9ZmE3lPoWsEzCh9LPo3TiwVN+ZKEjmz+hD27ysY= +github.com/jmespath/go-jmespath v0.4.0 h1:BEgLn5cpjn8UN1mAw4NjwDrS35OdebyEtFe+9YPoQUg= +github.com/jmespath/go-jmespath v0.4.0/go.mod h1:T8mJZnbsbmF+m6zOOFylbeCJqk5+pHWvzYPziyZiYoo= +github.com/jmespath/go-jmespath/internal/testify v1.5.1/go.mod h1:L3OGu8Wl2/fWfCI6z80xFu9LTZmf1ZRjMHUOPmWr69U= +github.com/josharian/intern v1.0.0 h1:vlS4z54oSdjm0bgjRigI+G1HpF+tI+9rE5LLzOg8HmY= +github.com/josharian/intern v1.0.0/go.mod h1:5DoeVV0s6jJacbCEi61lwdGj/aVlrQvzHFFd8Hwg//Y= +github.com/json-iterator/go v1.1.12 h1:PV8peI4a0ysnczrg+LtxykD8LfKY9ML6u2jnxaEnrnM= +github.com/json-iterator/go v1.1.12/go.mod h1:e30LSqwooZae/UwlEbR2852Gd8hjQvJoHmT4TnhNGBo= +github.com/kisielk/errcheck v1.5.0/go.mod h1:pFxgyoBC7bSaBwPgfKdkLd5X25qrDl4LWUI2bnpBCr8= +github.com/kisielk/gotool v1.0.0/go.mod h1:XhKaO+MFFWcvkIS/tQcRk01m1F5IRFswLeQ+oQHNcck= +github.com/kr/pretty v0.1.0/go.mod h1:dAy3ld7l9f0ibDNOQOHHMYYIIbhfbHSm3C4ZsoJORNo= +github.com/kr/pty v1.1.1/go.mod h1:pFQYn66WHrOpPYNljwOMqo10TkYh1fy3cYio2l3bCsQ= +github.com/kr/text v0.1.0/go.mod h1:4Jbv+DJW3UT/LiOwJeYQe1efqtUx/iVham/4vfdArNI= +github.com/kr/text v0.2.0/go.mod h1:eLer722TekiGuMkidMxC/pM04lWEeraHUUmBw8l2grE= +github.com/lucasb-eyer/go-colorful v1.2.0 h1:1nnpGOrhyZZuNyfu1QjKiUICQ74+3FNCN69Aj6K7nkY= +github.com/lucasb-eyer/go-colorful v1.2.0/go.mod h1:R4dSotOR9KMtayYi1e77YzuveK+i7ruzyGqttikkLy0= +github.com/mailru/easyjson v0.7.7 h1:UGYAvKxe3sBsEDzO8ZeWOSlIQfWFlxbzLZe7hwFURr0= +github.com/mailru/easyjson v0.7.7/go.mod h1:xzfreul335JAWq5oZzymOObrkdz5UnU4kGfJJLY9Nlc= +github.com/mattn/go-ciede2000 v0.0.0-20170301095244-782e8c62fec3 h1:BXxTozrOU8zgC5dkpn3J6NTRdoP+hjok/e+ACr4Hibk= +github.com/mattn/go-ciede2000 v0.0.0-20170301095244-782e8c62fec3/go.mod h1:x1uk6vxTiVuNt6S5R2UYgdhpj3oKojXvOXauHZ7dEnI= +github.com/mattn/go-isatty v0.0.20 h1:xfD0iDuEKnDkl03q4limB+vH+GxLEtL/jb4xVJSWWEY= +github.com/mattn/go-isatty v0.0.20/go.mod h1:W+V8PltTTMOvKvAeJH7IuucS94S2C6jfK/D7dTCTo3Y= +github.com/mattn/go-zglob v0.0.4 h1:LQi2iOm0/fGgu80AioIJ/1j9w9Oh+9DZ39J4VAGzHQM= +github.com/mattn/go-zglob v0.0.4/go.mod h1:MxxjyoXXnMxfIpxTK2GAkw1w8glPsQILx3N5wrKakiY= +github.com/mitchellh/go-homedir v1.1.0 h1:lukF9ziXFxDFPkA1vsr5zpc1XuPDn/wFntq5mG+4E0Y= +github.com/mitchellh/go-homedir v1.1.0/go.mod h1:SfyaCUpYCn1Vlf4IUYiD9fPX4A5wJrkLzIz1N1q0pr0= +github.com/mitchellh/go-ps v1.0.0 h1:i6ampVEEF4wQFF+bkYfwYgY+F/uYJDktmvLPf7qIgjc= +github.com/mitchellh/go-ps v1.0.0/go.mod h1:J4lOc8z8yJs6vUwklHw2XEIiT4z4C40KtWVN3nvg8Pg= +github.com/mitchellh/hashstructure v1.1.0 h1:P6P1hdjqAAknpY/M1CGipelZgp+4y9ja9kmUZPXP+H0= +github.com/mitchellh/hashstructure v1.1.0/go.mod h1:xUDAozZz0Wmdiufv0uyhnHkUTN6/6d8ulp4AwfLKrmA= +github.com/moby/spdystream v0.2.0 h1:cjW1zVyyoiM0T7b6UoySUFqzXMoqRckQtXwGPiBhOM8= +github.com/moby/spdystream v0.2.0/go.mod h1:f7i0iNDQJ059oMTcWxx8MA/zKFIuD/lY+0GqbN2Wy8c= +github.com/modern-go/concurrent v0.0.0-20180228061459-e0a39a4cb421/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q= +github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd h1:TRLaZ9cD/w8PVh93nsPXa1VrQ6jlwL5oN8l14QlcNfg= +github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q= +github.com/modern-go/reflect2 v1.0.2 h1:xBagoLtFs94CBntxluKeaWgTMpvLxC4ur3nMaC9Gz0M= +github.com/modern-go/reflect2 v1.0.2/go.mod h1:yWuevngMOJpCy52FWWMvUC8ws7m/LJsjYzDa0/r8luk= +github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 h1:C3w9PqII01/Oq1c1nUAm88MOHcQC9l5mIlSMApZMrHA= +github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822/go.mod h1:+n7T8mK8HuQTcFwEeznm/DIxMOiR9yIdICNftLE1DvQ= +github.com/mxk/go-flowrate v0.0.0-20140419014527-cca7078d478f h1:y5//uYreIhSUg3J1GEMiLbxo1LJaP8RfCpH6pymGZus= +github.com/mxk/go-flowrate v0.0.0-20140419014527-cca7078d478f/go.mod h1:ZdcZmHo+o7JKHSa8/e818NopupXU1YMK5fe1lsApnBw= +github.com/nats-io/nats-server/v2 v2.10.12 h1:G6u+RDrHkw4bkwn7I911O5jqys7jJVRY6MwgndyUsnE= +github.com/nats-io/nats-server/v2 v2.10.12/go.mod h1:H1n6zXtYLFCgXcf/SF8QNTSIFuS8tyZQMN9NguUHdEs= +github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0= +github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= +github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 h1:Jamvg5psRIccs7FGNTlIRMkT8wgtp5eCXdBlqhYGL6U= +github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= +github.com/pquerna/otp v1.4.0 h1:wZvl1TIVxKRThZIBiwOOHOGP/1+nZyWBil9Y2XNEDzg= +github.com/pquerna/otp v1.4.0/go.mod h1:dkJfzwRKNiegxyNb54X/3fLwhCynbMspSyWKnvi1AEg= +github.com/prometheus-operator/prometheus-operator/pkg/apis/monitoring v0.72.0 h1:9h7PxMhT1S8lOdadEKJnBh3ELMdO60XkoDV98grYjuM= +github.com/prometheus-operator/prometheus-operator/pkg/apis/monitoring v0.72.0/go.mod h1:4FiLCL664L4dNGeqZewiiD0NS7hhqi/CxyM4UOq5dfM= +github.com/russross/blackfriday/v2 v2.1.0 h1:JIOH55/0cWyOuilr9/qlrm0BSXldqnqwMsf35Ld67mk= +github.com/russross/blackfriday/v2 v2.1.0/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM= +github.com/sergi/go-diff v1.3.2-0.20230802210424-5b0b94c5c0d3 h1:n661drycOFuPLCN3Uc8sB6B/s6Z4t2xvBgU1htSHuq8= +github.com/sergi/go-diff v1.3.2-0.20230802210424-5b0b94c5c0d3/go.mod h1:A0bzQcvG0E7Rwjx0REVgAGH58e96+X0MeOfepqsbeW4= +github.com/spf13/pflag v1.0.5 h1:iy+VFUOCP1a+8yFto/drg2CJ5u0yRoB7fZw3DKv/JXA= +github.com/spf13/pflag v1.0.5/go.mod h1:McXfInJRrz4CZXVZOBLb0bTZqETkiAhM9Iw0y3An2Bg= +github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME= +github.com/stretchr/objx v0.4.0/go.mod h1:YvHI0jy2hoMjB+UWwv71VJQ9isScKT/TqJzVSSt89Yw= +github.com/stretchr/objx v0.5.0/go.mod h1:Yh+to48EsGEfYuaHDzXPcE3xhTkx73EhmCGUpEOglKo= +github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI= +github.com/stretchr/testify v1.4.0/go.mod h1:j7eGeouHqKxXV5pUuKE4zz7dFj8WfuZ+81PSLYec5m4= +github.com/stretchr/testify v1.7.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg= +github.com/stretchr/testify v1.8.0/go.mod h1:yNjHg4UonilssWZ8iaSj1OCr/vHnekPRkoO+kdMU+MU= +github.com/stretchr/testify v1.8.4/go.mod h1:sz/lmYIOXD/1dqDmKjjqLyZ2RngseejIcXlSw2iwfAo= +github.com/stretchr/testify v1.9.0 h1:HtqpIVDClZ4nwg75+f6Lvsy/wHu+3BoSGCbBAcpTsTg= +github.com/stretchr/testify v1.9.0/go.mod h1:r2ic/lqez/lEtzL7wO/rwa5dbSLXVDPFyf8C91i36aY= +github.com/texttheater/golang-levenshtein v1.0.1 h1:+cRNoVrfiwufQPhoMzB6N0Yf/Mqajr6t1lOv8GyGE2U= +github.com/texttheater/golang-levenshtein v1.0.1/go.mod h1:PYAKrbF5sAiq9wd+H82hs7gNaen0CplQ9uvm6+enD/8= +github.com/urfave/cli v1.22.14 h1:ebbhrRiGK2i4naQJr+1Xj92HXZCrK7MsyTS/ob3HnAk= +github.com/urfave/cli v1.22.14/go.mod h1:X0eDS6pD6Exaclxm99NJ3FiCDRED7vIHpx2mDOHLvkA= +github.com/urfave/cli/v2 v2.27.1 h1:8xSQ6szndafKVRmfyeUMxkNUJQMjL1F2zmsZ+qHpfho= +github.com/urfave/cli/v2 v2.27.1/go.mod h1:8qnjx1vcq5s2/wpsqoZFndg2CE5tNFyrTvS6SinrnYQ= +github.com/virtuald/go-ordered-json v0.0.0-20170621173500-b18e6e673d74 h1:JwtAtbp7r/7QSyGz8mKUbYJBg2+6Cd7OjM8o/GNOcVo= +github.com/virtuald/go-ordered-json v0.0.0-20170621173500-b18e6e673d74/go.mod h1:RmMWU37GKR2s6pgrIEB4ixgpVCt/cf7dnJv3fuH1J1c= +github.com/xrash/smetrics v0.0.0-20240312152122-5f08fbb34913 h1:+qGGcbkzsfDQNPPe9UDgpxAWQrhbbBXOYJFQDq/dtJw= +github.com/xrash/smetrics v0.0.0-20240312152122-5f08fbb34913/go.mod h1:4aEEwZQutDLsQv2Deui4iYQ6DWTxR14g6m8Wv88+Xqk= +github.com/yuin/goldmark v1.1.27/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= +github.com/yuin/goldmark v1.2.1/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= +github.com/yuin/goldmark v1.4.13/go.mod h1:6yULJ656Px+3vBD8DxQVa3kxgyrAnzto9xy5taEt/CY= +golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w= +golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= +golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= +golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc= +golang.org/x/crypto v0.21.0 h1:X31++rzVUdKhX5sWmSOFZxx8UW/ldWx55cbf08iNAMA= +golang.org/x/crypto v0.21.0/go.mod h1:0BP7YvVV9gBbVKyeTG0Gyn+gZm94bibOW5BjDEYAOMs= +golang.org/x/exp v0.0.0-20240325151524-a685a6edb6d8 h1:aAcj0Da7eBAtrTp03QXWvm88pSyOt+UgdZw2BFZ+lEw= +golang.org/x/exp v0.0.0-20240325151524-a685a6edb6d8/go.mod h1:CQ1k9gNrJ50XIzaKCRR2hssIjF07kZFEiieALBM/ARQ= +golang.org/x/mod v0.2.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= +golang.org/x/mod v0.3.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= +golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4/go.mod h1:jJ57K6gSWd91VN4djpZkiMVwK6gcyfeH4XE8wZrZaV4= +golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg= +golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= +golang.org/x/net v0.0.0-20200226121028-0de0cce0169b/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= +golang.org/x/net v0.0.0-20201021035429-f5854403a974/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU= +golang.org/x/net v0.0.0-20210226172049-e18ecbb05110/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg= +golang.org/x/net v0.0.0-20220722155237-a158d28d115b/go.mod h1:XRhObCWvk6IyKnWLug+ECip1KBveYUHfp+8e9klMJ9c= +golang.org/x/net v0.22.0 h1:9sGLhx7iRIHEiX0oAJ3MRZMUCElJgy7Br1nO+AMN3Tc= +golang.org/x/net v0.22.0/go.mod h1:JKghWKKOSdJwpW2GEx0Ja7fmaKnMsbu+MWVZTokSYmg= +golang.org/x/oauth2 v0.18.0 h1:09qnuIAgzdx1XplqJvW6CQqMCtGZykZWcXzPMPUusvI= +golang.org/x/oauth2 v0.18.0/go.mod h1:Wf7knwG0MPoWIMMBgFlEaSUDaKskp0dCfrlJRJXbBi8= +golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= +golang.org/x/sync v0.0.0-20190911185100-cd5d95a43a6e/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= +golang.org/x/sync v0.0.0-20201020160332-67f06af15bc9/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= +golang.org/x/sync v0.0.0-20220722155255-886fb9371eb4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= +golang.org/x/sync v0.6.0 h1:5BMeUDZ7vkXGfEr1x9B4bRcTH4lpkTkpdh0T/J+qjbQ= +golang.org/x/sync v0.6.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk= +golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= +golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20200930185726-fdedc70b468f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20201119102817-f84b799fce68/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20210615035016-665e8c7367d1/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.0.0-20220520151302-bc2c85ada10a/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.0.0-20220722155257-8c9f86f7a55f/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.18.0 h1:DBdB3niSjOA/O0blCZBqDefyWNYveAYMNF1Wum0DYQ4= +golang.org/x/sys v0.18.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= +golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= +golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= +golang.org/x/term v0.18.0 h1:FcHjZXDMxI8mM3nwhX9HlKop4C0YQvCVCdwYl2wOtE8= +golang.org/x/term v0.18.0/go.mod h1:ILwASektA3OnRv7amZ1xhE/KTR+u50pbXfZ03+6Nx58= +golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= +golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= +golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ= +golang.org/x/text v0.3.8/go.mod h1:E6s5w1FMmriuDzIBO73fBruAKo1PCIq6d2Q6DHfQ8WQ= +golang.org/x/text v0.14.0 h1:ScX5w1eTa3QqT8oi6+ziP7dTV1S2+ALU0bI+0zXKWiQ= +golang.org/x/text v0.14.0/go.mod h1:18ZOQIKpY8NJVqYksKHtTdi31H5itFRjB5/qKTNYzSU= +golang.org/x/time v0.5.0 h1:o7cqy6amK/52YcAKIPlM3a+Fpj35zvRj2TP+e1xFSfk= +golang.org/x/time v0.5.0/go.mod h1:3BpzKBy/shNhVucY/MWOyx10tF3SFh9QdLuxbVysPQM= +golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= +golang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= +golang.org/x/tools v0.0.0-20200619180055-7c47624df98f/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE= +golang.org/x/tools v0.0.0-20210106214847-113979e3529a/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA= +golang.org/x/tools v0.1.12/go.mod h1:hNGJHUnrk76NpqgfD5Aqm5Crs+Hm0VOH/i9J2+nxYbc= +golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= +golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= +golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= +golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= +google.golang.org/appengine v1.6.8 h1:IhEN5q69dyKagZPYMSdIjS2HqprW324FRQZJcGqPAsM= +google.golang.org/appengine v1.6.8/go.mod h1:1jJ3jBArFh5pcgW8gCtRJnepW8FzD1V44FJffLiz/Ds= +google.golang.org/protobuf v1.26.0-rc.1/go.mod h1:jlhhOSvTdKEhbULTjvd4ARK9grFBp09yW+WbY/TyQbw= +google.golang.org/protobuf v1.26.0/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQnmE0givc= +google.golang.org/protobuf v1.33.0 h1:uNO2rsAINq/JlFpSdYEKIZ0uKD/R9cpdv0T+yoGwGmI= +google.golang.org/protobuf v1.33.0/go.mod h1:c6P6GXX6sHbq/GpV6MGZEdwhWPcYBgnhAHhKbcUYpos= +gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= +gopkg.in/check.v1 v1.0.0-20190902080502-41f04d3bba15/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= +gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c/go.mod h1:JHkPIbrfpd72SG/EVd6muEfDQjcINNoR0C8j2r3qZ4Q= +gopkg.in/inf.v0 v0.9.1 h1:73M5CoZyi3ZLMOyDlQh031Cx6N9NDJ2Vvfl76EDAgDc= +gopkg.in/inf.v0 v0.9.1/go.mod h1:cWUDdTG/fYaXco+Dcufb5Vnc6Gp2YChqWtbxRZE0mXw= +gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= +gopkg.in/yaml.v2 v2.2.8/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= +gopkg.in/yaml.v2 v2.4.0 h1:D8xgwECY7CYvx+Y2n4sBz93Jn9JRvxdiyyo8CTfuKaY= +gopkg.in/yaml.v2 v2.4.0/go.mod h1:RDklbk79AGWmwhnvt/jBztapEOGDOx6ZbXqjP6csGnQ= +gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= +gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA= +gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= +k8s.io/api v0.29.3 h1:2ORfZ7+bGC3YJqGpV0KSDDEVf8hdGQ6A03/50vj8pmw= +k8s.io/api v0.29.3/go.mod h1:y2yg2NTyHUUkIoTC+phinTnEa3KFM6RZ3szxt014a80= +k8s.io/apimachinery v0.29.3 h1:2tbx+5L7RNvqJjn7RIuIKu9XTsIZ9Z5wX2G22XAa5EU= +k8s.io/apimachinery v0.29.3/go.mod h1:hx/S4V2PNW4OMg3WizRrHutyB5la0iCUbZym+W0EQIU= +k8s.io/client-go v0.29.3 h1:R/zaZbEAxqComZ9FHeQwOh3Y1ZUs7FaHKZdQtIc2WZg= +k8s.io/client-go v0.29.3/go.mod h1:tkDisCvgPfiRpxGnOORfkljmS+UrW+WtXAy2fTvXJB0= +k8s.io/klog/v2 v2.120.1 h1:QXU6cPEOIslTGvZaXvFWiP9VKyeet3sawzTOvdXb4Vw= +k8s.io/klog/v2 v2.120.1/go.mod h1:3Jpz1GvMt720eyJH1ckRHK1EDfpxISzJ7I9OYgaDtPE= +k8s.io/kube-openapi v0.0.0-20240322212309-b815d8309940 h1:qVoMaQV5t62UUvHe16Q3eb2c5HPzLHYzsi0Tu/xLndo= +k8s.io/kube-openapi v0.0.0-20240322212309-b815d8309940/go.mod h1:yD4MZYeKMBwQKVht279WycxKyM84kkAx2DPrTXaeb98= +k8s.io/utils v0.0.0-20240310230437-4693a0247e57 h1:gbqbevonBh57eILzModw6mrkbwM0gQBEuevE/AaBsHY= +k8s.io/utils v0.0.0-20240310230437-4693a0247e57/go.mod h1:OLgZIPagt7ERELqWJFomSt595RzquPNLL48iOWgYOg0= +sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd h1:EDPBXCAspyGV4jQlpZSudPeMmr1bNJefnuqLsRAsHZo= +sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd/go.mod h1:B8JuhiUyNFVKdsE8h686QcCxMaH6HrOAZj4vswFpcB0= +sigs.k8s.io/structured-merge-diff/v4 v4.4.1 h1:150L+0vs/8DA78h1u02ooW1/fFq/Lwr+sGiqlzvrtq4= +sigs.k8s.io/structured-merge-diff/v4 v4.4.1/go.mod h1:N8hJocpFajUSSeSJ9bOZ77VzejKZaXsTtZo4/u7Io08= +sigs.k8s.io/yaml v1.4.0 h1:Mk1wCc2gy/F0THH0TAp1QYyJNzRm2KCLy3o5ASXVI5E= +sigs.k8s.io/yaml v1.4.0/go.mod h1:Ejl7/uTz7PSA4eKMyQCUTnhZYNmLIl+5c2lQPGR2BPY= diff --git a/charts/testkube-enterprise/charts/nats/test/ports_test.go b/charts/testkube-enterprise/charts/nats/test/ports_test.go new file mode 100644 index 000000000..0d865919a --- /dev/null +++ b/charts/testkube-enterprise/charts/nats/test/ports_test.go @@ -0,0 +1,283 @@ +package test + +import ( + "testing" + + corev1 "k8s.io/api/core/v1" + "k8s.io/apimachinery/pkg/util/intstr" +) + +func TestPorts(t *testing.T) { + t.Parallel() + test := DefaultTest() + test.Values = ` +config: + cluster: + enabled: true + port: 1005 + nats: + port: 1001 + leafnodes: + enabled: true + port: 1002 + websocket: + enabled: true + port: 1003 + mqtt: + enabled: true + port: 1004 + gateway: + enabled: true + port: 1006 + monitor: + port: 1007 + profiling: + enabled: true + port: 1008 + +container: + ports: + nats: + hostPort: 2001 + leafnodes: + hostPort: 2002 + websocket: + hostPort: 2003 + mqtt: + hostPort: 2004 + cluster: + hostPort: 2005 + gateway: + hostPort: 2006 + monitor: + hostPort: 2007 + profiling: + hostPort: 2008 + +service: + merge: + spec: + type: NodePort + ports: + nats: + enabled: true + port: 3001 + nodePort: 4001 + leafnodes: + enabled: true + port: 3002 + nodePort: 4002 + websocket: + enabled: true + port: 3003 + nodePort: 4003 + mqtt: + enabled: true + port: 3004 + nodePort: 4004 + cluster: + enabled: true + port: 3005 + nodePort: 4005 + gateway: + enabled: true + port: 3006 + nodePort: 4006 + monitor: + enabled: true + port: 3007 + nodePort: 4007 + profiling: + enabled: true + port: 3008 + nodePort: 4008 +` + expected := DefaultResources(t, test) + expected.Conf.Value["port"] = int64(1001) + expected.Conf.Value["leafnodes"] = map[string]any{ + "port": int64(1002), + "no_advertise": true, + } + expected.Conf.Value["websocket"] = map[string]any{ + "port": int64(1003), + "no_tls": true, + } + expected.Conf.Value["mqtt"] = map[string]any{ + "port": int64(1004), + } + expected.Conf.Value["cluster"] = map[string]any{ + "name": "nats", + "no_advertise": true, + "port": int64(1005), + "routes": []any{ + "nats://nats-0.nats-headless:1005", + "nats://nats-1.nats-headless:1005", + "nats://nats-2.nats-headless:1005", + }, + } + expected.Conf.Value["gateway"] = map[string]any{ + "port": int64(1006), + "name": "nats", + } + expected.Conf.Value["http_port"] = int64(1007) + expected.Conf.Value["prof_port"] = int64(1008) + + replicas3 := int32(3) + expected.StatefulSet.Value.Spec.Replicas = &replicas3 + + expected.StatefulSet.Value.Spec.Template.Spec.Containers[0].Ports = []corev1.ContainerPort{ + { + Name: "nats", + ContainerPort: 1001, + HostPort: 2001, + }, + { + Name: "leafnodes", + ContainerPort: 1002, + HostPort: 2002, + }, + { + Name: "websocket", + ContainerPort: 1003, + HostPort: 2003, + }, + { + Name: "mqtt", + ContainerPort: 1004, + HostPort: 2004, + }, + { + Name: "cluster", + ContainerPort: 1005, + HostPort: 2005, + }, + { + Name: "gateway", + ContainerPort: 1006, + HostPort: 2006, + }, + { + Name: "monitor", + ContainerPort: 1007, + HostPort: 2007, + }, + { + Name: "profiling", + ContainerPort: 1008, + HostPort: 2008, + }, + } + + expected.HeadlessService.Value.Spec.Ports = []corev1.ServicePort{ + { + Name: "nats", + Port: 1001, + TargetPort: intstr.FromString("nats"), + AppProtocol: &appProtocolTCP, + }, + { + Name: "leafnodes", + Port: 1002, + TargetPort: intstr.FromString("leafnodes"), + AppProtocol: &appProtocolTCP, + }, + { + Name: "websocket", + Port: 1003, + TargetPort: intstr.FromString("websocket"), + AppProtocol: &appProtocolHTTP, + }, + { + Name: "mqtt", + Port: 1004, + TargetPort: intstr.FromString("mqtt"), + AppProtocol: &appProtocolTCP, + }, + { + Name: "cluster", + Port: 1005, + TargetPort: intstr.FromString("cluster"), + AppProtocol: &appProtocolTCP, + }, + { + Name: "gateway", + Port: 1006, + TargetPort: intstr.FromString("gateway"), + AppProtocol: &appProtocolTCP, + }, + { + Name: "monitor", + Port: 1007, + TargetPort: intstr.FromString("monitor"), + AppProtocol: &appProtocolHTTP, + }, + { + Name: "profiling", + Port: 1008, + TargetPort: intstr.FromString("profiling"), + AppProtocol: &appProtocolTCP, + }, + } + + expected.Service.Value.Spec.Type = "NodePort" + expected.Service.Value.Spec.Ports = []corev1.ServicePort{ + { + Name: "nats", + Port: 3001, + NodePort: 4001, + TargetPort: intstr.FromString("nats"), + AppProtocol: &appProtocolTCP, + }, + { + Name: "leafnodes", + Port: 3002, + NodePort: 4002, + TargetPort: intstr.FromString("leafnodes"), + AppProtocol: &appProtocolTCP, + }, + { + Name: "websocket", + Port: 3003, + NodePort: 4003, + TargetPort: intstr.FromString("websocket"), + AppProtocol: &appProtocolHTTP, + }, + { + Name: "mqtt", + Port: 3004, + NodePort: 4004, + TargetPort: intstr.FromString("mqtt"), + AppProtocol: &appProtocolTCP, + }, + { + Name: "cluster", + Port: 3005, + NodePort: 4005, + TargetPort: intstr.FromString("cluster"), + AppProtocol: &appProtocolTCP, + }, + { + Name: "gateway", + Port: 3006, + NodePort: 4006, + TargetPort: intstr.FromString("gateway"), + AppProtocol: &appProtocolTCP, + }, + { + Name: "monitor", + Port: 3007, + NodePort: 4007, + TargetPort: intstr.FromString("monitor"), + AppProtocol: &appProtocolHTTP, + }, + { + Name: "profiling", + Port: 3008, + NodePort: 4008, + TargetPort: intstr.FromString("profiling"), + AppProtocol: &appProtocolTCP, + }, + } + + RenderAndCheck(t, test, expected) +} diff --git a/charts/testkube-enterprise/charts/nats/test/resources_test.go b/charts/testkube-enterprise/charts/nats/test/resources_test.go new file mode 100644 index 000000000..f178680d2 --- /dev/null +++ b/charts/testkube-enterprise/charts/nats/test/resources_test.go @@ -0,0 +1,664 @@ +package test + +import ( + "testing" + + corev1 "k8s.io/api/core/v1" + networkingv1 "k8s.io/api/networking/v1" + "k8s.io/apimachinery/pkg/api/resource" + v1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "k8s.io/apimachinery/pkg/util/intstr" +) + +func TestResourceOptions(t *testing.T) { + t.Parallel() + test := DefaultTest() + test.Values = ` +global: + image: + pullPolicy: Always + pullSecretNames: + - testPullSecret + registry: docker.io + labels: + global: global +namespaceOverride: foo +config: + jetstream: + enabled: true + websocket: + enabled: true + ingress: + enabled: true + hosts: + - demo.nats.io + tlsSecretName: ws-tls +container: + image: + pullPolicy: IfNotPresent + registry: gcr.io + env: + GOMEMLIMIT: 1GiB + TOKEN: + valueFrom: + secretKeyRef: + name: token + key: token +reloader: + env: + GOMEMLIMIT: 1GiB + TOKEN: + valueFrom: + secretKeyRef: + name: token + key: token + natsVolumeMountPrefixes: + - /etc/ + - /data +promExporter: + enabled: true + port: 7778 + env: + GOMEMLIMIT: 1GiB + TOKEN: + valueFrom: + secretKeyRef: + name: token + key: token +podTemplate: + configChecksumAnnotation: false + topologySpreadConstraints: + kubernetes.io/hostname: + maxSkew: 1 +natsBox: + contexts: + loadedSecret: + creds: + secretName: loaded-creds + key: nats.creds + nkey: + secretName: loaded-nkey + key: nats.nk + tls: + secretName: loaded-tls + merge: + ca: /etc/my-ca/ca.crt + loadedContents: + creds: + contents: aabbcc + nkey: + contents: ddeeff + token: + merge: + token: foo + container: + env: + GOMEMLIMIT: 1GiB + TOKEN: + valueFrom: + secretKeyRef: + name: token + key: token +` + expected := DefaultResources(t, test) + + expected.Conf.Value["jetstream"] = map[string]any{ + "max_file_store": int64(10737418240), + "max_memory_store": int64(0), + "store_dir": "/data", + } + + expected.Conf.Value["websocket"] = map[string]any{ + "port": int64(8080), + "no_tls": true, + } + + env := []corev1.EnvVar{ + { + Name: "GOMEMLIMIT", + Value: "1GiB", + }, + { + Name: "TOKEN", + ValueFrom: &corev1.EnvVarSource{ + SecretKeyRef: &corev1.SecretKeySelector{ + LocalObjectReference: corev1.LocalObjectReference{ + Name: "token", + }, + Key: "token", + }, + }, + }, + } + + expected.StatefulSet.Value.ObjectMeta.Labels["global"] = "global" + expected.StatefulSet.Value.ObjectMeta.Namespace = "foo" + expected.StatefulSet.Value.Spec.Template.ObjectMeta.Labels["global"] = "global" + expected.StatefulSet.Value.Spec.Template.Spec.ImagePullSecrets = []corev1.LocalObjectReference{ + { + Name: "testPullSecret", + }, + } + + dd := ddg.Get(t) + ctr := expected.StatefulSet.Value.Spec.Template.Spec.Containers + + // nats + ctr[0].Env = append(ctr[0].Env, env...) + ctr[0].Image = "gcr.io/" + ctr[0].Image + ctr[0].ImagePullPolicy = "IfNotPresent" + ctr[0].VolumeMounts = append(ctr[0].VolumeMounts, corev1.VolumeMount{ + Name: test.FullName + "-js", + MountPath: "/data", + }) + + // reloader + ctr[1].Env = env + ctr[1].Image = "docker.io/" + ctr[1].Image + ctr[1].ImagePullPolicy = "Always" + ctr[1].VolumeMounts = append(ctr[1].VolumeMounts, corev1.VolumeMount{ + Name: test.FullName + "-js", + MountPath: "/data", + }) + + // promExporter + ctr = append(ctr, corev1.Container{ + Args: []string{ + "-port=7778", + "-connz", + "-routez", + "-subz", + "-varz", + "-prefix=nats", + "-use_internal_server_id", + "-jsz=all", + "http://localhost:8222/", + }, + Env: env, + Image: "docker.io/" + dd.PromExporterImage, + ImagePullPolicy: "Always", + Name: "prom-exporter", + Ports: []corev1.ContainerPort{ + { + Name: "prom-metrics", + ContainerPort: 7778, + }, + }, + }) + + expected.StatefulSet.Value.Spec.Template.Spec.Containers = ctr + expected.StatefulSet.Value.Spec.Template.Spec.TopologySpreadConstraints = []corev1.TopologySpreadConstraint{ + { + MaxSkew: 1, + TopologyKey: "kubernetes.io/hostname", + LabelSelector: expected.StatefulSet.Value.Spec.Selector, + }, + } + + expected.NatsBoxDeployment.Value.ObjectMeta.Labels["global"] = "global" + expected.NatsBoxDeployment.Value.ObjectMeta.Namespace = "foo" + expected.NatsBoxDeployment.Value.Spec.Template.ObjectMeta.Labels["global"] = "global" + expected.NatsBoxDeployment.Value.Spec.Template.Spec.ImagePullSecrets = []corev1.LocalObjectReference{ + { + Name: "testPullSecret", + }, + } + + nbCtr := expected.NatsBoxDeployment.Value.Spec.Template.Spec.Containers[0] + // nats-box + nbCtr.Env = env + nbCtr.Image = "docker.io/" + nbCtr.Image + nbCtr.ImagePullPolicy = "Always" + nbCtr.VolumeMounts = append(nbCtr.VolumeMounts, + corev1.VolumeMount{ + MountPath: "/etc/nats-contents", + Name: "contents", + }, + corev1.VolumeMount{ + Name: "ctx-loadedSecret-creds", + MountPath: "/etc/nats-creds/loadedSecret", + }, + corev1.VolumeMount{ + Name: "ctx-loadedSecret-nkey", + MountPath: "/etc/nats-nkeys/loadedSecret", + }, + corev1.VolumeMount{ + Name: "ctx-loadedSecret-tls", + MountPath: "/etc/nats-certs/loadedSecret", + }, + ) + expected.NatsBoxDeployment.Value.Spec.Template.Spec.Containers[0] = nbCtr + + nbVol := expected.NatsBoxDeployment.Value.Spec.Template.Spec.Volumes + nbVol = append(nbVol, + corev1.Volume{ + Name: "contents", + VolumeSource: corev1.VolumeSource{ + Secret: &corev1.SecretVolumeSource{ + SecretName: "nats-box-contents", + }, + }, + }, + corev1.Volume{ + Name: "ctx-loadedSecret-creds", + VolumeSource: corev1.VolumeSource{ + Secret: &corev1.SecretVolumeSource{ + SecretName: "loaded-creds", + }, + }, + }, + corev1.Volume{ + Name: "ctx-loadedSecret-nkey", + VolumeSource: corev1.VolumeSource{ + Secret: &corev1.SecretVolumeSource{ + SecretName: "loaded-nkey", + }, + }, + }, + corev1.Volume{ + Name: "ctx-loadedSecret-tls", + VolumeSource: corev1.VolumeSource{ + Secret: &corev1.SecretVolumeSource{ + SecretName: "loaded-tls", + }, + }, + }, + ) + expected.NatsBoxDeployment.Value.Spec.Template.Spec.Volumes = nbVol + + expected.NatsBoxContextsSecret.Value.ObjectMeta.Labels["global"] = "global" + expected.NatsBoxContextsSecret.Value.ObjectMeta.Namespace = "foo" + expected.NatsBoxContextsSecret.Value.StringData["loadedSecret.json"] = `{ + "ca": "/etc/my-ca/ca.crt", + "cert": "/etc/nats-certs/loadedSecret/tls.crt", + "creds": "/etc/nats-creds/loadedSecret/nats.creds", + "key": "/etc/nats-certs/loadedSecret/tls.key", + "nkey": "/etc/nats-nkeys/loadedSecret/nats.nk", + "url": "nats://` + test.FullName + `" +} +` + expected.NatsBoxContextsSecret.Value.StringData["loadedContents.json"] = `{ + "creds": "/etc/nats-contents/loadedContents.creds", + "nkey": "/etc/nats-contents/loadedContents.nk", + "url": "nats://` + test.FullName + `" +} +` + expected.NatsBoxContextsSecret.Value.StringData["token.json"] = `{ + "token": "foo", + "url": "nats://` + test.FullName + `" +} +` + + expected.NatsBoxContentsSecret.HasValue = true + expected.NatsBoxContentsSecret.Value.ObjectMeta.Labels["global"] = "global" + expected.NatsBoxContentsSecret.Value.ObjectMeta.Namespace = "foo" + expected.NatsBoxContentsSecret.Value.StringData = map[string]string{ + "loadedContents.creds": "aabbcc", + "loadedContents.nk": "ddeeff", + } + + expected.Ingress.HasValue = true + expected.Ingress.Value.ObjectMeta.Labels["global"] = "global" + expected.Ingress.Value.ObjectMeta.Namespace = "foo" + expected.Ingress.Value.Spec.TLS = []networkingv1.IngressTLS{ + { + Hosts: []string{"demo.nats.io"}, + SecretName: "ws-tls", + }, + } + + resource10Gi, _ := resource.ParseQuantity("10Gi") + expected.StatefulSet.Value.Spec.VolumeClaimTemplates = []corev1.PersistentVolumeClaim{ + { + ObjectMeta: v1.ObjectMeta{ + Name: test.FullName + "-js", + }, + Spec: corev1.PersistentVolumeClaimSpec{ + AccessModes: []corev1.PersistentVolumeAccessMode{ + "ReadWriteOnce", + }, + Resources: corev1.VolumeResourceRequirements{ + Requests: corev1.ResourceList{ + "storage": resource10Gi, + }, + }, + }, + }, + } + + expected.StatefulSet.Value.Spec.Template.Spec.Containers[0].Ports = []corev1.ContainerPort{ + { + Name: "nats", + ContainerPort: 4222, + }, + { + Name: "websocket", + ContainerPort: 8080, + }, + { + Name: "monitor", + ContainerPort: 8222, + }, + } + + expected.HeadlessService.Value.ObjectMeta.Labels["global"] = "global" + expected.HeadlessService.Value.ObjectMeta.Namespace = "foo" + expected.HeadlessService.Value.Spec.Ports = []corev1.ServicePort{ + { + Name: "nats", + Port: 4222, + TargetPort: intstr.FromString("nats"), + AppProtocol: &appProtocolTCP, + }, + { + Name: "websocket", + Port: 8080, + TargetPort: intstr.FromString("websocket"), + AppProtocol: &appProtocolHTTP, + }, + { + Name: "monitor", + Port: 8222, + TargetPort: intstr.FromString("monitor"), + AppProtocol: &appProtocolHTTP, + }, + } + + expected.Service.Value.ObjectMeta.Labels["global"] = "global" + expected.Service.Value.ObjectMeta.Namespace = "foo" + expected.Service.Value.Spec.Ports = []corev1.ServicePort{ + { + Name: "nats", + Port: 4222, + TargetPort: intstr.FromString("nats"), + AppProtocol: &appProtocolTCP, + }, + { + Name: "websocket", + Port: 8080, + TargetPort: intstr.FromString("websocket"), + AppProtocol: &appProtocolHTTP, + }, + } + + expected.ConfigMap.Value.ObjectMeta.Labels["global"] = "global" + expected.ConfigMap.Value.ObjectMeta.Namespace = "foo" + + RenderAndCheck(t, test, expected) +} + +func TestResourcesMergePatch(t *testing.T) { + t.Parallel() + test := DefaultTest() + test.Values = ` +config: + websocket: + enabled: true + ingress: + enabled: true + hosts: + - demo.nats.io + merge: + metadata: + annotations: + test: test + patch: [{op: add, path: /metadata/labels/test, value: "test"}] +container: + merge: + stdin: true + patch: [{op: add, path: /tty, value: true}] +reloader: + merge: + stdin: true + patch: [{op: add, path: /tty, value: true}] +promExporter: + enabled: true + merge: + stdin: true + patch: [{op: add, path: /tty, value: true}] + podMonitor: + enabled: true + merge: + metadata: + annotations: + test: test + patch: [{op: add, path: /metadata/labels/test, value: "test"}] +service: + enabled: true + merge: + metadata: + annotations: + test: test + patch: [{op: add, path: /metadata/labels/test, value: "test"}] +statefulSet: + merge: + metadata: + annotations: + test: test + patch: [{op: add, path: /metadata/labels/test, value: "test"}] +podTemplate: + merge: + metadata: + annotations: + test: test + patch: [{op: add, path: /metadata/labels/test, value: "test"}] +headlessService: + merge: + metadata: + annotations: + test: test + patch: [{op: add, path: /metadata/labels/test, value: "test"}] +configMap: + merge: + metadata: + annotations: + test: test + patch: [{op: add, path: /metadata/labels/test, value: "test"}] +podDisruptionBudget: + merge: + metadata: + annotations: + test: test + patch: [{op: add, path: /metadata/labels/test, value: "test"}] +serviceAccount: + enabled: true + merge: + metadata: + annotations: + test: test + patch: [{op: add, path: /metadata/labels/test, value: "test"}] +natsBox: + contexts: + default: + merge: + user: foo + patch: [{op: add, path: /password, value: "bar"}] + container: + merge: + stdin: true + patch: [{op: add, path: /tty, value: true}] + podTemplate: + merge: + metadata: + annotations: + test: test + patch: [{op: add, path: /metadata/labels/test, value: "test"}] + deployment: + merge: + metadata: + annotations: + test: test + patch: [{op: add, path: /metadata/labels/test, value: "test"}] + contextsSecret: + merge: + metadata: + annotations: + test: test + patch: [{op: add, path: /metadata/labels/test, value: "test"}] + contentsSecret: + merge: + metadata: + annotations: + test: test + patch: [{op: add, path: /metadata/labels/test, value: "test"}] + serviceAccount: + enabled: true + merge: + metadata: + annotations: + test: test + patch: [{op: add, path: /metadata/labels/test, value: "test"}] +` + expected := DefaultResources(t, test) + + expected.Conf.Value["websocket"] = map[string]any{ + "port": int64(8080), + "no_tls": true, + } + + annotations := func() map[string]string { + return map[string]string{ + "test": "test", + } + } + + dd := ddg.Get(t) + ctr := expected.StatefulSet.Value.Spec.Template.Spec.Containers + ctr[0].Stdin = true + ctr[0].TTY = true + ctr[1].Stdin = true + ctr[1].TTY = true + ctr = append(ctr, corev1.Container{ + Args: []string{ + "-port=7777", + "-connz", + "-routez", + "-subz", + "-varz", + "-prefix=nats", + "-use_internal_server_id", + "http://localhost:8222/", + }, + Image: dd.PromExporterImage, + Name: "prom-exporter", + Ports: []corev1.ContainerPort{ + { + Name: "prom-metrics", + ContainerPort: 7777, + }, + }, + Stdin: true, + TTY: true, + }) + expected.StatefulSet.Value.Spec.Template.Spec.Containers = ctr + expected.StatefulSet.Value.Spec.Template.Spec.ServiceAccountName = test.FullName + + expected.NatsBoxDeployment.Value.Spec.Template.Spec.Containers[0].Stdin = true + expected.NatsBoxDeployment.Value.Spec.Template.Spec.Containers[0].TTY = true + + expected.StatefulSet.Value.ObjectMeta.Annotations = annotations() + expected.StatefulSet.Value.ObjectMeta.Labels["test"] = "test" + + expected.StatefulSet.Value.Spec.Template.ObjectMeta.Annotations = annotations() + expected.StatefulSet.Value.Spec.Template.ObjectMeta.Labels["test"] = "test" + + expected.NatsBoxDeployment.Value.ObjectMeta.Annotations = annotations() + expected.NatsBoxDeployment.Value.ObjectMeta.Labels["test"] = "test" + + expected.NatsBoxDeployment.Value.Spec.Template.ObjectMeta.Annotations = annotations() + expected.NatsBoxDeployment.Value.Spec.Template.ObjectMeta.Labels["test"] = "test" + expected.NatsBoxDeployment.Value.Spec.Template.Spec.ServiceAccountName = test.FullName + "-box" + + expected.PodMonitor.HasValue = true + expected.PodMonitor.Value.ObjectMeta.Annotations = annotations() + expected.PodMonitor.Value.ObjectMeta.Labels["test"] = "test" + + expected.Ingress.HasValue = true + expected.Ingress.Value.ObjectMeta.Annotations = annotations() + expected.Ingress.Value.ObjectMeta.Labels["test"] = "test" + + expected.NatsBoxContextsSecret.Value.ObjectMeta.Annotations = annotations() + expected.NatsBoxContextsSecret.Value.ObjectMeta.Labels["test"] = "test" + expected.NatsBoxContextsSecret.Value.StringData["default.json"] = `{ + "password": "bar", + "url": "nats://` + test.FullName + `", + "user": "foo" +} +` + + expected.NatsBoxContentsSecret.Value.ObjectMeta.Annotations = annotations() + expected.NatsBoxContentsSecret.Value.ObjectMeta.Labels["test"] = "test" + + expected.NatsBoxServiceAccount.HasValue = true + expected.NatsBoxServiceAccount.Value.ObjectMeta.Annotations = annotations() + expected.NatsBoxServiceAccount.Value.ObjectMeta.Labels["test"] = "test" + + expected.Service.Value.ObjectMeta.Annotations = annotations() + expected.Service.Value.ObjectMeta.Labels["test"] = "test" + + expected.PodDisruptionBudget.Value.ObjectMeta.Annotations = annotations() + expected.PodDisruptionBudget.Value.ObjectMeta.Labels["test"] = "test" + + expected.ServiceAccount.HasValue = true + expected.ServiceAccount.Value.ObjectMeta.Annotations = annotations() + expected.ServiceAccount.Value.ObjectMeta.Labels["test"] = "test" + + expected.HeadlessService.Value.ObjectMeta.Annotations = annotations() + expected.HeadlessService.Value.ObjectMeta.Labels["test"] = "test" + + expected.ConfigMap.Value.ObjectMeta.Annotations = annotations() + expected.ConfigMap.Value.ObjectMeta.Labels["test"] = "test" + + expected.StatefulSet.Value.Spec.Template.Spec.Containers[0].Ports = []corev1.ContainerPort{ + { + Name: "nats", + ContainerPort: 4222, + }, + { + Name: "websocket", + ContainerPort: 8080, + }, + { + Name: "monitor", + ContainerPort: 8222, + }, + } + + expected.HeadlessService.Value.Spec.Ports = []corev1.ServicePort{ + { + Name: "nats", + Port: 4222, + TargetPort: intstr.FromString("nats"), + AppProtocol: &appProtocolTCP, + }, + { + Name: "websocket", + Port: 8080, + TargetPort: intstr.FromString("websocket"), + AppProtocol: &appProtocolHTTP, + }, + { + Name: "monitor", + Port: 8222, + TargetPort: intstr.FromString("monitor"), + AppProtocol: &appProtocolHTTP, + }, + } + + expected.Service.Value.Spec.Ports = []corev1.ServicePort{ + { + Name: "nats", + Port: 4222, + TargetPort: intstr.FromString("nats"), + AppProtocol: &appProtocolTCP, + }, + { + Name: "websocket", + Port: 8080, + TargetPort: intstr.FromString("websocket"), + AppProtocol: &appProtocolHTTP, + }, + } + + RenderAndCheck(t, test, expected) +} diff --git a/charts/testkube-enterprise/charts/nats/test/tls_test.go b/charts/testkube-enterprise/charts/nats/test/tls_test.go new file mode 100644 index 000000000..d7393b5b9 --- /dev/null +++ b/charts/testkube-enterprise/charts/nats/test/tls_test.go @@ -0,0 +1,384 @@ +package test + +import ( + "testing" + + corev1 "k8s.io/api/core/v1" + "k8s.io/apimachinery/pkg/util/intstr" +) + +func TestConfigTls(t *testing.T) { + t.Parallel() + test := DefaultTest() + test.Values = ` +config: + cluster: + enabled: true + tls: + enabled: true + secretName: cluster-tls + nats: + tls: + enabled: true + secretName: nats-tls + merge: + ca_file: /etc/my-ca/ca.crt + verify_cert_and_check_known_urls: true + patch: [{op: add, path: /verify_and_map, value: true}] + leafnodes: + enabled: true + tls: + enabled: true + secretName: leafnodes-tls + websocket: + enabled: true + tls: + enabled: true + secretName: websocket-tls + mqtt: + enabled: true + tls: + enabled: true + secretName: mqtt-tls + gateway: + enabled: true + tls: + enabled: true + secretName: gateway-tls + monitor: + tls: + enabled: true +` + expected := DefaultResources(t, test) + expected.Conf.Value["cluster"] = map[string]any{ + "name": "nats", + "no_advertise": true, + "port": int64(6222), + "routes": []any{ + "tls://nats-0.nats-headless:6222", + "tls://nats-1.nats-headless:6222", + "tls://nats-2.nats-headless:6222", + }, + } + expected.Conf.Value["leafnodes"] = map[string]any{ + "port": int64(7422), + "no_advertise": true, + } + expected.Conf.Value["websocket"] = map[string]any{ + "port": int64(8080), + } + expected.Conf.Value["mqtt"] = map[string]any{ + "port": int64(1883), + } + expected.Conf.Value["gateway"] = map[string]any{ + "port": int64(7222), + "name": "nats", + } + expected.Conf.Value["https_port"] = expected.Conf.Value["http_port"] + delete(expected.Conf.Value, "http_port") + + replicas3 := int32(3) + expected.StatefulSet.Value.Spec.Replicas = &replicas3 + + volumes := expected.StatefulSet.Value.Spec.Template.Spec.Volumes + natsVm := expected.StatefulSet.Value.Spec.Template.Spec.Containers[0].VolumeMounts + reloaderVm := expected.StatefulSet.Value.Spec.Template.Spec.Containers[1].VolumeMounts + for _, protocol := range []string{"nats", "leafnodes", "websocket", "mqtt", "cluster", "gateway"} { + tls := map[string]any{ + "cert_file": "/etc/nats-certs/" + protocol + "/tls.crt", + "key_file": "/etc/nats-certs/" + protocol + "/tls.key", + } + if protocol == "nats" { + tls["ca_file"] = "/etc/my-ca/ca.crt" + tls["verify_cert_and_check_known_urls"] = true + tls["verify_and_map"] = true + expected.Conf.Value["tls"] = tls + } else { + expected.Conf.Value[protocol].(map[string]any)["tls"] = tls + } + + volumes = append(volumes, corev1.Volume{ + Name: protocol + "-tls", + VolumeSource: corev1.VolumeSource{ + Secret: &corev1.SecretVolumeSource{ + SecretName: protocol + "-tls", + }, + }, + }) + + natsVm = append(natsVm, corev1.VolumeMount{ + MountPath: "/etc/nats-certs/" + protocol, + Name: protocol + "-tls", + }) + + reloaderVm = append(reloaderVm, corev1.VolumeMount{ + MountPath: "/etc/nats-certs/" + protocol, + Name: protocol + "-tls", + }) + } + + expected.StatefulSet.Value.Spec.Template.Spec.Containers[0].StartupProbe.HTTPGet.Scheme = corev1.URISchemeHTTPS + expected.StatefulSet.Value.Spec.Template.Spec.Containers[0].ReadinessProbe.HTTPGet.Scheme = corev1.URISchemeHTTPS + expected.StatefulSet.Value.Spec.Template.Spec.Containers[0].LivenessProbe.HTTPGet.Scheme = corev1.URISchemeHTTPS + + expected.StatefulSet.Value.Spec.Template.Spec.Volumes = volumes + expected.StatefulSet.Value.Spec.Template.Spec.Containers[0].VolumeMounts = natsVm + expected.StatefulSet.Value.Spec.Template.Spec.Containers[1].VolumeMounts = reloaderVm + + // reloader certs are alphabetized + reloaderArgs := expected.StatefulSet.Value.Spec.Template.Spec.Containers[1].Args + for _, protocol := range []string{"cluster", "gateway", "leafnodes", "mqtt", "nats", "websocket"} { + if protocol == "nats" { + reloaderArgs = append(reloaderArgs, "-config", "/etc/my-ca/ca.crt") + } + reloaderArgs = append(reloaderArgs, "-config", "/etc/nats-certs/"+protocol+"/tls.crt", "-config", "/etc/nats-certs/"+protocol+"/tls.key") + } + + expected.StatefulSet.Value.Spec.Template.Spec.Containers[1].Args = reloaderArgs + + expected.StatefulSet.Value.Spec.Template.Spec.Containers[0].Ports = []corev1.ContainerPort{ + { + Name: "nats", + ContainerPort: 4222, + }, + { + Name: "leafnodes", + ContainerPort: 7422, + }, + { + Name: "websocket", + ContainerPort: 8080, + }, + { + Name: "mqtt", + ContainerPort: 1883, + }, + { + Name: "cluster", + ContainerPort: 6222, + }, + { + Name: "gateway", + ContainerPort: 7222, + }, + { + Name: "monitor", + ContainerPort: 8222, + }, + } + + expected.HeadlessService.Value.Spec.Ports = []corev1.ServicePort{ + { + Name: "nats", + Port: 4222, + TargetPort: intstr.FromString("nats"), + AppProtocol: &appProtocolTLS, + }, + { + Name: "leafnodes", + Port: 7422, + TargetPort: intstr.FromString("leafnodes"), + AppProtocol: &appProtocolTLS, + }, + { + Name: "websocket", + Port: 8080, + TargetPort: intstr.FromString("websocket"), + AppProtocol: &appProtocolHTTPS, + }, + { + Name: "mqtt", + Port: 1883, + TargetPort: intstr.FromString("mqtt"), + AppProtocol: &appProtocolTLS, + }, + { + Name: "cluster", + Port: 6222, + TargetPort: intstr.FromString("cluster"), + AppProtocol: &appProtocolTLS, + }, + { + Name: "gateway", + Port: 7222, + TargetPort: intstr.FromString("gateway"), + AppProtocol: &appProtocolTLS, + }, + { + Name: "monitor", + Port: 8222, + TargetPort: intstr.FromString("monitor"), + AppProtocol: &appProtocolHTTPS, + }, + } + + expected.Service.Value.Spec.Ports = []corev1.ServicePort{ + { + Name: "nats", + Port: 4222, + TargetPort: intstr.FromString("nats"), + AppProtocol: &appProtocolTLS, + }, + { + Name: "leafnodes", + Port: 7422, + TargetPort: intstr.FromString("leafnodes"), + AppProtocol: &appProtocolTLS, + }, + { + Name: "websocket", + Port: 8080, + TargetPort: intstr.FromString("websocket"), + AppProtocol: &appProtocolHTTPS, + }, + { + Name: "mqtt", + Port: 1883, + TargetPort: intstr.FromString("mqtt"), + AppProtocol: &appProtocolTLS, + }, + } + + RenderAndCheck(t, test, expected) +} + +func TestTlsCA(t *testing.T) { + t.Parallel() + for _, tt := range []struct { + name string + key string + dir string + secret bool + }{ + { + name: "ConfigMap", + secret: false, + }, + { + name: "Secret", + secret: true, + key: "my-ca.crt", + dir: "/etc/nats-ca-cert-custom", + }, + } { + t.Run(tt.name, func(t *testing.T) { + test := DefaultTest() + test.Values = ` +config: + nats: + tls: + enabled: true + secretName: nats-tls +tlsCA: + enabled: true` + if tt.secret { + test.Values += ` + secretName: nats-ca` + } else { + test.Values += ` + configMapName: nats-ca` + } + if tt.key != "" { + test.Values += ` + key: ` + tt.key + } + if tt.dir != "" { + test.Values += ` + dir: ` + tt.dir + } + expected := DefaultResources(t, test) + + key := tt.key + if key == "" { + key = "ca.crt" + } + dir := tt.dir + if dir == "" { + dir = "/etc/nats-ca-cert" + } + expected.Conf.Value["tls"] = map[string]any{ + "cert_file": "/etc/nats-certs/nats/tls.crt", + "key_file": "/etc/nats-certs/nats/tls.key", + "ca_file": dir + "/" + key, + } + + expected.NatsBoxContextsSecret.Value.StringData["default.json"] = `{ + "ca": "` + dir + "/" + key + `", + "url": "nats://` + test.FullName + `" +} +` + expected.Service.Value.Spec.Ports[0].AppProtocol = &appProtocolTLS + expected.HeadlessService.Value.Spec.Ports[0].AppProtocol = &appProtocolTLS + + // reloader certs are alphabetized + reloaderArgs := expected.StatefulSet.Value.Spec.Template.Spec.Containers[1].Args + reloaderArgs = append(reloaderArgs, + "-config", dir+"/"+key, + "-config", "/etc/nats-certs/nats/tls.crt", + "-config", "/etc/nats-certs/nats/tls.key") + expected.StatefulSet.Value.Spec.Template.Spec.Containers[1].Args = reloaderArgs + + tlsCAVol := corev1.Volume{ + Name: "tls-ca", + } + if tt.secret { + tlsCAVol.VolumeSource = corev1.VolumeSource{ + Secret: &corev1.SecretVolumeSource{ + SecretName: "nats-ca", + }, + } + } else { + tlsCAVol.VolumeSource = corev1.VolumeSource{ + ConfigMap: &corev1.ConfigMapVolumeSource{ + LocalObjectReference: corev1.LocalObjectReference{ + Name: "nats-ca", + }, + }, + } + } + + tlsCAVm := corev1.VolumeMount{ + Name: "tls-ca", + MountPath: dir, + } + + stsVols := expected.StatefulSet.Value.Spec.Template.Spec.Volumes + natsVm := expected.StatefulSet.Value.Spec.Template.Spec.Containers[0].VolumeMounts + reloaderVm := expected.StatefulSet.Value.Spec.Template.Spec.Containers[1].VolumeMounts + + stsVols = append(stsVols, tlsCAVol, corev1.Volume{ + Name: "nats-tls", + VolumeSource: corev1.VolumeSource{ + Secret: &corev1.SecretVolumeSource{ + SecretName: "nats-tls", + }, + }, + }) + + natsVm = append(natsVm, tlsCAVm, corev1.VolumeMount{ + MountPath: "/etc/nats-certs/nats", + Name: "nats-tls", + }) + + reloaderVm = append(reloaderVm, tlsCAVm, corev1.VolumeMount{ + MountPath: "/etc/nats-certs/nats", + Name: "nats-tls", + }) + + expected.StatefulSet.Value.Spec.Template.Spec.Volumes = stsVols + expected.StatefulSet.Value.Spec.Template.Spec.Containers[0].VolumeMounts = natsVm + expected.StatefulSet.Value.Spec.Template.Spec.Containers[1].VolumeMounts = reloaderVm + + natsBoxVols := expected.NatsBoxDeployment.Value.Spec.Template.Spec.Volumes + natsBoxVms := expected.NatsBoxDeployment.Value.Spec.Template.Spec.Containers[0].VolumeMounts + + natsBoxVols = append(natsBoxVols, tlsCAVol) + natsBoxVms = append(natsBoxVms, tlsCAVm) + + expected.NatsBoxDeployment.Value.Spec.Template.Spec.Volumes = natsBoxVols + expected.NatsBoxDeployment.Value.Spec.Template.Spec.Containers[0].VolumeMounts = natsBoxVms + + RenderAndCheck(t, test, expected) + }) + } +} diff --git a/charts/testkube-enterprise/charts/nats/values.yaml b/charts/testkube-enterprise/charts/nats/values.yaml new file mode 100644 index 000000000..15745ab7b --- /dev/null +++ b/charts/testkube-enterprise/charts/nats/values.yaml @@ -0,0 +1,670 @@ +################################################################################ +# Global options +################################################################################ +global: + imagePullSecrets: [] + image: + # global image pull policy to use for all container images in the chart + # can be overridden by individual image pullPolicy + pullPolicy: + # global list of secret names to use as image pull secrets for all pod specs in the chart + # secrets must exist in the same namespace + # https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ + pullSecretNames: [] + # global registry to use for all container images in the chart + # can be overridden by individual image registry + registry: + + # global labels will be applied to all resources deployed by the chart + labels: {} + +################################################################################ +# Common options +################################################################################ +# override name of the chart +nameOverride: +# override full name of the chart+release +fullnameOverride: +# override the namespace that resources are installed into +namespaceOverride: + +# reference a common CA Certificate or Bundle in all nats config `tls` blocks and nats-box contexts +# note: `tls.verify` still must be set in the appropriate nats config `tls` blocks to require mTLS +tlsCA: + enabled: false + # set configMapName in order to mount an existing configMap to dir + configMapName: + # set secretName in order to mount an existing secretName to dir + secretName: + # directory to mount the configMap or secret to + dir: /etc/nats-ca-cert + # key in the configMap or secret that contains the CA Certificate or Bundle + key: ca.crt + +################################################################################ +# NATS Stateful Set and associated resources +################################################################################ + +############################################################ +# NATS config +############################################################ +config: + cluster: + enabled: false + port: 6222 + # must be 2 or higher when jetstream is enabled + replicas: 3 + + # apply to generated route URLs that connect to other pods in the StatefulSet + routeURLs: + # if both user and password are set, they will be added to route URLs + # and the cluster authorization block + user: + password: + # set to true to use FQDN in route URLs + useFQDN: false + k8sClusterDomain: cluster.local + + tls: + enabled: false + # set secretName in order to mount an existing secret to dir + secretName: + dir: /etc/nats-certs/cluster + cert: tls.crt + key: tls.key + # merge or patch the tls config + # https://docs.nats.io/running-a-nats-service/configuration/securing_nats/tls + merge: {} + patch: [] + + # merge or patch the cluster config + # https://docs.nats.io/running-a-nats-service/configuration/clustering/cluster_config + merge: {} + patch: [] + + jetstream: + enabled: false + + fileStore: + enabled: true + dir: /data + + ############################################################ + # stateful set -> volume claim templates -> jetstream pvc + ############################################################ + pvc: + enabled: true + size: 10Gi + storageClassName: + + # merge or patch the jetstream pvc + # https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.24/#persistentvolumeclaim-v1-core + merge: {} + patch: [] + # defaults to "{{ include "nats.fullname" $ }}-js" + name: + + # defaults to the PVC size + maxSize: + + memoryStore: + enabled: false + # ensure that container has a sufficient memory limit greater than maxSize + maxSize: 1Gi + + # merge or patch the jetstream config + # https://docs.nats.io/running-a-nats-service/configuration#jetstream + merge: {} + patch: [] + + nats: + port: 4222 + tls: + enabled: false + # set secretName in order to mount an existing secret to dir + secretName: + dir: /etc/nats-certs/nats + cert: tls.crt + key: tls.key + # merge or patch the tls config + # https://docs.nats.io/running-a-nats-service/configuration/securing_nats/tls + merge: {} + patch: [] + + leafnodes: + enabled: false + port: 7422 + tls: + enabled: false + # set secretName in order to mount an existing secret to dir + secretName: + dir: /etc/nats-certs/leafnodes + cert: tls.crt + key: tls.key + # merge or patch the tls config + # https://docs.nats.io/running-a-nats-service/configuration/securing_nats/tls + merge: {} + patch: [] + + # merge or patch the leafnodes config + # https://docs.nats.io/running-a-nats-service/configuration/leafnodes/leafnode_conf + merge: {} + patch: [] + + websocket: + enabled: false + port: 8080 + tls: + enabled: false + # set secretName in order to mount an existing secret to dir + secretName: + dir: /etc/nats-certs/websocket + cert: tls.crt + key: tls.key + # merge or patch the tls config + # https://docs.nats.io/running-a-nats-service/configuration/securing_nats/tls + merge: {} + patch: [] + + ############################################################ + # ingress + ############################################################ + # service must be enabled also + ingress: + enabled: false + # must contain at least 1 host otherwise ingress will not be created + hosts: [] + path: / + pathType: Exact + # sets to the ingress class name + className: + # set to an existing secret name to enable TLS on the ingress; applies to all hosts + tlsSecretName: + + # merge or patch the ingress + # https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.24/#ingress-v1-networking-k8s-io + merge: {} + patch: [] + # defaults to "{{ include "nats.fullname" $ }}-ws" + name: + + # merge or patch the websocket config + # https://docs.nats.io/running-a-nats-service/configuration/websocket/websocket_conf + merge: {} + patch: [] + + mqtt: + enabled: false + port: 1883 + tls: + enabled: false + # set secretName in order to mount an existing secret to dir + secretName: + dir: /etc/nats-certs/mqtt + cert: tls.crt + key: tls.key + # merge or patch the tls config + # https://docs.nats.io/running-a-nats-service/configuration/securing_nats/tls + merge: {} + patch: [] + + # merge or patch the mqtt config + # https://docs.nats.io/running-a-nats-service/configuration/mqtt/mqtt_config + merge: {} + patch: [] + + gateway: + enabled: false + port: 7222 + tls: + enabled: false + # set secretName in order to mount an existing secret to dir + secretName: + dir: /etc/nats-certs/gateway + cert: tls.crt + key: tls.key + # merge or patch the tls config + # https://docs.nats.io/running-a-nats-service/configuration/securing_nats/tls + merge: {} + patch: [] + + # merge or patch the gateway config + # https://docs.nats.io/running-a-nats-service/configuration/gateways/gateway#gateway-configuration-block + merge: {} + patch: [] + + monitor: + enabled: true + port: 8222 + tls: + # config.nats.tls must be enabled also + # when enabled, monitoring port will use HTTPS with the options from config.nats.tls + enabled: false + + profiling: + enabled: false + port: 65432 + + resolver: + enabled: false + dir: /data/resolver + + ############################################################ + # stateful set -> volume claim templates -> resolver pvc + ############################################################ + pvc: + enabled: true + size: 1Gi + storageClassName: + + # merge or patch the pvc + # https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.24/#persistentvolumeclaim-v1-core + merge: {} + patch: [] + # defaults to "{{ include "nats.fullname" $ }}-resolver" + name: + + # merge or patch the resolver + # https://docs.nats.io/running-a-nats-service/configuration/securing_nats/auth_intro/jwt/resolver + merge: {} + patch: [] + + # adds a prefix to the server name, which defaults to the pod name + # helpful for ensuring server name is unique in a super cluster + serverNamePrefix: "" + + # merge or patch the nats config + # https://docs.nats.io/running-a-nats-service/configuration + # following special rules apply + # 1. strings that start with << and end with >> will be unquoted + # use this for variables and numbers with units + # 2. keys ending in $include will be switched to include directives + # keys are sorted alphabetically, use prefix before $includes to control includes ordering + # paths should be relative to /etc/nats-config/nats.conf + # example: + # + # merge: + # $include: ./my-config.conf + # zzz$include: ./my-config-last.conf + # server_name: nats + # authorization: + # token: << $TOKEN >> + # jetstream: + # max_memory_store: << 1GB >> + # + # will yield the config: + # { + # include ./my-config.conf; + # "authorization": { + # "token": $TOKEN + # }, + # "jetstream": { + # "max_memory_store": 1GB + # }, + # "server_name": "nats", + # include ./my-config-last.conf; + # } + merge: {} + patch: [] + +############################################################ +# stateful set -> pod template -> nats container +############################################################ +container: + image: + repository: nats + tag: 2.10.22-alpine + pullPolicy: + registry: + + # container port options + # must be enabled in the config section also + # https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.24/#containerport-v1-core + ports: + nats: {} + leafnodes: {} + websocket: {} + mqtt: {} + cluster: {} + gateway: {} + monitor: {} + profiling: {} + + # map with key as env var name, value can be string or map + # example: + # + # env: + # GOMEMLIMIT: 7GiB + # TOKEN: + # valueFrom: + # secretKeyRef: + # name: nats-auth + # key: token + env: {} + + # merge or patch the container + # https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.24/#container-v1-core + merge: {} + patch: [] + +############################################################ +# stateful set -> pod template -> reloader container +############################################################ +reloader: + enabled: true + image: + repository: natsio/nats-server-config-reloader + tag: 0.16.0 + pullPolicy: + registry: + + # env var map, see nats.env for an example + env: {} + + # all nats container volume mounts with the following prefixes + # will be mounted into the reloader container + natsVolumeMountPrefixes: + - /etc/ + + # merge or patch the container + # https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.24/#container-v1-core + merge: {} + patch: [] + +############################################################ +# stateful set -> pod template -> prom-exporter container +############################################################ +# config.monitor must be enabled +promExporter: + enabled: false + image: + repository: natsio/prometheus-nats-exporter + tag: 0.15.0 + pullPolicy: + registry: + + port: 7777 + # env var map, see nats.env for an example + env: {} + + # merge or patch the container + # https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.24/#container-v1-core + merge: {} + patch: [] + + ############################################################ + # prometheus pod monitor + ############################################################ + podMonitor: + enabled: false + + # merge or patch the pod monitor + # https://prometheus-operator.dev/docs/operator/api/#monitoring.coreos.com/v1.PodMonitor + merge: {} + patch: [] + # defaults to "{{ include "nats.fullname" $ }}" + name: + + +############################################################ +# service +############################################################ +service: + enabled: true + + # service port options + # additional boolean field enable to control whether port is exposed in the service + # must be enabled in the config section also + # https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.24/#serviceport-v1-core + ports: + nats: + enabled: true + leafnodes: + enabled: true + websocket: + enabled: true + mqtt: + enabled: true + cluster: + enabled: false + gateway: + enabled: false + monitor: + enabled: false + profiling: + enabled: false + + # merge or patch the service + # https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.24/#service-v1-core + merge: {} + patch: [] + # defaults to "{{ include "nats.fullname" $ }}" + name: + +############################################################ +# other nats extension points +############################################################ + +# stateful set +statefulSet: + # merge or patch the stateful set + # https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.24/#statefulset-v1-apps + merge: {} + patch: [] + # defaults to "{{ include "nats.fullname" $ }}" + name: + +# stateful set -> pod template +podTemplate: + # adds a hash of the ConfigMap as a pod annotation + # this will cause the StatefulSet to roll when the ConfigMap is updated + configChecksumAnnotation: true + + # map of topologyKey: topologySpreadConstraint + # labelSelector will be added to match StatefulSet pods + # + # topologySpreadConstraints: + # kubernetes.io/hostname: + # maxSkew: 1 + # + topologySpreadConstraints: {} + + # merge or patch the pod template + # https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.24/#pod-v1-core + merge: {} + patch: [] + +# headless service +headlessService: + # merge or patch the headless service + # https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.24/#service-v1-core + merge: {} + patch: [] + # defaults to "{{ include "nats.fullname" $ }}-headless" + name: + +# config map +configMap: + # merge or patch the config map + # https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.24/#configmap-v1-core + merge: {} + patch: [] + # defaults to "{{ include "nats.fullname" $ }}-config" + name: + +# pod disruption budget +podDisruptionBudget: + enabled: true + # merge or patch the pod disruption budget + # https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.24/#poddisruptionbudget-v1-policy + merge: {} + patch: [] + # defaults to "{{ include "nats.fullname" $ }}" + name: + +# service account +serviceAccount: + enabled: false + # merge or patch the service account + # https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.24/#serviceaccount-v1-core + merge: {} + patch: [] + # defaults to "{{ include "nats.fullname" $ }}" + name: + + +############################################################ +# natsBox +# +# NATS Box Deployment and associated resources +############################################################ +natsBox: + enabled: true + + ############################################################ + # NATS contexts + ############################################################ + contexts: + default: + creds: + # set contents in order to create a secret with the creds file contents + contents: + # set secretName in order to mount an existing secret to dir + secretName: + # defaults to /etc/nats-creds/ + dir: + key: nats.creds + nkey: + # set contents in order to create a secret with the nkey file contents + contents: + # set secretName in order to mount an existing secret to dir + secretName: + # defaults to /etc/nats-nkeys/ + dir: + key: nats.nk + # used to connect with client certificates + tls: + # set secretName in order to mount an existing secret to dir + secretName: + # defaults to /etc/nats-certs/ + dir: + cert: tls.crt + key: tls.key + + # merge or patch the context + # https://docs.nats.io/using-nats/nats-tools/nats_cli#nats-contexts + merge: {} + patch: [] + + # name of context to select by default + defaultContextName: default + + ############################################################ + # deployment -> pod template -> nats-box container + ############################################################ + container: + image: + repository: natsio/nats-box + tag: 0.15.0 + pullPolicy: + registry: + + # env var map, see nats.env for an example + env: {} + + # merge or patch the container + # https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.24/#container-v1-core + merge: {} + patch: [] + + ############################################################ + # other nats-box extension points + ############################################################ + + # deployment + deployment: + # merge or patch the deployment + # https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.24/#deployment-v1-apps + merge: {} + patch: [] + # defaults to "{{ include "nats.fullname" $ }}-box" + name: + + # deployment -> pod template + podTemplate: + # merge or patch the pod template + # https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.24/#pod-v1-core + merge: {} + patch: [] + + # contexts secret + contextsSecret: + # merge or patch the context secret + # https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.24/#secret-v1-core + merge: {} + patch: [] + # defaults to "{{ include "nats.fullname" $ }}-box-contexts" + name: + + # contents secret + contentsSecret: + # merge or patch the contents secret + # https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.24/#secret-v1-core + merge: {} + patch: [] + # defaults to "{{ include "nats.fullname" $ }}-box-contents" + name: + + # service account + serviceAccount: + enabled: false + # merge or patch the service account + # https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.24/#serviceaccount-v1-core + merge: {} + patch: [] + # defaults to "{{ include "nats.fullname" $ }}-box" + name: + + +################################################################################ +# Extra user-defined resources +################################################################################ +# +# add arbitrary user-generated resources +# example: +# +# config: +# websocket: +# enabled: true +# extraResources: +# - apiVersion: networking.istio.io/v1beta1 +# kind: VirtualService +# metadata: +# name: +# $tplYaml: > +# {{ include "nats.fullname" $ | quote }} +# labels: +# $tplYaml: | +# {{ include "nats.labels" $ }} +# spec: +# hosts: +# - demo.nats.io +# gateways: +# - my-gateway +# http: +# - name: default +# match: +# - name: root +# uri: +# exact: / +# route: +# - destination: +# host: +# $tplYaml: > +# {{ .Values.service.name | quote }} +# port: +# number: +# $tplYaml: > +# {{ .Values.config.websocket.port }} +# +extraResources: []