Revamp NATS deployment

Signed-off-by: Paulo Pires <pjpires@gmail.com>
pires · Dec 17, 2017 · e3c9e04 · e3c9e04
1 parent 1b0869f
commit e3c9e04
Show file tree

Hide file tree

Showing 5 changed files with 133 additions and 104 deletions.
diff --git a/deployment-tls.yaml b/deployment-tls.yaml
diff --git a/deployment.yaml b/deployment.yaml
diff --git a/nats.conf b/nats.conf
@@ -0,0 +1,62 @@
+listen: 0.0.0.0:4242
+http: 0.0.0.0:8222
+
+tls {
+  cert_file:  "/etc/nats/tls/nats.pem"
+  key_file:   "/etc/nats/tls/nats-key.pem"
+  timeout:    2
+}
+
+# Authorization for client connections
+authorization {
+    user:     nats_client_user
+    # ./util/mkpasswd -p T0pS3cr3t
+    password: nats_client_pwd
+    timeout:  1
+}
+
+# Cluster definition
+cluster {
+    listen: 0.0.0.0:6222
+
+    tls {
+        cert_file:  "/etc/nats/tls/nats.pem"
+        key_file:   "/etc/nats/tls/nats-key.pem"
+        ca_file:    "/etc/nats/tls/ca.pem"
+        timeout:    2
+    }
+
+    # Authorization for route connections
+    authorization {
+        user: nats_route_user
+        password: nats_route_pwd
+        timeout: 0.5
+    }
+
+    # Routes are actively solicited and connected to from this server.
+    # Other servers can connect to us if they supply the correct credentials
+    # in their routes definitions from above.
+    routes = [
+        nats://nats_route_user:nats_route_pwd@nats:6222
+    ]
+}
+
+# logging options
+debug:   false
+trace:   true
+logtime: true
+
+# Some system overides
+
+# max_connections
+max_connections: 100
+
+# maximum protocol control line
+max_control_line: 512
+
+# maximum payload
+max_payload: 65536
+
+# Duration the server can block on a socket write to a client.  Exceeding the
+# deadline will designate a client as a slow consumer.
+write_deadline: "2s"
diff --git a/nats.yml b/nats.yml
@@ -0,0 +1,71 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: nats
+  labels:
+    component: nats
+spec:
+  selector:
+    component: nats
+  clusterIP: None
+  ports:
+  - name: client
+    port: 4222
+  - name: cluster
+    port: 6222
+  - name: monitor
+    port: 8222
+---
+apiVersion: apps/v1beta1
+kind: StatefulSet
+metadata:
+  name: nats
+  labels:
+    component: nats
+spec:
+  serviceName: nats
+  replicas: 3
+  template:
+    metadata:
+      labels:
+        component: nats
+    spec:
+      affinity:
+        podAntiAffinity:
+          requiredDuringSchedulingIgnoredDuringExecution:
+          - labelSelector:
+              matchExpressions:
+                - key: component
+                  operator: In
+                  values:
+                    - nats
+            topologyKey: kubernetes.io/hostname
+      containers:
+      - name: nats
+        image: nats:1.0.4
+        args: [ "--config", "/etc/nats/nats.conf"]
+        volumeMounts:
+          - name: tls-volume
+            mountPath: /etc/nats/tls
+          - name: config-volume
+            mountPath: /etc/nats
+        ports:
+        - containerPort: 4222
+          name: client
+        - containerPort: 6222
+          name: cluster
+        - containerPort: 8222
+          name: monitor
+        livenessProbe:
+          httpGet:
+            path: /
+            port: 8222
+          initialDelaySeconds: 10
+          timeoutSeconds: 5
+      volumes:
+      - name: tls-volume
+        secret:
+          secretName: tls-nats-server
+      - name: config-volume
+        configMap:
+          name: nats-config
diff --git a/svc.yaml b/svc.yaml