diff --git a/justfile b/justfile index 5f8ff22..f3872f5 100644 --- a/justfile +++ b/justfile @@ -28,6 +28,7 @@ mod longhorn mod metabase mod mlflow mod minio +mod nats mod nvidia-device-plugin mod fairwinds-polaris mod oauth2-proxy diff --git a/nats/justfile b/nats/justfile new file mode 100644 index 0000000..2286c59 --- /dev/null +++ b/nats/justfile @@ -0,0 +1,113 @@ +set fallback := true + +export NATS_NAMESPACE := env("NATS_NAMESPACE", "nats") +export NATS_CHART_VERSION := env("NATS_CHART_VERSION", "2.12.2") +export NATS_REPLICAS := env("NATS_REPLICAS", "1") +export NATS_JETSTREAM_ENABLED := env("NATS_JETSTREAM_ENABLED", "true") +export NATS_JETSTREAM_STORAGE_SIZE := env("NATS_JETSTREAM_STORAGE_SIZE", "10Gi") +export NATS_JETSTREAM_MEMORY_SIZE := env("NATS_JETSTREAM_MEMORY_SIZE", "256Mi") + +[private] +default: + @just --list --unsorted --list-submodules + +# Add Helm repository +add-helm-repo: + helm repo add nats https://nats-io.github.io/k8s/helm/charts/ + helm repo update nats + +# Remove Helm repository +remove-helm-repo: + helm repo remove nats + +# Create NATS namespace +create-namespace: + #!/bin/bash + set -euo pipefail + if ! kubectl get namespace ${NATS_NAMESPACE} &>/dev/null; then + kubectl create namespace ${NATS_NAMESPACE} + fi + kubectl label namespace ${NATS_NAMESPACE} \ + pod-security.kubernetes.io/enforce=restricted \ + pod-security.kubernetes.io/enforce-version=latest \ + pod-security.kubernetes.io/warn=restricted \ + pod-security.kubernetes.io/warn-version=latest \ + --overwrite + +# Delete NATS namespace +delete-namespace: + kubectl delete namespace ${NATS_NAMESPACE} --ignore-not-found + +# Install NATS +install: + #!/bin/bash + set -euo pipefail + + just create-namespace + just add-helm-repo + + gomplate -f values.gomplate.yaml -o values.yaml + helm upgrade --install nats nats/nats \ + --version ${NATS_CHART_VERSION} \ + -n ${NATS_NAMESPACE} \ + -f values.yaml \ + --wait + + echo "" + echo "NATS installed successfully" + echo "Namespace: ${NATS_NAMESPACE}" + echo "Replicas: ${NATS_REPLICAS}" + echo "JetStream enabled: ${NATS_JETSTREAM_ENABLED}" + echo "" + echo "Internal URL: nats://nats.${NATS_NAMESPACE}.svc:4222" + +# Upgrade NATS +upgrade: + #!/bin/bash + set -euo pipefail + + gomplate -f values.gomplate.yaml -o values.yaml + helm upgrade nats nats/nats \ + --version ${NATS_CHART_VERSION} \ + -n ${NATS_NAMESPACE} \ + -f values.yaml \ + --wait + + echo "NATS upgraded successfully" + +# Uninstall NATS +uninstall: + #!/bin/bash + set -euo pipefail + if ! gum confirm "Are you sure you want to uninstall NATS?"; then + echo "Aborted" + exit 0 + fi + helm uninstall nats -n ${NATS_NAMESPACE} --wait --ignore-not-found + just delete-namespace + echo "NATS uninstalled" + +# Show NATS status +status: + kubectl get pods -n ${NATS_NAMESPACE} + kubectl get svc -n ${NATS_NAMESPACE} + +# Show NATS logs +logs: + kubectl logs -n ${NATS_NAMESPACE} -l app.kubernetes.io/name=nats -f + +# Show server info via monitoring endpoint +server-info: + kubectl exec -n ${NATS_NAMESPACE} nats-0 -c nats -- \ + wget -qO- http://localhost:8222/varz | head -50 + +# Show JetStream info via monitoring endpoint +js-info: + kubectl exec -n ${NATS_NAMESPACE} nats-0 -c nats -- \ + wget -qO- http://localhost:8222/jsz + +# Port forward for local testing +port-forward: + @echo "NATS available at localhost:4222" + @echo "Monitor available at http://localhost:8222" + kubectl port-forward -n ${NATS_NAMESPACE} svc/nats 4222:4222 8222:8222 diff --git a/nats/values.gomplate.yaml b/nats/values.gomplate.yaml new file mode 100644 index 0000000..22d8574 --- /dev/null +++ b/nats/values.gomplate.yaml @@ -0,0 +1,64 @@ +config: + cluster: + enabled: {{ if gt (conv.ToInt .Env.NATS_REPLICAS) 1 }}true{{ else }}false{{ end }} + replicas: {{ .Env.NATS_REPLICAS }} + + jetstream: + enabled: {{ .Env.NATS_JETSTREAM_ENABLED }} + fileStore: + enabled: true + dir: /data + pvc: + enabled: true + size: {{ .Env.NATS_JETSTREAM_STORAGE_SIZE }} + memoryStore: + enabled: true + maxSize: {{ .Env.NATS_JETSTREAM_MEMORY_SIZE }} + + monitor: + enabled: true + port: 8222 + +container: + resources: + requests: + cpu: 50m + memory: 64Mi + limits: + cpu: 500m + memory: 512Mi + + merge: + securityContext: + runAsUser: 1000 + runAsNonRoot: true + allowPrivilegeEscalation: false + seccompProfile: + type: RuntimeDefault + capabilities: + drop: + - ALL + +reloader: + enabled: true + merge: + securityContext: + runAsUser: 1000 + runAsNonRoot: true + allowPrivilegeEscalation: false + seccompProfile: + type: RuntimeDefault + capabilities: + drop: + - ALL + +podTemplate: + merge: + spec: + securityContext: + fsGroup: 1000 + seccompProfile: + type: RuntimeDefault + +natsBox: + enabled: false diff --git a/nats/values.yaml b/nats/values.yaml new file mode 100644 index 0000000..df9f72b --- /dev/null +++ b/nats/values.yaml @@ -0,0 +1,64 @@ +config: + cluster: + enabled: false + replicas: 1 + + jetstream: + enabled: true + fileStore: + enabled: true + dir: /data + pvc: + enabled: true + size: 10Gi + memoryStore: + enabled: true + maxSize: 256Mi + + monitor: + enabled: true + port: 8222 + +container: + resources: + requests: + cpu: 50m + memory: 64Mi + limits: + cpu: 500m + memory: 512Mi + + merge: + securityContext: + runAsUser: 1000 + runAsNonRoot: true + allowPrivilegeEscalation: false + seccompProfile: + type: RuntimeDefault + capabilities: + drop: + - ALL + +reloader: + enabled: true + merge: + securityContext: + runAsUser: 1000 + runAsNonRoot: true + allowPrivilegeEscalation: false + seccompProfile: + type: RuntimeDefault + capabilities: + drop: + - ALL + +podTemplate: + merge: + spec: + securityContext: + fsGroup: 1000 + seccompProfile: + type: RuntimeDefault + +natsBox: + enabled: false