Retracted: Fixed.
Documentation
¶
Index ¶
- Constants
- func BuildServerConf(p ServerConfParams) string
- func ClusterRoutesFormat(headlessName string, replicas int) string
- func ClusterRoutesMerge(headlessName string, replicas int, clusterPort int, existingServerConf string) string
- func EnsureJetStreamKeySecret(ctx context.Context, ...) (created bool, err error)
- func EnsureNatsSecrets(ctx context.Context, ...) ([]corev1.Secret, error)
- func JetStreamKeySecretName(controlplaneName string) string
- func NewJWTBundleConfigMap(namespace string, labels map[string]string, accountJWTs map[string]string) *corev1.ConfigMap
- func NewNatsClientService(namespace string, labels map[string]string, serviceType corev1.ServiceType, ...) *corev1.Service
- func NewNatsConfigMap(namespace, instanceName string, labels map[string]string, ...) *corev1.ConfigMap
- func NewNatsHeadlessService(namespace string, labels map[string]string) *corev1.Service
- func NewNatsServerService(namespace string, labels map[string]string) *corev1.Service
- func ServerConfKey() string
- func ToNatsSize(s string) string
- type BootstrapFromAPI
- type NatsBootstrapSecrets
- type ServerConfParams
Constants ¶
const ( OperatorSeedSecretName = "nats-operator-seed" SystemAccountSeedSecret = "nats-system-account-seed" HubSystemUserCredsSecret = "nats-creds-sys-admin-hub" SystemAccountName = "SYS" HubSystemUserName = "admin-hub" HubSystemUserCredsDataKey = "admin-hub.creds" )
Controller-compatible secret names and data keys (see nats-auth-service.js).
const ( NatsSiteCASecret = "nats-site-ca" NatsSiteServerSecret = "nats-site-server" NatsLocalCASecret = "default-nats-local-ca" NatsMqttServerSecret = "nats-mqtt-server" )
NATS TLS secret names (aligned with Controller nats-service.js).
const ( DefaultServerPort = 4222 DefaultClusterPort = 6222 DefaultLeafPort = 7422 DefaultMqttPort = 8883 DefaultHttpPort = 8222 )
Default NATS ports (aligned with Controller nats-hub-service.js).
const ( DefaultStorageSize = "10G" DefaultMemoryStoreSize = "1G" )
Default JetStream storage sizes for NATS server.conf (max_file_store, max_memory_store). NATS uses decimal units: G, M, T, K (not Gi, Mi, Ti, Ki).
const ( ConfigMapName = "iofog-nats-config" JWTBundleCMName = "iofog-nats-jwt-bundle" HeadlessServiceName = "nats-headless" ClientServiceName = "nats" ServerServiceName = "nats-server" )
ConfigMap and Secret names (ControlPlane namespace).
const DefaultStorageSizePVC = "10Gi"
DefaultStorageSizePVC is the default PVC size for JetStream file store; Kubernetes uses Gi/Mi.
Variables ¶
This section is empty.
Functions ¶
func BuildServerConf ¶
func BuildServerConf(p ServerConfParams) string
BuildServerConf returns server.conf content with placeholders replaced. SELFNAME is left as $SELFNAME so the NATS image can substitute from the pod's metadata.name (downward API).
func ClusterRoutesFormat ¶
ClusterRoutesFormat returns the NATS cluster routes as a YAML array string for server.conf. NATS expects routes to be an array, not a comma-separated string (avoids "interface {} is string, not []interface {}").
func ClusterRoutesMerge ¶
func ClusterRoutesMerge(headlessName string, replicas int, clusterPort int, existingServerConf string) string
ClusterRoutesMerge returns cluster routes for server.conf: K8s ordinal routes for 0..replicas-1 plus any existing non-K8s routes (e.g. controller-added agent nodes). If existingServerConf is empty or parsing fails, returns ClusterRoutesFormat(headlessName, replicas). Operator-managed routes are replaced (not appended); other routes are deduplicated.
func EnsureJetStreamKeySecret ¶
func EnsureJetStreamKeySecret(ctx context.Context, getSecret func(context.Context, types.NamespacedName, *corev1.Secret) error, createSecret func(context.Context, *corev1.Secret) error, namespace, controlplaneName string, labels map[string]string) (created bool, err error)
EnsureJetStreamKeySecret ensures the JetStream encryption key secret exists (nats-jetstream-key-<controlplaneName>). Key in data is "jsk", value is 32 random bytes base64-encoded.
func EnsureNatsSecrets ¶
func EnsureNatsSecrets(ctx context.Context, getSecret func(context.Context, types.NamespacedName, *corev1.Secret) error, namespace, instanceName, headlessName string, replicas int, address string, labels map[string]string) ([]corev1.Secret, error)
EnsureNatsSecrets ensures NATS TLS secrets exist in the namespace. Creates nats-site-ca, nats-site-server, default-nats-local-ca, nats-mqtt-server. Uses same pattern as router (util.GenerateSecret). headlessName is typically "nats-headless". address is the external host (LB or ingress) for SANs, like createRouterSecrets.
func JetStreamKeySecretName ¶
JetStream key secret name suffix: nats-jetstream-key-<controlplane-name>
func NewJWTBundleConfigMap ¶
func NewJWTBundleConfigMap(namespace string, labels map[string]string, accountJWTs map[string]string) *corev1.ConfigMap
NewJWTBundleConfigMap creates the iofog-nats-jwt-bundle ConfigMap with account JWTs only. Keys are ${accountPublicKey}.jwt (e.g. for system account: ACxxxxx.jwt). At bootstrap pass a single entry: systemAccountPublicKey -> systemAccountJWT.
func NewNatsClientService ¶
func NewNatsClientService(namespace string, labels map[string]string, serviceType corev1.ServiceType, annotations map[string]string) *corev1.Service
NewNatsClientService creates the client-facing Service for NATS (cluster, leaf, mqtt).
func NewNatsConfigMap ¶
func NewNatsConfigMap(namespace, instanceName string, labels map[string]string, serverConfContent string) *corev1.ConfigMap
NewNatsConfigMap creates the iofog-nats-config ConfigMap with server.conf content.
func NewNatsHeadlessService ¶
NewNatsHeadlessService creates the headless Service for the NATS StatefulSet (all ports).
func NewNatsServerService ¶
NewNatsServerService creates the nats-server Service (client and monitor ports only, ClusterIP).
func ServerConfKey ¶
func ServerConfKey() string
ServerConfKey returns the ConfigMap data key for server.conf (used when reading existing config for route merge).
func ToNatsSize ¶
ToNatsSize converts a size string to NATS units (G, M, T, K). NATS does not support Gi, Mi, Ti, Ki. Use for max_file_store and max_memory_store in server.conf. Handles lower and upper case (e.g. 10gi, 10Gi -> 10G).
Types ¶
type BootstrapFromAPI ¶
type BootstrapFromAPI struct {
OperatorJwt string
OperatorPublicKey string
OperatorSeed string
SystemAccountJwt string
SystemAccountPublicKey string
SysUserCredsBase64 string
}
BootstrapFromAPI is the response from GET /api/v3/nats/bootstrap (Controller). Controller performs bootstrap and returns this; operator only persists to K8s secrets. SysUserCredsBase64 is the hub system user creds file encoded in base64.
type NatsBootstrapSecrets ¶
type NatsBootstrapSecrets struct {
OperatorJWT string
SystemAccountJWT string
SystemAccountPubKey string // for JWT bundle key ${pubKey}.jwt
CredsContent string
}
NatsBootstrapSecrets holds the secrets created by NATS bootstrap (for use in ConfigMap and mounts).
func EnsureNatsBootstrapFromController ¶
func EnsureNatsBootstrapFromController(ctx context.Context, createSecret func(context.Context, *corev1.Secret) error, namespace string, labels map[string]string, api *BootstrapFromAPI) (*NatsBootstrapSecrets, error)
EnsureNatsBootstrapFromController saves NATS bootstrap data from the Controller API into K8s secrets. The Controller handles bootstrap (GET /api/v3/nats/bootstrap); the operator only persists. SysUserCredsBase64 in the response is decoded from base64 before storing in the hub creds secret.
type ServerConfParams ¶
type ServerConfParams struct {
ServerPort int
HttpPort int
OperatorJWT string
SystemAccount string
JetStreamDomain string
JetStreamKey string
JetStreamPrev string
ClusterRoutes string
SSLDir string
CertName string
MqttCertName string
LeafPort int
LeafAdvertise string
ClusterPort int
MqttPort int
JWTDir string
ControllerName string
MaxMemoryStore string
MaxFileStore string
}
ServerConfParams holds values to fill into the server.conf template.
Source Files