helm/charts/nack/values.yaml

###############################
#                             #
#  NACK JetStream Controller  #
#                             #
###############################
jetstream:
  enabled: true
  image:
    repository: natsio/jetstream-controller
    tag: 0.14.1
    pullPolicy: IfNotPresent
    # registry: docker.io

  # NATS URL
  nats:
    url:

    #
    # The nkey file to load in to connect to the NATS Server.
    #
    # nkey:
    #   secret:
    #     name: nats-sys-nkey
    #     key: sys.nkey
    #
    # The credentials file to load in to connect to the NATS Server.
    #
    # credentials:
    #   secret:
    #     name: nats-sys-creds
    #     key: sys.creds
    #

  # TLS
  # Enabled must be true, and a secret name specified for this to work
  tls:
    enabled: false
    # the secret containing the client ca.crt, tls.crt, and tls.key for NATS
    secretName:
    # Reference
    # https://docs.nats.io/nats-streaming-server/configuring/cfgfile#tls-configuration
    settings:
      client_cert: "/etc/nats/certs/tls.crt"
      client_key: "/etc/nats/certs/tls.key"
      client_ca: "/etc/nats/certs/ca.crt"
      timeout: 3

  # additional arguments to pass to the controller process
  additionalArgs: []

# restrict the controller to only watch resources in it's current namespace
namespaced: false

nameOverride: ""
namespaceOverride: ""
imagePullSecrets: []
serviceAccountName: ""
# Toggle whether to automatically mount Service Account token in the pod
# not set means default value, boolean true/false overrides default value
# automountServiceAccountToken: true

## Pod priority class name
## ref: https://kubernetes.io/docs/concepts/configuration/pod-priority-preemption/#priorityclass
priorityClassName: null

# additionalVolumes are the additional volumes to add
additionalVolumes: []

# additionalVolumeMounts are the additional volume mounts to add
additionalVolumeMounts: []

# Rules to be applied to ClusterRole or Role
# Set as a string so that it can be templated to allow further customization
rbacRules: |
  rules:
  - apiGroups:
    - ''
    resources:
    - events
    verbs:
    - create
    - update
    - patch
  - apiGroups:
    - ''
    resources:
    - secrets
    verbs:
    - get
    - watch
    - list
  - apiGroups:
    - jetstream.nats.io
    resources:
    - streams
    - streams/status
    - consumers
    - consumers/status
    - streamtemplates
    - streamtemplates/status
    - accounts
    verbs:
    - create
    - get
    - list
    - watch
    - patch
    - update
    - delete

podAnnotations: {}

# Toggle whether to use setup a Pod Security Context
# ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/
securityContext: {}
# securityContext:
#   fsGroup: 1000
#   runAsUser: 1000
#   runAsNonRoot: true

# Configure a container security context
# ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container
containerSecurityContext: {}
# containerSecurityContext:
#   allowPrivilegeEscalation: false
#   readOnlyRootFilesystem: true

# Affinity for pod assignment
# ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity
affinity: {}

# Node labels for pod assignment
# Ref: https://kubernetes.io/docs/user-guide/node-selection/
nodeSelector: {}

# Node tolerations for server scheduling to nodes with taints
# Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/
#
tolerations: []
#  - key: "key"
#    operator: "Equal|Exists"
#    value: "value"
#    effect: "NoSchedule|PreferNoSchedule|NoExecute(1.6 only)"

# Resource requests and limits for primary stan container
# ref: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
resources: {}

# Toggle to prevent the controller making changes to NATS streams/consumers.
readOnly: false