{"id":13742491,"url":"https://github.com/nats-io/nats-operator","last_synced_at":"2025-05-08T23:33:53.239Z","repository":{"id":44169295,"uuid":"75548298","full_name":"nats-io/nats-operator","owner":"nats-io","description":"NATS Operator","archived":false,"fork":false,"pushed_at":"2023-11-15T22:02:19.000Z","size":12306,"stargazers_count":570,"open_issues_count":58,"forks_count":115,"subscribers_count":15,"default_branch":"master","last_synced_at":"2024-04-14T02:21:09.257Z","etag":null,"topics":["cluster","kubernetes","message-queue","nats","operator","pubsub"],"latest_commit_sha":null,"homepage":"https://nats-io.github.io/k8s/","language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/nats-io.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":"GOVERNANCE.md","roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2016-12-04T16:07:52.000Z","updated_at":"2024-05-22T14:55:54.447Z","dependencies_parsed_at":"2024-05-22T15:05:49.684Z","dependency_job_id":null,"html_url":"https://github.com/nats-io/nats-operator","commit_stats":{"total_commits":446,"total_committers":57,"mean_commits":7.824561403508772,"dds":0.5201793721973094,"last_synced_commit":"5e702c59781fdef7028dd4757d12278c4129a8f4"},"previous_names":[],"tags_count":17,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/nats-io%2Fnats-operator","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/nats-io%2Fnats-operator/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/nats-io%2Fnats-operator/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/nats-io%2Fnats-operator/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/nats-io","download_url":"https://codeload.github.com/nats-io/nats-operator/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":253165497,"owners_count":21864443,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["cluster","kubernetes","message-queue","nats","operator","pubsub"],"created_at":"2024-08-03T05:00:32.908Z","updated_at":"2025-05-08T23:33:52.735Z","avatar_url":"https://github.com/nats-io.png","language":"Go","funding_links":[],"categories":["Repository is obsolete"],"sub_categories":["Awesome Operators in the Wild"],"readme":"# NATS Operator\n\n\u003e :warning: The recommended way of running NATS on Kubernetes is by using the [Helm charts](https://github.com/nats-io/k8s/tree/master/helm/charts/nats). If looking for [JetStream](https://github.com/nats-io/jetstream) support, this is supported in the [Helm charts](https://github.com/nats-io/k8s/tree/master/helm/charts/nats#jetstream).  The NATS Operator is not recommended to be used for new deployments.\n\n[![License Apache 2.0](https://img.shields.io/badge/License-Apache2-blue.svg)](https://www.apache.org/licenses/LICENSE-2.0)\n[![Build Status](https://travis-ci.org/nats-io/nats-operator.svg?branch=master)](https://travis-ci.org/nats-io/nats-operator)\n[![Version](https://d25lcipzij17d.cloudfront.net/badge.svg?id=go\u0026type=5\u0026v=0.8.2)](https://github.com/nats-io/nats-operator/releases/tag/v0.8.2)\n\nNATS Operator manages NATS clusters atop [Kubernetes][k8s-home] using [CRDs](https://kubernetes.io/docs/concepts/extend-kubernetes/api-extension/custom-resources/).  If looking to run NATS on K8S without the operator you can also find [Helm charts in the nats-io/k8s repo](https://github.com/nats-io/k8s#helm-charts-for-nats). You can also find more info about running NATS on Kubernetes in the [docs](https://docs.nats.io/nats-on-kubernetes/nats-kubernetes) as well as a minimal setup using `StatefulSets` only without using the operator to get started [here](https://docs.nats.io/nats-on-kubernetes/minimal-setup).\n\n[k8s-home]: http://kubernetes.io\n\n## Requirements\n\n- Kubernetes v1.10+.\n  - [Configuration reloading](#configuration-reload) is only supported in Kubernetes v1.12+.\n  - [Authentication using service accounts](#auth-service-accounts) is only supported in Kubernetes v1.12+ having the `TokenRequest` API enabled.\n\n## Introduction\n\nNATS Operator provides a `NatsCluster` [Custom Resources Definition](https://kubernetes.io/docs/tasks/access-kubernetes-api/extend-api-custom-resource-definitions/) (CRD) that models a NATS cluster.\nThis CRD allows for specifying the desired size and version for a NATS cluster, as well as several other advanced options:\n\n```yaml\napiVersion: nats.io/v1alpha2\nkind: NatsCluster\nmetadata:\n  name: example-nats-cluster\nspec:\n  size: 3\n  version: \"2.1.8\"\n```\n\nNATS Operator monitors creation/modification/deletion of `NatsCluster` resources and reacts by attempting to perform the any necessary operations on the associated NATS clusters in order to align their current status with the desired one.\n\n## Installing\n\nNATS Operator supports two different operation modes:\n\n* **Namespace-scoped (classic):** NATS Operator manages `NatsCluster` resources on the Kubernetes namespace where it is deployed.\n* **Cluster-scoped (experimental):** NATS Operator manages `NatsCluster` resources across all namespaces in the Kubernetes cluster.\n\nThe operation mode must be chosen when installing NATS Operator and cannot be changed later.\n\n### Namespace-scoped installation\n\nTo perform a namespace-scoped installation of NATS Operator in the Kubernetes cluster pointed at by the current context, you may run:\n\n```console\n$ kubectl apply -f https://github.com/nats-io/nats-operator/releases/latest/download/00-prereqs.yaml\n$ kubectl apply -f https://github.com/nats-io/nats-operator/releases/latest/download/10-deployment.yaml\n``` \n\nThis will, by default, install NATS Operator in the `default` namespace and observe `NatsCluster` resources created in the `default` namespace, alone.\nIn order to install in a different namespace, you must first create said namespace and edit the manifests above in order to specify its name wherever necessary.\n\n**WARNING:** To perform multiple namespace-scoped installations of NATS Operator, you must manually edit the `nats-operator-binding` cluster role binding in `deploy/00-prereqs.yaml` file in order to add all the required service accounts.\nFailing to do so may cause all NATS Operator instances to malfunction.\n\n**WARNING:** When performing a namespace-scoped installation of NATS Operator, you must make sure that all other namespace-scoped installations that may exist in the Kubernetes cluster share the same version.\nInstalling different versions of NATS Operator in the same Kubernetes cluster may cause unexpected behavior as the schema of the CRDs which NATS Operator registers may change between versions.\n\nAlternatively, you may use [Helm](https://www.helm.sh/) to perform a namespace-scoped installation of NATS Operator.\nTo do so you may go to [helm/nats-operator](https://github.com/nats-io/nats-operator/tree/master/helm/nats-operator) and use the Helm charts found in that repo.\n\n\n### Cluster-scoped installation (experimental)\n\nCluster-scoped installations of NATS Operator must live in the `nats-io` namespace.\nThis namespace must be created beforehand:\n\n```console\n$ kubectl create ns nats-io\n```\n\nThen, you must manually edit the manifests in `deployment/` in order to reference the `nats-io` namespace and to enable the `ClusterScoped` feature gate in the NATS Operator deployment.\n\n```yaml\napiVersion: apps/v1\nkind: Deployment\nmetadata:\n  name: nats-operator\n  namespace: nats-io\nspec:\n  (...)\n    spec:\n      containers:\n      - name: nats-operator\n        (...)\n        args:\n        - nats-operator\n        - --feature-gates=ClusterScoped=true\n        (...)\n```\n\nOnce you have done this, you may install NATS Operator by running:\n\n```console\n$ kubectl apply -f https://github.com/nats-io/nats-operator/releases/latest/download/00-prereqs.yaml\n$ kubectl apply -f https://github.com/nats-io/nats-operator/releases/latest/download/10-deployment.yaml\n``` \n\n**WARNING:** When performing a cluster-scoped installation of NATS Operator, you must make sure that there are no other deployments of NATS Operator in the Kubernetes cluster.\nIf you have a previous installation of NATS Operator, you must uninstall it before performing a cluster-scoped installation of NATS Operator.  \n\n## Creating a NATS cluster\n\nOnce NATS Operator has been installed, you will be able to confirm that two new CRDs have been registered in the cluster:\n\n```console\n$ kubectl get crd\nNAME                       CREATED AT\nnatsclusters.nats.io       2019-01-11T17:16:36Z\nnatsserviceroles.nats.io   2019-01-11T17:16:40Z\n```\n\nTo create a NATS cluster, you must create a `NatsCluster` resource representing the desired status of the cluster.\nFor example, to create a 3-node NATS cluster you may run:\n\n```console\n$ cat \u003c\u003cEOF | kubectl create -f -\napiVersion: nats.io/v1alpha2\nkind: NatsCluster\nmetadata:\n  name: example-nats-cluster\nspec:\n  size: 3\n  version: \"1.3.0\"\nEOF\n```\n\nNATS Operator will react to the creation of such a resource by creating three NATS pods.\nThese pods will keep being monitored (and replaced in case of failure) by NATS Operator for as long as this `NatsCluster` resource exists.\n\n## Listing NATS clusters\n\nTo list all the NATS clusters:\n\n```sh\n$ kubectl get nats --all-namespaces\nNAMESPACE   NAME                   AGE\ndefault     example-nats-cluster   2m\n```\n\n## TLS support\n\nBy using a pair of opaque secrets (one for the clients and then another for the routes),\nit is possible to set TLS for the communication between the clients and also for the\ntransport between the routes:\n\n```yaml\napiVersion: \"nats.io/v1alpha2\"\nkind: \"NatsCluster\"\nmetadata:\n  name: \"nats\"\nspec:\n  # Number of nodes in the cluster\n  size: 3\n  version: \"1.3.0\"\n\n  tls:\n    # Certificates to secure the NATS client connections:\n    serverSecret: \"nats-clients-tls\"\n\n    # Certificates to secure the routes.\n    routesSecret: \"nats-routes-tls\"\n```\n\nIn order for TLS to be properly established between the nodes, it is \nnecessary to create a wildcard certificate that matches the subdomain\ncreated for the service from the clients and the one for the routes.\n\nBy default, the `routesSecret` has to provide the files: `ca.pem`, `route-key.pem`, `route.pem`,\nfor the CA, server private and public key respectively.\n\n```\n$ kubectl create secret generic nats-routes-tls --from-file=ca.pem --from-file=route-key.pem --from-file=route.pem\n```\n\nSimilarly, by default the `serverSecret` has to provide the files: `ca.pem`, `server-key.pem`, and `server.pem`\nfor the CA, server private key and public key used to secure the connection\nwith the clients.\n\n```\n$ kubectl create secret generic nats-clients-tls --from-file=ca.pem --from-file=server-key.pem --from-file=server.pem\n```\n\nConsider though that you may wish to independently manage the certificate\nauthorities for routes between clusters, to support the ability to roll\nbetween CAs or their intermediates.\n\nAny filename in the below can also be an absolute path, allowing you to mount\na CA bundle in a place of your choosing.\n\nNATS also supports kubernetes.io/tls secrets (like the ones managed by cert-manager) and any secrets containing a CA, private and public keys with arbitrary names.\nIt is possible to overwrite the default names as follows:\n\n```yaml\napiVersion: \"nats.io/v1alpha2\"\nkind: \"NatsCluster\"\nmetadata:\n  name: \"nats\"\nspec:\n  # Number of nodes in the cluster\n  size: 3\n  version: \"1.3.0\"\n\n  tls:\n    # Certificates to secure the NATS client connections:\n    serverSecret: \"nats-clients-tls\"\n    # Name of the CA in serverSecret\n    serverSecretCAFileName: \"ca.crt\"\n    # Name of the key in serverSecret\n    serverSecretKeyFileName: \"tls.key\"\n    # Name of the certificate in serverSecret\n    serverSecretCertFileName: \"tls.crt\"\n\n    # Certificates to secure the routes.\n    routesSecret: \"nats-routes-tls\"\n    # Name of the CA, but not from this secret\n    routesSecretCAFileName: \"/etc/ca-bundle/routes-bundle.pem\"\n    # Name of the key in routesSecret\n    routesSecretKeyFileName: \"tls.key\"\n    # Name of the certificate in routesSecret\n    routesSecretCertFileName: \"tls.crt\"\n\n  template:\n    spec:\n      containers:\n      - name: \"nats\"\n        volumeMounts:\n        - name: \"ca-bundle\"\n          mountPath: \"/etc/ca-bundle\"\n          readOnly: true\n      volumes:\n      - name: \"ca-bundle\"\n        configMap:\n          name: \"our-ca-bundle\"\n```\n\n### Cert-Manager\n\nIf [cert-manager](https://github.com/jetstack/cert-manager) is available in your cluster, you can easily generate TLS certificates for NATS as follows:\n\nCreate a self-signed cluster issuer (or namespace-bound issuer) to create NATS' CA certificate:\n\n```yaml\napiVersion: cert-manager.io/v1alpha2\nkind: ClusterIssuer\nmetadata:\n  name: selfsigning\nspec:\n  selfSigned: {}\n```\n\nCreate your NATS cluster's CA certificate using the new `selfsigning` issuer:\n\n```yaml\napiVersion: cert-manager.io/v1alpha2\nkind: Certificate\nmetadata:\n  name: nats-ca\nspec:\n  secretName: nats-ca\n  duration: 8736h # 1 year\n  renewBefore: 240h # 10 days\n  issuerRef:\n    name: selfsigning\n    kind: ClusterIssuer\n  commonName: nats-ca\n  usages: \n    - cert sign # workaround for odd cert-manager behavior\n  organization:\n  - Your organization\n  isCA: true\n```\n\nCreate your NATS cluster issuer based on the new `nats-ca` CA:\n\n```yaml\napiVersion: cert-manager.io/v1alpha2\nkind: Issuer\nmetadata:\n  name: nats-ca\nspec:\n  ca:\n    secretName: nats-ca\n```\n\nCreate your NATS cluster's server certificate (assuming NATS is running in the `nats-io` namespace, otherwise, set the `commonName` and `dnsNames` fields appropriately):\n\n```yaml\napiVersion: cert-manager.io/v1alpha2\nkind: Certificate\nmetadata:\n  name: nats-server-tls\nspec:\n  secretName: nats-server-tls\n  duration: 2160h # 90 days\n  renewBefore: 240h # 10 days\n  usages:\n  - signing\n  - key encipherment\n  - server auth\n  issuerRef:\n    name: nats-ca\n    kind: Issuer\n  organization:\n  - Your organization\n  commonName: nats.nats-io.svc.cluster.local\n  dnsNames:\n  - nats.nats-io.svc\n```\n\nCreate your NATS cluster's routes certificate (assuming NATS is running in the `nats-io` namespace, otherwise, set the `commonName` and `dnsNames` fields appropriately):\n\n```yaml\napiVersion: cert-manager.io/v1alpha2\nkind: Certificate\nmetadata:\n  name: nats-routes-tls\nspec:\n  secretName: nats-routes-tls\n  duration: 2160h # 90 days\n  renewBefore: 240h # 10 days\n  usages:\n  - signing\n  - key encipherment\n  - server auth\n  - client auth # included because routes mutually verify each other\n  issuerRef:\n    name: nats-ca\n    kind: Issuer\n  organization:\n  - Your organization\n  commonName: \"*.nats-mgmt.nats-io.svc.cluster.local\"\n  dnsNames:\n  - \"*.nats-mgmt.nats-io.svc\"\n```\n\n### Authorization\n\n\u003ca name=\"auth-service-accounts\"\u003e\u003c/a\u003e\n#### Using ServiceAccounts\n\n\u003e :warning: The ServiceAccounts uses a very rudimentary approach of config reloading and watching CRDs and advanced K8S APIs that may not be available in your cluster.  Instead, the decentralized JWT approach should be preferred, to learn more: https://docs.nats.io/developing-with-nats/tutorials/jwt\n\nThe NATS Operator can define permissions based on Roles by using any present ServiceAccount in a namespace.\nThis feature requires a Kubernetes v1.12+ cluster having the `TokenRequest` API enabled.\nTo try this feature using `minikube` v0.30.0+, you can configure it to start as follows:\n\n```console\n$ minikube start \\\n    --extra-config=apiserver.service-account-signing-key-file=/var/lib/minikube/certs/sa.key \\\n    --extra-config=apiserver.service-account-key-file=/var/lib/minikube/certs/sa.pub \\\n    --extra-config=apiserver.service-account-issuer=api \\\n    --extra-config=apiserver.service-account-api-audiences=api,spire-server \\\n    --extra-config=apiserver.authorization-mode=Node,RBAC \\\n    --extra-config=kubelet.authentication-token-webhook=true\n```\n\nPlease note that availability of this feature across Kubernetes offerings may vary widely.\n\nServiceAccounts integration can then be enabled by setting the\n`enableServiceAccounts` flag to true in the `NatsCluster` configuration.\n\n```yaml\napiVersion: nats.io/v1alpha2\nkind: NatsCluster\nmetadata:\n  name: example-nats\nspec:\n  size: 3\n  version: \"1.3.0\"\n\n  pod:\n    # NOTE: Only supported in Kubernetes v1.12+.\n    enableConfigReload: true\n  auth:\n    # NOTE: Only supported in Kubernetes v1.12+ clusters having the \"TokenRequest\" API enabled.\n    enableServiceAccounts: true\n```\n\nPermissions for a `ServiceAccount` can be set by creating a\n`NatsServiceRole` for that account.  In the example below, there are\ntwo accounts, one is an admin user that has more permissions.\n\n```yaml\napiVersion: v1\nkind: ServiceAccount\nmetadata:\n  name: nats-admin-user\n---\napiVersion: v1\nkind: ServiceAccount\nmetadata:\n  name: nats-user\n---\napiVersion: nats.io/v1alpha2\nkind: NatsServiceRole\nmetadata:\n  name: nats-user\n  namespace: nats-io\n\n  # Specifies which NATS cluster will be mapping this account.\n  labels:\n    nats_cluster: example-nats\nspec:\n  permissions:\n    publish: [\"foo.*\", \"foo.bar.quux\"]\n    subscribe: [\"foo.bar\"]\n---\napiVersion: nats.io/v1alpha2\nkind: NatsServiceRole\nmetadata:\n  name: nats-admin-user\n  namespace: nats-io\n  labels:\n    nats_cluster: example-nats\nspec:\n  permissions:\n    publish: [\"\u003e\"]\n    subscribe: [\"\u003e\"]\n```\n\nThe above will create two different Secrets which can then be mounted as volumes\nfor a Pod.\n\n```sh\n$ kubectl -n nats-io get secrets\nNAME                                       TYPE          DATA      AGE\n...\nnats-admin-user-example-nats-bound-token   Opaque        1         43m\nnats-user-example-nats-bound-token         Opaque        1         43m\n```\n\nPlease note that `NatsServiceRole` must be created in the same namespace as \n`NatsCluster` is running, but `bound-token` will be created for `ServiceAccount` \nresources that can be placed in various namespaces.\n\nAn example of mounting the secret in a `Pod` can be found below:\n\n```yaml\napiVersion: v1\nkind: Pod\nmetadata:\n  name: nats-user-pod\n  labels:\n    nats_cluster: example-nats\nspec:\n  volumes:\n    - name: \"token\"\n      projected:\n        sources:\n        - secret:\n            name: \"nats-user-example-nats-bound-token\"\n            items:\n              - key: token\n                path: \"token\"\n  restartPolicy: Never\n  containers:\n    - name: nats-ops\n      command: [\"/bin/sh\"]\n      image: \"wallyqs/nats-ops:latest\"\n      tty: true\n      stdin: true\n      stdinOnce: true\n      volumeMounts:\n      - name: \"token\"\n        mountPath: \"/var/run/secrets/nats.io\"\n```\n\nThen within the `Pod` the token can be used to authenticate against\nthe server using the created token.\n\n```sh\n$ kubectl -n nats-io attach -it nats-user-pod\n\n/go # nats-sub -s nats://nats-user:`cat /var/run/secrets/nats.io/token`@example-nats:4222 hello.world\nListening on [hello.world]\n^C\n/go # nats-sub -s nats://nats-admin-user:`cat /var/run/secrets/nats.io/token`@example-nats:4222 hello.world\nCan't connect: nats: authorization violation\n```\n\n#### Using a single secret with the explicit configuration.\n\nAuthorization can also be set for the server by using a secret\nwhere the permissions are defined in JSON:\n\n```json\n{\n  \"users\": [\n    { \"username\": \"user1\", \"password\": \"secret1\" },\n    { \"username\": \"user2\", \"password\": \"secret2\",\n      \"permissions\": {\n\t\"publish\": [\"hello.*\"],\n\t\"subscribe\": [\"hello.world\"]\n      }\n    }\n  ],\n  \"default_permissions\": {\n    \"publish\": [\"SANDBOX.*\"],\n    \"subscribe\": [\"PUBLIC.\u003e\"]\n  }\n}\n```\n\nExample of creating a secret to set the permissions:\n\n```sh\nkubectl create secret generic nats-clients-auth --from-file=clients-auth.json\n```\n\nNow when creating a NATS cluster it is possible to set the permissions as\nin the following example:\n\n```yaml\napiVersion: \"nats.io/v1alpha2\"\nkind: \"NatsCluster\"\npmetadata:\n  name: \"example-nats-auth\"\nspec:\n  size: 3\n  version: \"1.1.0\"\n\n  auth:\n    # Definition in JSON of the users permissions\n    clientsAuthSecret: \"nats-clients-auth\"\n\n    # How long to wait for authentication\n    clientsAuthTimeout: 5\n```\n\n\u003ca name=\"configuration-reload\"\u003e\u003c/a\u003e\n### Configuration Reload\n\nOn Kubernetes v1.12+ clusters it is possible to enable on-the-fly reloading of configuration for the servers that are part of the cluster.\nThis can also be combined with the authorization support, so in case the user permissions change, then the servers will reload and apply the new permissions.\n\n```yaml\napiVersion: \"nats.io/v1alpha2\"\nkind: \"NatsCluster\"\nmetadata:\n  name: \"example-nats-auth\"\nspec:\n  size: 3\n  version: \"1.1.0\"\n\n  pod:\n    # Enable on-the-fly NATS Server config reload\n    # NOTE: Only supported in Kubernetes v1.12+.\n    enableConfigReload: true\n\n    # Possible to customize version of reloader image\n    reloaderImage: connecteverything/nats-server-config-reloader\n    reloaderImageTag: \"0.2.2-v1alpha2\"\n    reloaderImagePullPolicy: \"IfNotPresent\"\n  auth:\n    # Definition in JSON of the users permissions\n    clientsAuthSecret: \"nats-clients-auth\"\n\n    # How long to wait for authentication\n    clientsAuthTimeout: 5\n```\n\n## Connecting operated NATS clusters to external NATS clusters\n\nBy using the `extraRoutes` field on the spec you can make the operated\nNATS cluster create routes against clusters outside of Kubernetes:\n\n```yaml\napiVersion: \"nats.io/v1alpha2\"\nkind: \"NatsCluster\"\nmetadata:\n  name: \"nats\"\nspec:\n  size: 3\n  version: \"1.4.1\"\n\n  extraRoutes:\n    - route: \"nats://nats-a.example.com:6222\"\n    - route: \"nats://nats-b.example.com:6222\"\n    - route: \"nats://nats-c.example.com:6222\"\n```\n\nIt is also possible to connect to another operated NATS cluster as follows:\n\n```yaml\napiVersion: \"nats.io/v1alpha2\"\nkind: \"NatsCluster\"\nmetadata:\n  name: \"nats-v2-2\"\nspec:\n  size: 3\n  version: \"1.4.1\"\n\n  extraRoutes:\n    - cluster: \"nats-v2-1\"\n```\n\n## Resolvers\n\nThe operator only supports the `URL()` resolver, see [example/example-super-cluster.yaml](example/example-super-cluster.yaml#L56-L59)\n\n## Development\n\n### Building the Docker Image\n\nTo build the `nats-operator` Docker image:\n\n```sh\n$ docker build -f docker/operator/Dockerfile . -t \u003cimage:tag\u003e\n```\n\nTo build the `nats-server-config-reloader`:\n\n```sh\n$ docker build -f docker/reloader/Dockerfile . -t \u003cimage:tag\u003e\n```\n\nYou'll need Docker `17.06.0-ce` or higher.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fnats-io%2Fnats-operator","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fnats-io%2Fnats-operator","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fnats-io%2Fnats-operator/lists"}