[helm] Add support for TLS config blocks

[wallyqs]

Example:

helm install nats -f ../deploy-nats-gateways.yaml ./charts/nats

where the yaml is:

nats:
  externalAccess: true
  logging:
    debug: true
    trace: true
  tls:
    secret:
      name: nats-client-tls
    ca: "ca.crt"
    cert: "tls.crt"
    key: "tls.key"

cluster:
  enabled: true
  tls:
    secret:
      name: nats-server-tls
    ca: "ca.crt"
    cert: "tls.crt"
    key: "tls.key"

leafnodes:
  enabled: true

  tls:
    secret:
      name: nats-server-tls
    ca: "ca.crt"
    cert: "tls.crt"
    key: "tls.key"

  remotes:
    - url: tls://connect.ngs.global:7422
      credentials:
        secret:
          name: ngs-creds
          key: NGS.creds

gateway:
  enabled: true
  name: aws-useast2

  # Shared for all gateways
  tls:
    secret:
      name: nats-server-tls
    ca: "ca.crt"
    cert: "tls.crt"
    key: "tls.key"

# Add system credentials to the nats-box instance for example
natsbox:
  enabled: true

  credentials:
    secret:
      name: nats-sys-creds
      key: sys.creds

[wallyqs]

These should also be mounted by the reloader sidecar so that it tracks the changes of the certs, but we can do that in a separate PR...

[matthiashanel]

there is a per gateway tls option as well. mention that this was explicitly left out?

[wallyqs]

explicitly left out for now for both leafnode remotes and gateway remotes to reduce size of PR a bit...

[matthiashanel]

LGTM

[matthiashanel]

LGTM

[ondrejtomcik]

Greetings @wallyqs @matthiashanel
This feature was merged but looks like a human error occurred during merge conflict resolution. This feature is not in the master nor in v0.3.0.

[wallyqs]

@ondrejtomcik you are right 😨 It looks like something may have happened with the merge probably during the Github outage...

[wallyqs]

@ondrejtomcik can you try helm repo update and use release v0.3.2? I think this should be fixed there. Here is an example:

# Authentication setup
auth:
  enabled: true

  # Reference to the Operator JWT which will be mounted as a volume,
  # shared with the account server in this case.
  operatorjwt:
    configMap:
      name: operator-jwt
      key: KO.jwt

  # Public key of the System Account
  systemAccount: AAITGVORQ4VHOQ32A7XMEKUIDMJ5GSAYSUGOV6GZAVSQWYFAL72DIXLC

  resolver:
    type: URL

    # 
    # NOTE: In case the account server URL is not present
    # in the operator JWT then need to set it explicitly here.
    # 
    url: "http://nats-account-server:9090/jwt/v1/accounts/"

nats:
  externalAccess: true
  logging:
    debug: true
    trace: true
  tls:
    secret:
      name: nats-client-tls
    ca: "ca.crt"
    cert: "tls.crt"
    key: "tls.key"

cluster:
  enabled: true
  tls:
    secret:
      name: nats-server-tls
    ca: "ca.crt"
    cert: "tls.crt"
    key: "tls.key"

leafnodes:
  enabled: true

  tls:
    secret:
      name: nats-server-tls
    ca: "ca.crt"
    cert: "tls.crt"
    key: "tls.key"

  remotes:
    - url: tls://connect.ngs.global:7422
      credentials:
        secret:
          name: ngs-creds
          key: NGS.creds

gateway:
  enabled: true
  name: aws-useast2

  # Shared for all gateways
  tls:
    secret:
      name: nats-server-tls
    ca: "ca.crt"
    cert: "tls.crt"
    key: "tls.key"

  # gateways:
  #   - name: euwest1
  #     url: tls://euwest1.aws.ngs.global:7522

# Add system credentials to the nats-box instance for example
natsbox:
  enabled: true

  credentials:
    secret:
      name: nats-sys-creds
      key: sys.creds