openova/openova
1
0
Fork 0
Code Issues Pull Requests Actions 11 Packages Projects Releases Wiki Activity
c215468a61
openova/platform/nats-jetstream
History
e3mrah e8bf1aab69
feat(bp-nats-jetstream): land Stream + KV CR templates (slice H4, #1095) (#1114) 
Realizes design doc §3.9 row 7. The chart had no templates/ directory —
NACK Stream and KeyValue CRs that ADR-0001 §6 mandates as the Catalyst
event spine were declared in docs but not in code.

What this slice ships:
- platform/nats-jetstream/chart/templates/_helpers.tpl — common labels +
  servers helper (defaults to <release>-nats Service URL, override via
  .Values.catalystStreams.servers).
- platform/nats-jetstream/chart/templates/streams.yaml — three Streams:
    * catalyst.audit  : 90-day retention, R=3, mirrored to DR (#1101)
    * catalyst.events : 24-hour retention (cross-replica fan-out + cold-
      start replay), R=3
    * catalyst.billing: 1-year retention, R=3, consumed by future billing
- platform/nats-jetstream/chart/templates/kv-buckets.yaml — three KVs:
    * idempotency  : 24h TTL, 256 MiB cap (write-path idempotency keys)
    * dr-leases    : 60s TTL (Continuum dns-quorum lease path; CF-KV
      bypasses this bucket)
    * policy-rollup: 7-day retention, 1 GiB cap (compliance scorer #1096)

Reconciliation gate:
- All resources render only when .Values.catalystStreams.enabled is true.
- NACK (nats-io/nack) is NOT a current dependency — installing it as a
  sibling Blueprint and flipping this toggle is a follow-up slice.
- Same default-off pattern the chart already uses for promExporter.podMonitor
  (issue #182) so a fresh Sovereign with no NACK keeps booting cleanly.

Per-tenant streams (org.<id>.events, app.<id>.events) are intentionally
NOT shipped here — they'll be created at runtime by organization-controller
(slice C1) and application-controller (slice C4) so they can scale per
tenant.

Per docs/INVIOLABLE-PRINCIPLES.md #4 (never hardcode), every retention,
TTL, replicas, and maxBytes is a values.yaml variable; per-Sovereign
overlays override.

Validated:
- helm dependency build pulls upstream nats:1.2.0
- helm template with default values: 0 catalyst-* resources rendered
  (catalystStreams.enabled=false, the safe default)
- helm template with catalystStreams.enabled=true: 6 resources rendered
  exactly as expected (3 Streams + 3 KeyValues, all in
  jetstream.nats.io/v1beta2)

Chart version bumped 1.1.2 → 1.2.0 (minor — new templates, no breaking).
Blueprint.yaml version mirrored.

Refs: #1094, #1095, #1096, #1101, docs/EPICS-1-6-unified-design.md §3.9
row 7, ADR-0001 §6.

Co-authored-by: hatiyildiz <hatiyildiz@noreply.openova.io>
Co-authored-by: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
2026-05-08 22:32:54 +04:00
..
chart feat(bp-nats-jetstream): land Stream + KV CR templates (slice H4, #1095) (#1114) 2026-05-08 22:32:54 +04:00
blueprint.yaml feat(bp-nats-jetstream): land Stream + KV CR templates (slice H4, #1095) (#1114) 2026-05-08 22:32:54 +04:00
README.md feat(charts): G2 wrapper Helm charts for 11 bootstrap-kit components + blueprint-release CI 2026-04-28 12:51:06 +02:00

README.md

NATS JetStream

Catalyst's control-plane event spine. Catalyst control plane component (per docs/PLATFORM-TECH-STACK.md §2.3 — Per-Sovereign supporting services). 3-node JetStream cluster with per-Organization Account isolation.

Status: Accepted. Chart wrapper at chart/. Updated: 2026-04-28.

Why

Per docs/ARCHITECTURE.md §5: every state change in a Sovereign flows through NATS JetStream as the event log + KV store. The projector service consumes JetStream subjects, materializes per-Environment KV state, and fans out to the console via SSE. JetStream replaces what was previously specified as "Redpanda + Valkey" for the control plane — Apache 2.0, native KV, native multi-tenant Accounts (per docs/GLOSSARY.mdevent-spine).

Application-tier event needs (e.g. an App that wants Kafka or Redis-compatible streaming) remain free to install Strimzi/Kafka or Valkey as Application Blueprints — this is the control plane only.

Subject namespace

Per NAMING-CONVENTION.md §11.2 bullet 4:

  • One NATS Account per Catalyst Organization (multi-tenant isolation).
  • Subjects within the Account use the prefix ws.{org}-{env_type}.> for per-Environment partitioning.
  • KV bucket per Environment: ws-{org}-{env_type}-state/<kind>/<name>.

Chart

The chart/ directory wraps the upstream NATS Helm chart with Catalyst-curated values: 3-node cluster, JetStream enabled, file-store PVC, ServiceMonitor for Prometheus.

Installed by the Catalyst bootstrap kit during Phase 0 (per docs/SOVEREIGN-PROVISIONING.md §3) — after SPIRE and before OpenBao (which uses NATS for its own audit log).

OCI artifact: ghcr.io/openova-io/bp-nats-jetstream:1.0.0.

Part of OpenOva