openova/openova
1
0
Fork 0
Code Issues Pull Requests Actions 4 Packages Projects Releases Wiki Activity
fc3a375304
openova/platform/nats-jetstream
History
e3mrah ad9cfc0f23
feat(platform): add global.imageRegistry to bp-openbao/external-secrets/cnpg/valkey/nats-jetstream/powerdns/gitea (PR 2/3, #560) (#565) 
Charts with template image refs (fully rewritten when registry set):
- bp-openbao 1.2.4→1.2.5: init-job.yaml + auth-bootstrap-job.yaml — Catalyst
  job images now prefixed with global.imageRegistry when non-empty. Default
  (empty) renders identical manifests.
- bp-powerdns 1.1.5→1.1.6: dnsdist.yaml Catalyst companion image prefixed
  with global.imageRegistry when non-empty. Verified: dnsdist image rewrites
  to harbor.openova.io/docker.io/powerdns/dnsdist-19:1.9.14.

Subchart-only charts (global.imageRegistry stub added; threading via per-component
subchart values.yaml keys documented in comments):
- bp-external-secrets 1.1.0→1.1.1
- bp-cnpg 1.0.0→1.0.1  (charts/ missing = pre-existing state, not this PR)
- bp-valkey 1.0.0→1.0.1 (charts/ missing = pre-existing state, not this PR)
- bp-nats-jetstream 1.1.1→1.1.2
- bp-gitea 1.1.2→1.1.3: upstream chart exposes gitea.image.registry for wiring

vcluster: N/A — no chart directory under platform/vcluster/chart/

Co-authored-by: alierenbaysal <alierenbaysal@openova.io>
Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-05-02 12:52:43 +04:00
..
chart feat(platform): add global.imageRegistry to bp-openbao/external-secrets/cnpg/valkey/nats-jetstream/powerdns/gitea (PR 2/3, #560) (#565) 2026-05-02 12:52:43 +04:00
blueprint.yaml fix(platform): sync blueprint.yaml versions with Chart.yaml (#199) 2026-04-29 22:07:55 +04:00
README.md feat(charts): G2 wrapper Helm charts for 11 bootstrap-kit components + blueprint-release CI 2026-04-28 12:51:06 +02:00

README.md

NATS JetStream

Catalyst's control-plane event spine. Catalyst control plane component (per docs/PLATFORM-TECH-STACK.md §2.3 — Per-Sovereign supporting services). 3-node JetStream cluster with per-Organization Account isolation.

Status: Accepted. Chart wrapper at chart/. Updated: 2026-04-28.

Why

Per docs/ARCHITECTURE.md §5: every state change in a Sovereign flows through NATS JetStream as the event log + KV store. The projector service consumes JetStream subjects, materializes per-Environment KV state, and fans out to the console via SSE. JetStream replaces what was previously specified as "Redpanda + Valkey" for the control plane — Apache 2.0, native KV, native multi-tenant Accounts (per docs/GLOSSARY.mdevent-spine).

Application-tier event needs (e.g. an App that wants Kafka or Redis-compatible streaming) remain free to install Strimzi/Kafka or Valkey as Application Blueprints — this is the control plane only.

Subject namespace

Per NAMING-CONVENTION.md §11.2 bullet 4:

  • One NATS Account per Catalyst Organization (multi-tenant isolation).
  • Subjects within the Account use the prefix ws.{org}-{env_type}.> for per-Environment partitioning.
  • KV bucket per Environment: ws-{org}-{env_type}-state/<kind>/<name>.

Chart

The chart/ directory wraps the upstream NATS Helm chart with Catalyst-curated values: 3-node cluster, JetStream enabled, file-store PVC, ServiceMonitor for Prometheus.

Installed by the Catalyst bootstrap kit during Phase 0 (per docs/SOVEREIGN-PROVISIONING.md §3) — after SPIRE and before OpenBao (which uses NATS for its own audit log).

OCI artifact: ghcr.io/openova-io/bp-nats-jetstream:1.0.0.

Part of OpenOva