NationTech/harmony
5
0
Fork 2
Code Issues 40 Pull Requests 13 Actions Packages Projects Releases Wiki Activity

feat: created decentralized topology, capability nats and nats super cluster #221

Merged
wjro merged 14 commits from feat/nats_capability into master 2026-02-04 19:05:51 +00:00
Conversation 1 Commits 14 Files Changed 18 +875 -14
wjro commented 2026-01-26 21:21:56 +00:00
Owner
Copy Link
No description provided.
wjro added 1 commit 2026-01-26 21:21:57 +00:00
wip: created decentralized topology, capability nats and nats super cluster
Some checks failed
Run Check Script / check (pull_request) Failing after 17s
Details
8959719375
wjro added 3 commits 2026-01-28 19:44:13 +00:00
refactor: modified struct to accept N sites and N clusters 92d4e3488a
fix: added fullnameOverride to helmchart score values so that the helm deployed cluster name and service name match the cluster name defined in the NatsK8sScore, without this field helm appends -nats to svc and cluster name, breaking the tls chain 00d4b9de73
fix: formating and example env variables
All checks were successful
Run Check Script / check (pull_request) Successful in 1m13s
Details
edf94554b8
wjro added 1 commit 2026-01-28 20:16:50 +00:00
fix: modified nats trait and nats supercluster trait to better respect interface segregation
All checks were successful
Run Check Script / check (pull_request) Successful in 1m12s
Details
666a3c0071
johnride approved these changes 2026-01-28 20:29:02 +00:00
johnride left a comment
Owner
Copy Link

Good step in the right direction. I made comments as I read the code, it will probably require some discussion, unless everything I am saying really makes sense.

Good step in the right direction. I made comments as I read the code, it will probably require some discussion, unless everything I am saying really makes sense.
harmony/src/domain/topology/k8s_anywhere/k8s_anywhere.rs Outdated
@@ -523,3 +518,1 @@
let ca_cert = String::from_utf8(ca_cert.0.clone()).map_err(|_| {
ExecutorError::UnexpectedError("ca.crt is not valid UTF-8".into())
})?;
loop {
johnride commented 2026-01-28 20:07:18 +00:00
Owner
Copy Link

This retry logic does not belong within the get_ca_cert function.

It is the caller's responsibility to decide what he wants to do when the cert does not exist.

It would be relevant to create a utility function in harmony such as retry(FnOnce..., backoff: bool, max_attempts : usize, attempt_timeout: Option<Duration> , total_timeout: Option<Duration>)

There is the retry crate that seems close enough https://docs.rs/retry/latest/retry/

But I did not verify if/how it supports async.

It is also possible that tokio itself provides a retry utility. Worth checking.

This retry logic does not belong within the get_ca_cert function. It is the caller's responsibility to decide what he wants to do when the cert does not exist. It would be relevant to create a utility function in harmony such as `retry(FnOnce..., backoff: bool, max_attempts : usize, attempt_timeout: Option<Duration> , total_timeout: Option<Duration>)` There is the retry crate that seems close enough https://docs.rs/retry/latest/retry/ But I did not verify if/how it supports async. It is also possible that tokio itself provides a retry utility. Worth checking.
wjro marked this conversation as resolved
harmony/src/domain/topology/k8s_anywhere/k8s_anywhere.rs Outdated
@@ -559,6 +575,64 @@ impl K8sAnywhereTopology {
}
}
async fn build_ca_bundle_secret(
johnride commented 2026-01-28 20:20:04 +00:00
Owner
Copy Link

This does not belong in this file or as part of an impl K8sAnywhereTopology .

It should be somewhere in a k8s cert manager module.

It will help with reusability, maintainability, testability and readability.

This does not belong in this file or as part of an `impl K8sAnywhereTopology` . It should be somewhere in a k8s cert manager module. It will help with reusability, maintainability, testability and readability.
wjro marked this conversation as resolved
harmony/src/domain/topology/k8s_anywhere/nats.rs
@@ -0,0 +23,4 @@
};
#[async_trait]
impl Nats for K8sAnywhereTopology {
johnride commented 2026-01-28 20:23:48 +00:00
Owner
Copy Link

Once again, this contains way too many implementation details. There should be a NatsK8s module that contains the nats specific logid, then k8s anywhere only does the dispatching depending on its own logic/state (which k8s is the anywhere pointing to right now). K8sAnywhere should not know how to deploy nats. It should tell a natsk8s module "deploy to okd" or something along those lines.

Once again, this contains way too many implementation details. There should be a NatsK8s module that contains the nats specific logid, then k8s anywhere only does the dispatching depending on its own logic/state (which k8s is the anywhere pointing to right now). K8sAnywhere should not know how to deploy nats. It should tell a natsk8s module "deploy to okd" or something along those lines.
wjro marked this conversation as resolved
harmony/src/domain/topology/k8s_anywhere/nats.rs Outdated
@@ -0,0 +77,4 @@
.await
.map_err(|e| format!("Failed to deploy K8s ingress: {e}"))?;
}
KubernetesDistribution::Default => {
johnride commented 2026-01-28 20:21:53 +00:00
Owner
Copy Link

Don't duplicate an identical match arm, rust allows a single body for multiple match cases. Look up the syntax if needed.

Don't duplicate an identical match arm, rust allows a single body for multiple match cases. Look up the syntax if needed.
wjro marked this conversation as resolved
harmony/src/modules/nats/decentralized.rs Outdated
@@ -0,0 +7,4 @@
};
#[async_trait]
impl<T: Topology + Nats + TlsRouter + 'static> NatsSupercluster for DecentralizedTopology<T> {
johnride commented 2026-01-28 20:27:13 +00:00
Owner
Copy Link

Delete this impl. These todo! are a huge smell. And I think it is fine that a decentralized topology does not know how to deploy nats asite of a NatsSupercluster. At least for the current use case. The end user deploying a postgresql will deploy it to a failovertopology, then the failovertopology will depend on a topology that supports a natssupercluster. At least for now.

I may be missing a few details though.

Delete this impl. These todo! are a huge smell. And I think it is fine that a decentralized topology does not know how to deploy nats asite of a NatsSupercluster. At least for the current use case. The end user deploying a postgresql will deploy it to a failovertopology, then the failovertopology will depend on a topology that supports a natssupercluster. At least for now. I may be missing a few details though.
wjro marked this conversation as resolved
wjro added 2 commits 2026-01-29 20:42:34 +00:00
feat: introduced crate tokio-retry to allow multiple attempts to get secret from k8s
All checks were successful
Run Check Script / check (pull_request) Successful in 1m9s
Details
7df8429181
Merge pull request 'feat: introduced crate tokio-retry to allow multiple attempts to get secret from k8s' (#225) from fix/nats-capability-retry into feat/nats_capability
All checks were successful
Run Check Script / check (pull_request) Successful in 1m14s
Details
29d2d620d1 
Reviewed-on: #225
wjro added 6 commits 2026-02-04 18:55:17 +00:00
wip: working on separation of concerns a0f32bb565
fix: removed nats implementation details from k8sanywhere, added secret prompt for nats cluster using harmony secret cd81d6584c
fix: format
All checks were successful
Run Check Script / check (pull_request) Successful in 1m9s
Details
329d5d8473
Merge branch 'feat/nats_capability' into fix/nats-isp
All checks were successful
Run Check Script / check (pull_request) Successful in 1m8s
Details
f6ff78a573
chore: removed commented code
All checks were successful
Run Check Script / check (pull_request) Successful in 1m9s
Details
8b200cfe91
Merge pull request 'fix/nats-isp' (#226) from fix/nats-isp into feat/nats_capability
All checks were successful
Run Check Script / check (pull_request) Successful in 1m5s
Details
0372cc3f31 
Reviewed-on: #226
wjro changed title from WIP: feat: created decentralized topology, capability nats and nats super cluster to feat: created decentralized topology, capability nats and nats super cluster 2026-02-04 18:55:44 +00:00
wjro added 1 commit 2026-02-04 19:03:55 +00:00
Merge branch 'master' into feat/nats_capability
All checks were successful
Run Check Script / check (pull_request) Successful in 1m5s
Details
74e6da1a16
wjro merged commit 333884a81a into master 2026-02-04 19:05:51 +00:00
wjro deleted branch feat/nats_capability 2026-02-04 19:05:52 +00:00
Sign in to join this conversation.
Reviewers
No Reviewers
johnride
Labels
Clear labels
Architecture Decision Record
Good first issue
RFC
No Label
Milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
johnride jvtrudel letian stremblay wjro
No Assignees
2 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: NationTech/harmony#221
No description provided.
Delete Branch "feat/nats_capability"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?