From f586df5d75347ebc2728a6d03ad80f4a8bfa01da Mon Sep 17 00:00:00 2001 From: Paul Latzelsperger Date: Fri, 15 May 2026 12:23:16 +0200 Subject: [PATCH 1/2] add NATS events module + config --- gradle/libs.versions.toml | 1 + k8s/apps/controlplane-config.yaml | 6 ++++++ k8s/apps/dataplane-config.yaml | 5 +++++ k8s/apps/identityhub-config.yaml | 8 +++++++- k8s/apps/issuerservice-config.yaml | 8 +++++++- launchers/controlplane/build.gradle.kts | 1 + launchers/dataplane/build.gradle.kts | 2 ++ launchers/identity-hub/build.gradle.kts | 1 + launchers/issuerservice/build.gradle.kts | 1 + 9 files changed, 31 insertions(+), 2 deletions(-) diff --git a/gradle/libs.versions.toml b/gradle/libs.versions.toml index 9c1fe55..aba8863 100644 --- a/gradle/libs.versions.toml +++ b/gradle/libs.versions.toml @@ -43,6 +43,7 @@ edc-api-observability = { module = "org.eclipse.edc:api-observability", version. edc-fixtures-mgmtapi = { module = "org.eclipse.edc:management-api-test-fixtures", version.ref = "edc" } edc-monitor-otel = { module = "org.eclipse.edc:otel-monitor", version.ref = "edc" } edc-monitor-console = { module = "org.eclipse.edc:console-monitor", version.ref = "edc" } +edc-events-nats = { module = "org.eclipse.edc:events-nats", version.ref = "edc" } # EDC spi dependencies edc-spi-web = { module = "org.eclipse.edc:web-spi", version.ref = "edc" } diff --git a/k8s/apps/controlplane-config.yaml b/k8s/apps/controlplane-config.yaml index 01dcf70..5bc54d1 100644 --- a/k8s/apps/controlplane-config.yaml +++ b/k8s/apps/controlplane-config.yaml @@ -74,4 +74,10 @@ data: # Trusted Issuers edc.iam.trusted-issuer.issuer.id: "did:web:issuerservice.edc-v.svc.cluster.local%3A10016:issuer" + # NATS config for events + edc.events.nats.url: "nats://nats.edc-v.svc.cluster.local:4222" + edc.events.nats.stream: "edc-events" + edc.events.nats.create: "true" + edc.events.nats.create.force: "true" + JAVA_TOOL_OPTIONS: "-agentlib:jdwp=transport=dt_socket,server=y,suspend=n,address=1044" \ No newline at end of file diff --git a/k8s/apps/dataplane-config.yaml b/k8s/apps/dataplane-config.yaml index 13970af..03a893a 100644 --- a/k8s/apps/dataplane-config.yaml +++ b/k8s/apps/dataplane-config.yaml @@ -42,3 +42,8 @@ data: edc.iam.siglet.issuer: "siglet-issuer" edc.iam.siglet.jwks.url: "http://siglet.edc-v.svc.cluster.local:8080/keys" + # NATS config for events + edc.events.nats.url: "nats://nats.edc-v.svc.cluster.local:4222" + edc.events.nats.stream: "edc-events" + edc.events.nats.create: "true" + edc.events.nats.create.force: "true" \ No newline at end of file diff --git a/k8s/apps/identityhub-config.yaml b/k8s/apps/identityhub-config.yaml index 71086bf..9861fc4 100644 --- a/k8s/apps/identityhub-config.yaml +++ b/k8s/apps/identityhub-config.yaml @@ -52,4 +52,10 @@ data: # proxy_set_header Host $host; # proxy_set_header X-Forwarded-Proto $scheme; edc.iam.oauth2.issuer: "http://keycloak.edc-v.svc.cluster.local:8080/realms/edcv" - edc.iam.oauth2.jwks.url: "http://keycloak.edc-v.svc.cluster.local:8080/realms/edcv/protocol/openid-connect/certs" \ No newline at end of file + edc.iam.oauth2.jwks.url: "http://keycloak.edc-v.svc.cluster.local:8080/realms/edcv/protocol/openid-connect/certs" + + # NATS config for events + edc.events.nats.url: "nats://nats.edc-v.svc.cluster.local:4222" + edc.events.nats.stream: "edc-events" + edc.events.nats.create: "true" + edc.events.nats.create.force: "true" \ No newline at end of file diff --git a/k8s/apps/issuerservice-config.yaml b/k8s/apps/issuerservice-config.yaml index 9d5b9a0..7fd1550 100644 --- a/k8s/apps/issuerservice-config.yaml +++ b/k8s/apps/issuerservice-config.yaml @@ -64,4 +64,10 @@ data: # that is configured in the AttestationDefinition edc.datasource.membership.url: "jdbc:postgresql://postgres.edc-v.svc.cluster.local:5432/issuerservice" edc.datasource.membership.user: "issuer" - edc.datasource.membership.password: "issuer" \ No newline at end of file + edc.datasource.membership.password: "issuer" + + # NATS config for events + edc.events.nats.url: "nats://nats.edc-v.svc.cluster.local:4222" + edc.events.nats.stream: "edc-events" + edc.events.nats.create: "true" + edc.events.nats.create.force: "true" \ No newline at end of file diff --git a/launchers/controlplane/build.gradle.kts b/launchers/controlplane/build.gradle.kts index 6d4e32f..b1f2c93 100644 --- a/launchers/controlplane/build.gradle.kts +++ b/launchers/controlplane/build.gradle.kts @@ -27,6 +27,7 @@ dependencies { runtimeOnly(libs.edc.spi.jwt) runtimeOnly(libs.edc.monitor.console) runtimeOnly(libs.edc.monitor.otel) + runtimeOnly(libs.edc.events.nats) runtimeOnly(libs.edc.vault.hashicorp) runtimeOnly(libs.bouncyCastle.bcprovJdk18on) diff --git a/launchers/dataplane/build.gradle.kts b/launchers/dataplane/build.gradle.kts index 91533dc..09836f2 100644 --- a/launchers/dataplane/build.gradle.kts +++ b/launchers/dataplane/build.gradle.kts @@ -26,6 +26,8 @@ dependencies { runtimeOnly(libs.edc.monitor.console) runtimeOnly(libs.edc.monitor.otel) runtimeOnly(libs.opentelemetry.exporter.otlp) + runtimeOnly(libs.edc.events.nats) + } tasks.shadowJar { diff --git a/launchers/identity-hub/build.gradle.kts b/launchers/identity-hub/build.gradle.kts index 9b24dcf..059106f 100644 --- a/launchers/identity-hub/build.gradle.kts +++ b/launchers/identity-hub/build.gradle.kts @@ -27,6 +27,7 @@ dependencies { runtimeOnly(libs.edc.store.participantcontext.config.sql) runtimeOnly(libs.edc.monitor.console) runtimeOnly(libs.edc.monitor.otel) + runtimeOnly(libs.edc.events.nats) runtimeOnly(libs.opentelemetry.exporter.otlp) } diff --git a/launchers/issuerservice/build.gradle.kts b/launchers/issuerservice/build.gradle.kts index 51ef346..54f05ab 100644 --- a/launchers/issuerservice/build.gradle.kts +++ b/launchers/issuerservice/build.gradle.kts @@ -30,6 +30,7 @@ dependencies { runtimeOnly(libs.edc.store.participantcontext.config.sql) runtimeOnly(libs.edc.monitor.console) runtimeOnly(libs.edc.monitor.otel) + runtimeOnly(libs.edc.events.nats) runtimeOnly(libs.opentelemetry.exporter.otlp) } From 23f20fb2fb614940559fe3a65ee9c0876bfc2619 Mon Sep 17 00:00:00 2001 From: Paul Latzelsperger Date: Fri, 15 May 2026 13:06:28 +0200 Subject: [PATCH 2/2] create stream in an init job to avoid race conditions --- k8s/apps/controlplane-config.yaml | 4 +-- k8s/apps/dataplane-config.yaml | 4 +-- k8s/apps/identityhub-config.yaml | 4 +-- k8s/apps/issuerservice-config.yaml | 4 +-- k8s/base/nats.yaml | 46 ++++++++++++++++++++++++++++++ 5 files changed, 54 insertions(+), 8 deletions(-) diff --git a/k8s/apps/controlplane-config.yaml b/k8s/apps/controlplane-config.yaml index 5bc54d1..19a69c2 100644 --- a/k8s/apps/controlplane-config.yaml +++ b/k8s/apps/controlplane-config.yaml @@ -77,7 +77,7 @@ data: # NATS config for events edc.events.nats.url: "nats://nats.edc-v.svc.cluster.local:4222" edc.events.nats.stream: "edc-events" - edc.events.nats.create: "true" - edc.events.nats.create.force: "true" + edc.events.nats.create: "false" + edc.events.nats.create.force: "false" JAVA_TOOL_OPTIONS: "-agentlib:jdwp=transport=dt_socket,server=y,suspend=n,address=1044" \ No newline at end of file diff --git a/k8s/apps/dataplane-config.yaml b/k8s/apps/dataplane-config.yaml index 03a893a..8ec6d76 100644 --- a/k8s/apps/dataplane-config.yaml +++ b/k8s/apps/dataplane-config.yaml @@ -45,5 +45,5 @@ data: # NATS config for events edc.events.nats.url: "nats://nats.edc-v.svc.cluster.local:4222" edc.events.nats.stream: "edc-events" - edc.events.nats.create: "true" - edc.events.nats.create.force: "true" \ No newline at end of file + edc.events.nats.create: "false" + edc.events.nats.create.force: "false" \ No newline at end of file diff --git a/k8s/apps/identityhub-config.yaml b/k8s/apps/identityhub-config.yaml index 9861fc4..bbb5099 100644 --- a/k8s/apps/identityhub-config.yaml +++ b/k8s/apps/identityhub-config.yaml @@ -57,5 +57,5 @@ data: # NATS config for events edc.events.nats.url: "nats://nats.edc-v.svc.cluster.local:4222" edc.events.nats.stream: "edc-events" - edc.events.nats.create: "true" - edc.events.nats.create.force: "true" \ No newline at end of file + edc.events.nats.create: "false" + edc.events.nats.create.force: "false" \ No newline at end of file diff --git a/k8s/apps/issuerservice-config.yaml b/k8s/apps/issuerservice-config.yaml index 7fd1550..6209f82 100644 --- a/k8s/apps/issuerservice-config.yaml +++ b/k8s/apps/issuerservice-config.yaml @@ -69,5 +69,5 @@ data: # NATS config for events edc.events.nats.url: "nats://nats.edc-v.svc.cluster.local:4222" edc.events.nats.stream: "edc-events" - edc.events.nats.create: "true" - edc.events.nats.create.force: "true" \ No newline at end of file + edc.events.nats.create: "false" + edc.events.nats.create.force: "false" \ No newline at end of file diff --git a/k8s/base/nats.yaml b/k8s/base/nats.yaml index 47b3df5..b9a9e11 100644 --- a/k8s/base/nats.yaml +++ b/k8s/base/nats.yaml @@ -84,6 +84,52 @@ data: trace: false --- +apiVersion: batch/v1 +kind: Job +metadata: + name: nats-bootstrap + namespace: edc-v +spec: + backoffLimit: 10 + template: + metadata: + labels: + type: edcv-job + spec: + containers: + - name: nats-cli + image: natsio/nats-box:latest + env: + - name: NATS_URL + value: "nats://nats.edc-v.svc.cluster.local:4222" + command: [ "sh", "-ec" ] + args: + - | + echo "Waiting for NATS to be ready..." + until curl -sf http://nats.edc-v.svc.cluster.local:8222/healthz > /dev/null 2>&1; do + echo "NATS not ready yet, retrying in 2 seconds..." + sleep 2 + done + echo "NATS is ready!" + + nats stream add edc-events \ + --server "$NATS_URL" \ + --subjects "events.>" \ + --storage file \ + --replicas 1 \ + --retention interest \ + --discard old \ + --max-msgs -1 \ + --max-bytes -1 \ + --max-age 0 \ + --dupe-window 2m \ + --defaults 2>/dev/null \ + && echo "Stream 'edc-events' created" \ + || echo "Stream 'edc-events' already exists, skipping" + + echo "NATS bootstrap completed successfully!" + restartPolicy: OnFailure +--- apiVersion: v1 kind: Service metadata: