From a2de7e748218f63668074c5d380326cbf6a26016 Mon Sep 17 00:00:00 2001
From: Jason Staack <jason@staack.com>
Date: Tue, 17 Mar 2026 18:44:02 -0500
Subject: [PATCH] feat(helm): add NATS JetStream StatefulSet with headless and
 client services

Runs nats-server with --jetstream and monitoring on port 8222.
Headless service for StatefulSet DNS, ClusterIP service for app connections.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
---
 .../helm/templates/nats-statefulset.yaml      | 107 ++++++++++++++++++
 1 file changed, 107 insertions(+)
 create mode 100644 infrastructure/helm/templates/nats-statefulset.yaml

diff --git a/infrastructure/helm/templates/nats-statefulset.yaml b/infrastructure/helm/templates/nats-statefulset.yaml
new file mode 100644
index 0000000..27f4a66
--- /dev/null
+++ b/infrastructure/helm/templates/nats-statefulset.yaml
@@ -0,0 +1,107 @@
+{{- if .Values.nats.enabled }}
+---
+apiVersion: apps/v1
+kind: StatefulSet
+metadata:
+  name: {{ include "tod.fullname" . }}-nats
+  labels:
+    {{- include "tod.componentLabels" (dict "context" . "component" "nats") | nindent 4 }}
+spec:
+  serviceName: {{ include "tod.fullname" . }}-nats-headless
+  replicas: 1
+  selector:
+    matchLabels:
+      {{- include "tod.componentSelectorLabels" (dict "context" . "component" "nats") | nindent 6 }}
+  template:
+    metadata:
+      labels:
+        {{- include "tod.componentSelectorLabels" (dict "context" . "component" "nats") | nindent 8 }}
+    spec:
+      containers:
+        - name: nats
+          image: "{{ .Values.nats.image.repository }}:{{ .Values.nats.image.tag }}"
+          imagePullPolicy: {{ .Values.nats.image.pullPolicy }}
+          command:
+            - nats-server
+            - --jetstream
+            - --store_dir
+            - /data
+            - -m
+            - "8222"
+          ports:
+            - name: client
+              containerPort: 4222
+              protocol: TCP
+            - name: monitoring
+              containerPort: 8222
+              protocol: TCP
+          volumeMounts:
+            - name: nats-data
+              mountPath: /data
+          livenessProbe:
+            httpGet:
+              path: /healthz
+              port: 8222
+            initialDelaySeconds: 10
+            periodSeconds: 10
+          readinessProbe:
+            httpGet:
+              path: /healthz
+              port: 8222
+            initialDelaySeconds: 5
+            periodSeconds: 5
+          resources:
+            {{- toYaml .Values.nats.resources | nindent 12 }}
+  volumeClaimTemplates:
+    - metadata:
+        name: nats-data
+      spec:
+        accessModes:
+          - ReadWriteOnce
+        {{- if .Values.nats.storageClass }}
+        storageClassName: {{ .Values.nats.storageClass | quote }}
+        {{- end }}
+        resources:
+          requests:
+            storage: {{ .Values.nats.storage }}
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ include "tod.fullname" . }}-nats-headless
+  labels:
+    {{- include "tod.componentLabels" (dict "context" . "component" "nats") | nindent 4 }}
+spec:
+  clusterIP: None
+  ports:
+    - name: client
+      port: 4222
+      targetPort: client
+      protocol: TCP
+    - name: monitoring
+      port: 8222
+      targetPort: monitoring
+      protocol: TCP
+  selector:
+    {{- include "tod.componentSelectorLabels" (dict "context" . "component" "nats") | nindent 4 }}
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ include "tod.fullname" . }}-nats
+  labels:
+    {{- include "tod.componentLabels" (dict "context" . "component" "nats") | nindent 4 }}
+spec:
+  type: ClusterIP
+  ports:
+    - name: client
+      port: 4222
+      targetPort: client
+      protocol: TCP
+    - name: monitoring
+      port: 8222
+      targetPort: monitoring
+      protocol: TCP
+  selector:
+    {{- include "tod.componentSelectorLabels" (dict "context" . "component" "nats") | nindent 4 }}
+{{- end }}