chore: consolidate streams configurations in one manifest

JoseSzycho · JoseSzycho · commit eb619bdf4596 · 2026-02-19T19:20:25.000-03:00
diff --git a/config/components/nats-streams/audit-stream.yaml b/config/components/nats-streams/audit-stream.yaml
diff --git a/config/components/nats-streams/kustomization.yaml b/config/components/nats-streams/kustomization.yaml
@@ -4,8 +4,7 @@ kind: Kustomization
 namespace: nats-system
 
 resources:
-  - audit-stream.yaml
-  - reindex-stream.yaml
+  - nats-streams.yaml
 
 # Note: This contains application-specific NATS JetStream stream configurations.
 # The NATS infrastructure (server + NACK controller) is deployed from config/dependencies/nats/
diff --git a/config/components/nats-streams/nats-streams.yaml b/config/components/nats-streams/nats-streams.yaml
@@ -1,5 +1,58 @@
 apiVersion: jetstream.nats.io/v1beta2
 kind: Stream
+metadata:
+  name: audit-events
+  namespace: nats-system
+spec:
+  # Stream name in NATS
+  name: AUDIT_EVENTS
+
+  # Subjects to consume - wildcard for all Kubernetes audit events
+  subjects:
+    - audit.k8s.>
+
+  # Retention policy: limits-based (time + size)
+  retention: limits
+
+  # Storage: file-based for durability
+  storage: file
+
+  # Maximum age: 7 days retention as per architecture
+  maxAge: 168h  # 7 days = 168 hours
+
+  # Maximum bytes: 10GB as per architecture
+  maxBytes: 10737418240  # 10 * 1024 * 1024 * 1024
+
+  # Number of replicas for high availability
+  replicas: 1  # Can be increased to 3 for production HA
+
+  # Discard policy when limits are reached
+  discard: old
+
+  # Allow direct access for queries
+  allowDirect: true
+
+  # Deduplication window - prevents duplicate messages
+  # Extended to 10 minutes to handle webhook retries with exponential backoff
+  # and Vector restarts. NATS uses message IDs (set to Kubernetes auditID) to
+  # detect duplicates within this window, providing pipeline-level de-duplication
+  # before events reach ClickHouse.
+  duplicateWindow: 10m
+
+  # Maximum number of consumers
+  maxConsumers: 10
+
+  # Maximum message size (10MB - large enough for batch audit events)
+  maxMsgSize: 10485760  # 10 * 1024 * 1024
+
+  # No message limit - rely on age and size limits
+  maxMsgs: -1
+
+  # Performance tuning
+  noAck: false  # Require acknowledgments for durability
+---
+apiVersion: jetstream.nats.io/v1beta2
+kind: Stream
 metadata:
   name: reindex-events
   namespace: nats-system
