k8s icon indicating copy to clipboard operation
k8s copied to clipboard
verified publisher icon nats-io

[nats helm] Support config for `gateway.gateways` and `leafnodes.remotes`

Open caleblloyd opened this issue 2 years ago • 3 comments

gateway.gateways and leafnodes.remotes are both lists that support a tls block

Also, a server might not need to be listening on the leafnodes port in order to have a leafnodes.remote block. The same may be true of a gateway. If this is the case, these should probably be keys under config such as config.leafnodeRemotes and config.gatewayRemotes so that the Leafnodes/Gateways Servers can be managed separately from Clients

caleblloyd avatar Aug 02 '23 19:08 caleblloyd

Any updates on this? We are currently running into trouble configuring the remotes for the leafnodes when it comes to the cluster credentials. Having dedicated keys would greatly help, e.g. mounting the credentials file from a secret is (AFAIK) currently not possible.

Alternatively this could be solved using generic extraVolume/extraVolumeMounts pattern. If you feel this is something that could be done, I can create a dedicated ticket and potentially provide input

J11522 avatar Dec 18 '23 14:12 J11522

I had to hard code the ca_file path for our leafnodes for each of the remotes that offer certs signed by our private CA.

tls:
  ca_file: /etc/nats-ca-cert/ca.crt

I would love the remotes to be able to inherit the settings from tlsCA like all the other sections.

mccullough-ea avatar Apr 17 '24 14:04 mccullough-ea

Adding my support for this. I raised an issue that was seemingly a duplicate before finding this.

tommyjcarpenter avatar Apr 26 '24 22:04 tommyjcarpenter