nats-operator
nats-operator copied to clipboard
Please add support for nats-account-server
NATS provides NSC and JWT authentication [1]. I tried to setup nats-account-server
[2] and unable to load its configuration regardless how I configure it, e.g. I tried URL and MEM resolvers (within a cluster and on dedicated node). With available nats-account-server
I'm getting the following error in nats-cluster
logs:
Failed to reload server configuration: config reload not supported for TrustedOperators: old=[], new=[....]
It would be nice if you'll complement this request with appropriate documentation.
For completeness here is description of all my attempts.
I figure it out that nats-cluster
secret contains nats.conf
which I can modify with my custom settings and re-create this secret. Once new nats.conf
is supplied and nats-cluster
secret is re-created then the server reloads its configuration according to new nats.conf
file.
I tried these settings in nats.conf
:
- I re-created
nats-clients-tls
secret with my server certificates andTest.jwt
- the
Test.jwt
was added to/etc/nats-server-tls-certs
- then I changed
nats.conf
to use these settings (I changed URL accordingly to my host):
"operator": "/etc/nats-server-tls-certs/Test.jwt",
"resolver": "URL(http://localhost:9090/jwt/v1/accounts/)"
or
"operator": "/etc/nats-server-tls-certs/Test.jwt",
"resolver": "MEM"
I also tried to deploy nats-account-server
to my cluster and create Service for it, but I was not able to access it since I think nats-operator does not allow this and additional changes should be made to see k8s svc:port. Then I deployed nats-account-server
on dedicated host and it still does not work for nats-cluster and produces the aforementioned issue.
Thanks, Valentin.
[1] https://docs.nats.io/nats-tools/nsc/nsc [2] https://github.com/nats-io/nats-account-server
This would be great!