Please add support for nats-account-server

[vkuznet]

NATS provides NSC and JWT authentication [1]. I tried to setup nats-account-server [2] and unable to load its configuration regardless how I configure it, e.g. I tried URL and MEM resolvers (within a cluster and on dedicated node). With available nats-account-server I'm getting the following error in nats-cluster logs:

Failed to reload server configuration: config reload not supported for TrustedOperators: old=[], new=[....]

It would be nice if you'll complement this request with appropriate documentation.

For completeness here is description of all my attempts. I figure it out that nats-cluster secret contains nats.conf which I can modify with my custom settings and re-create this secret. Once new nats.conf is supplied and nats-cluster secret is re-created then the server reloads its configuration according to new nats.conf file.

I tried these settings in nats.conf:

• I re-created nats-clients-tls secret with my server certificates and Test.jwt
• the Test.jwt was added to /etc/nats-server-tls-certs
• then I changed nats.conf to use these settings (I changed URL accordingly to my host):

  "operator": "/etc/nats-server-tls-certs/Test.jwt",
  "resolver": "URL(http://localhost:9090/jwt/v1/accounts/)"

or

  "operator": "/etc/nats-server-tls-certs/Test.jwt",
  "resolver": "MEM"

I also tried to deploy nats-account-server to my cluster and create Service for it, but I was not able to access it since I think nats-operator does not allow this and additional changes should be made to see k8s svc:port. Then I deployed nats-account-server on dedicated host and it still does not work for nats-cluster and produces the aforementioned issue.

Thanks, Valentin.

[1] https://docs.nats.io/nats-tools/nsc/nsc [2] https://github.com/nats-io/nats-account-server

[rayjanoka]

This would be great!