faas-netes icon indicating copy to clipboard operation
faas-netes copied to clipboard

Published 20 hours ago verified publisher icon openfaas

Support authorization for NATS

Open welteki opened this issue 6 months ago • 0 comments

Description

Allow users to enable authorization for NATS.

New chart options:

Parameter Description Default
nats.authorization.enabled Enable authorization for NATS false
nats.authorization.generateToken Generate the NATS authorization token on first installation. true
nats.authorization.tokenSecret Secret resource that will be used to read the NATS authorization secret nats-token

New OpenFaaS installations can enable NATS authorization simply by setting nats.authorization.enabled.

To enable authorization for an existing installation users will need to create the nats-token secret manually before they update the OpenFaaS deployment with nats.authorization.enabled=true.

# openssl is preferred to generate a random secret:
openssl rand -base64 32 > ./nats-token

kubectl create secret generic \
    -n openfaas \
    nats-token \
    --from-file token=./nats-token

Users that are using external NATS also need to create the secret manually and enable authorization on the external NATS deployment.

Why is this needed?

  • [ ] I have raised an issue to propose this change (required)

Support authentication for NATS to prevent unauthenticated access from functions or other components.

Who is this for?

What company is this for? Are you listed in the ADOPTERS.md file?

How Has This Been Tested?

Verified all components connecting to NATS (gateway, queue-worker, event-worker) could be deployed with and without authentication enabled.

Verified the NATS token secret is created on helm install when nats.authorization.generateToken is true.

Types of changes

  • [ ] Bug fix (non-breaking change which fixes an issue)
  • [x] New feature (non-breaking change which adds functionality)
  • [ ] Breaking change (fix or feature that would cause existing functionality to change)

Checklist:

  • [x] My code follows the code style of this project.
  • [x] My change requires a change to the documentation.
  • [ x I have updated the documentation accordingly.
  • [x] I've read the CONTRIBUTION guide
  • [x] I have signed-off my commits with git commit -s
  • [ ] I have added tests to cover my changes.
  • [ ] All new and existing tests passed.

welteki avatar Aug 01 '24 14:08 welteki