Comments (3)
J11522
commented on August 24, 2024
3
Any updates on this?
We are currently running into trouble configuring the remotes for the leafnodes when it comes to the cluster credentials.
Having dedicated keys would greatly help, e.g. mounting the credentials file from a secret is (AFAIK) currently not possible.
Alternatively this could be solved using generic extraVolume/extraVolumeMounts pattern.
If you feel this is something that could be done, I can create a dedicated ticket and potentially provide input
from k8s.
mccullough-ea
commented on August 24, 2024
I had to hard code the ca_file path for our leafnodes for each of the remotes that offer certs signed by our private CA.
tls:
ca_file: /etc/nats-ca-cert/ca.crt
I would love the remotes to be able to inherit the settings from tlsCA like all the other sections.
from k8s.
tommyjcarpenter
commented on August 24, 2024
Adding my support for this. I raised an issue that was seemingly a duplicate before finding this.
from k8s.
Related Issues (20)
- NATS helm leaf node TLS setup - error: nats: secure connection not available HOT 1
- [Jetstream Controller] Use secrets for username/password authentication HOT 5
- Expose promExporter to service or Prometheus could not scrape HOT 6
- Add Priority Class Name Configuration to StatefulSet in Helm Chart HOT 1
- Add gatewayAPI HTTPRoute ressources, same as Ingress
- OpenSSL past due vulnerabilities detected in config-reloader and prometheus exporter images
- [Nats helm] Error: parse error at (nats/templates/tests/request-reply.yaml:8): unclosed action HOT 5
- Critical Vulnerabilities detected for busybox, openssl, nats-server, and more
- allow nats service annotations HOT 3
- how to Allow leafnode remotes but not leafnode connections HOT 2
- OpenShift non root policy: missing emptyDir when no pvc is enabled HOT 1
- add possibility to set global annotations HOT 1
- Doc incorrect https://github.com/nats-io/k8s/tree/main/helm/charts/nack#getting-started
- [nats] [nack] accounts vs authorization vs .creds, sensitive data not in secrets HOT 3
- [feature request] nats in security context of non root user HOT 2
- Modify the surveyor chart so that it can connect using the parameters --user --password
- Patch args in NATS container HOT 3
- Can't expose gateway service HOT 3
- Use mergeOverwrite Instead of merge in NATS Helm Chart Templates HOT 2
- Release nats chart with NATS server 2.10.17
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from k8s.