Is it possible to block anonymous access to nats cluster? about k8s HOT 5 CLOSED

Try upgrading to the 1.0.0 helm chart, then you can do something like this:

config:
  cluster:
    enabled: true
    replicas: 2
  merge:
    authorization:
      users:
      - user: my-user
        password: T0pS3cr3t
natsBox:
  contexts:
    default:
      merge:
        user: my-user
        password: T0pS3cr3t

from k8s.

Anonymous user access is automatically blocked as long as auth is properly configured

from k8s.

I am already using chart v1.0.0 and above did not work. So, i changed the values.yaml as suggested above, and after redeployment, I am still able to publish a message to the cluster without creds. Anything i could be doing wrong here?

from k8s.

Not sure. When I take the natsBox.contexts section out of the above example and publish a message anonymously from the nats-box container, I get Authorization Denied.

from k8s.

@caleblloyd didn't work for me either - NATs deploys the config and for me it looks correct, but it says

nats-server: /etc/nats-config/nats.conf:3:6: Cluster authorization does not allow multiple users

even in the config file i see just one authorization part. Then i just used the part from the helm chart:

    # apply to generated route URLs that connect to other pods in the StatefulSet
    routeURLs:
      # if both user and password are set, they will be added to route URLs
      # and the cluster authorization block
      user: USER
      password: PASSWORD
      # set to true to use FQDN in route URLs
      useFQDN: false
      k8sClusterDomain: cluster.local

and that works for me.

from k8s.