Comments (5)
Try upgrading to the 1.0.0 helm chart, then you can do something like this:
config:
cluster:
enabled: true
replicas: 2
merge:
authorization:
users:
- user: my-user
password: T0pS3cr3t
natsBox:
contexts:
default:
merge:
user: my-user
password: T0pS3cr3t
from k8s.
Anonymous user access is automatically blocked as long as auth is properly configured
from k8s.
I am already using chart v1.0.0 and above did not work. So, i changed the values.yaml as suggested above, and after redeployment, I am still able to publish a message to the cluster without creds. Anything i could be doing wrong here?
from k8s.
Not sure. When I take the natsBox.contexts
section out of the above example and publish a message anonymously from the nats-box container, I get Authorization Denied.
from k8s.
@caleblloyd didn't work for me either - NATs deploys the config and for me it looks correct, but it says
nats-server: /etc/nats-config/nats.conf:3:6: Cluster authorization does not allow multiple users
even in the config file i see just one authorization part. Then i just used the part from the helm chart:
# apply to generated route URLs that connect to other pods in the StatefulSet
routeURLs:
# if both user and password are set, they will be added to route URLs
# and the cluster authorization block
user: USER
password: PASSWORD
# set to true to use FQDN in route URLs
useFQDN: false
k8sClusterDomain: cluster.local
and that works for me.
from k8s.
Related Issues (20)
- Prometheus discovery annotations not set on NATS (JetStream) deployment HOT 4
- Support `mappings` in nats config HOT 3
- [nats helm chart] Changing the configuration resource from ConfigMap to Secret due to sensitive authorization data. HOT 3
- Dependabot Failing HOT 1
- Can not enable JetStream + Cluster when using Helm-Chart HOT 11
- volumeClaimTemplates can't sync with argocd HOT 2
- Security vulnerability in natsio/nats-server-config-reloader:0.14.0 image HOT 1
- Make pid file and config file defaults for nats helm chart and for the natsio/nats-server-config-reloader image match HOT 2
- server-config-reloader has a non existing tag in the values.yaml of the helm chart HOT 2
- natsbox doesn't work in openshift - can't cd to /root HOT 3
- Provide Authentication Examples HOT 3
- Default values for nats enable configChecksumAnnotation and reloader. HOT 7
- can't create nats jetstream with memory only HOT 2
- New volume mount removes the existing config, pid volumes HOT 8
- NATS Container restart frequently in AKS Cluster with the following error logs HOT 3
- Critical Vulnerabilities Detected - Alpine Linux Busybox & OpenSSL HOT 1
- NATS helm leaf node TLS setup - error: nats: secure connection not available HOT 1
- [Jetstream Controller] Use secrets for username/password authentication HOT 5
- Expose promExporter to service or Prometheus could not scrape HOT 6
- Add Priority Class Name Configuration to StatefulSet in Helm Chart HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from k8s.