Skip to content
This repository has been archived by the owner on Sep 4, 2018. It is now read-only.

tls #14

Open
zhangjian326 opened this issue Mar 19, 2018 · 2 comments
Open

tls #14

zhangjian326 opened this issue Mar 19, 2018 · 2 comments

Comments

@zhangjian326
Copy link

hi ,tls donot work
@wallyqs
Copy link

wallyqs commented Mar 19, 2018

Hi, you could also check out the NATS operator for TLS support in both the client and routes ports: https://github.com/nats-io/nats-operator
Otherwise here is a guide on how to have a secure NATS cluster with plain old Pod objects and Secrets: https://gist.github.com/wallyqs/696b81427df7c239fb34946eb1ae9f92

@zhangjian326
Copy link
Author

apiVersion: extensions/v1beta1
kind: Deployment
metadata:
name: nats
labels:
component: nats
spec:
template:
metadata:
labels:
component: nats
spec:
containers:
- name: nats
image: quay.io/pires/docker-nats:1.0.2
imagePullPolicy: Always
volumeMounts:
- name: tls-volume
mountPath: /etc/nats/ssl
- name: config-volume
mountPath: /etc/nats/config
env:
- name: EXTRA
value: -DV
- name: tls
value: "true"
- name: tlsverify
value: "true"
- name: tlscert
value: /etc/nats/ssl/server-cert.pem
- name: tlskey
value: /etc/nats/ssl/server-key.pem
- name: tlscacert
value: /etc/nats/ssl/ca-cert.pem
- name: user
value: "root"
- name: pass
value: "123456"
ports:
- containerPort: 4222
name: client
- containerPort: 6222
name: cluster
- containerPort: 8222
name: monitor
livenessProbe:
exec:
command:
- /route_checker
initialDelaySeconds: 10
timeoutSeconds: 5
readinessProbe:
tcpSocket:
port: 8222
initialDelaySeconds: 10
timeoutSeconds: 5
volumes:
- name: tls-volume
secret:
secretName: tls
- name: config-volume
configMap:
name: gnatsd-config

this is my nats yaml ,in container i have the path on tlskey ,but i see the nats logs

[1] 2018/03/19 07:16:33.308103 [DBG] 10.107.25.96:6222 - rid:1 - Route connection created
[1] 2018/03/19 07:16:33.308132 [DBG] 10.107.25.96:6222 - rid:1 - Route connect msg sent
[1] 2018/03/19 07:16:33.308397 [DBG] 10.36.0.0:41262 - rid:2 - Route connection created
[1] 2018/03/19 07:16:33.349631 [TRC] 10.36.0.0:41262 - rid:2 - ->> [CONNECT {"verbose":false,"pedantic":false,"tls_required":false,"name":"KjidTYq362le1vjVXwLJtd"}]
[1] 2018/03/19 07:16:33.349946 [DBG] 10.36.0.0:41262 - rid:2 - Router connection closed
i dont not how worng in this log
can you see it thanks;

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@wallyqs @zhangjian326