-
Notifications
You must be signed in to change notification settings - Fork 757
kubeless trigger nats publish needs direct access #708
Comments
I can keep the default behaviour is to assume the NATS is running as |
I believe that realistically, nats admin would not open the broker without any type of auth/security. So sine we use the |
I think issue I'm running into related to this. I have a nats cluster name "nats" in "nats-io" namespace. I can't reach it via following command.
I think, kubeless function deployed in the cluster can access the nats cluster. Not sure why I'm getting an error. |
hi @xydinesh, the url That command |
@andresmgot Got it. Thanks ! Didn't realize |
FWIW, I was able to use $ kubectl -n kubeless port-forward svc/nats 4222:4222
Forwarding from 127.0.0.1:4222 -> 4222
Forwarding from [::1]:4222 -> 4222
Handling connection for 4222 Which allows me to use: $ kubeless trigger nats publish --url nats://localhost:4222 --topic hello-world --message "Hello World!"
INFO[0000] Published [hello-world] : 'Hello World!' |
seems we don't use a proxy to get to the nats broker.
So if we run in the cloud, we need to open the broker to the world to be able to reach it with the convenience function
kubeless trigger nats publish
I would rather do a proxy under the hood to avoid this security hole.
The text was updated successfully, but these errors were encountered: