Service Account Auth - authorization violation on stan-cluster-1 (NatsStreamingCluster) #58
Comments
|
Same issue here |
|
currently serviceaccount auth can't be done with the streaming operator, something like the following would work with statefulsets though: ---
apiVersion: v1
kind: ConfigMap
metadata:
name: stan-conf
data:
stan.conf: |
streaming {
ns: $NATS_SERVER_URL
}
---
apiVersion: apps/v1
kind: StatefulSet
metadata:
name: stan
labels:
app: stan
spec:
selector:
matchLabels:
app: stan
replicas: 1
serviceName: stan
template:
metadata:
labels:
app: stan
spec:
volumes:
- name: stan-conf
configMap:
name: stan-conf
containers:
- name: nats-streaming
image: nats-streaming:0.16.2
args:
- "-sc"
- "/etc/stan/config/stan.conf"
ports:
- containerPort: 8222
name: monitor
env:
- name: SECRET_TOKEN
valueFrom:
secretKeyRef:
name: stan-pass
key: token
- name: NATS_SERVER_URL
value: "nats://svc-account:$(SECRET_TOKEN)@nats:4222"
volumeMounts:
- mountPath: /etc/stan/config
name: stan-conf
readOnly: true
---
apiVersion: v1
kind: Service
metadata:
name: stan
labels:
app: stan
spec:
selector:
app: stan
clusterIP: None
ports:
- name: monitor
port: 8222 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
I recently implemented service accounts and it works great for standard NATS communication on the nats-cluster, however, the NatsStreamingCluster isn't making use of the Service Accounts setup, do I have to manually define what credentials it uses? And if so, where would I put this in the Kubernetes YAML config?
Any ideas?
The text was updated successfully, but these errors were encountered: