From 97b8bce84c68762c982a8141c92a310f2eb0c066 Mon Sep 17 00:00:00 2001 From: Waldemar Quevedo Date: Mon, 4 Jan 2021 23:11:07 -0800 Subject: [PATCH] Update nats-external-nlb.md --- nats-on-kubernetes/nats-external-nlb.md | 96 ++++++++++++++++++++++++- 1 file changed, 93 insertions(+), 3 deletions(-) diff --git a/nats-on-kubernetes/nats-external-nlb.md b/nats-on-kubernetes/nats-external-nlb.md index 91e28d4..dc29dcc 100644 --- a/nats-on-kubernetes/nats-external-nlb.md +++ b/nats-on-kubernetes/nats-external-nlb.md @@ -1,6 +1,4 @@ -# Using a Load Balancer for External Access to NATS - -Although it is not recommended in general to use a load balancer with NATS for external access, sometimes due to policy it might help to use one. If that is the case, then one option would be to use an L4 load balancer that has raw tcp support. +## Using a Load Balancer for External Access to NATS In the example below, you can find how to use an [AWS Network Load Balancer](https://docs.aws.amazon.com/elasticloadbalancing/latest/network/introduction.html) to connect externally to a cluster that has TLS setup. @@ -40,3 +38,95 @@ $ nats-pub -s nats://a18b60a948fc611eaa7840286c60df32-9e96a2af4b5675ec.elb.us-ea Also, it would be recommended to set [no\_advertise](../nats-server/configuration/clustering/cluster_config.md) to `true` in order to avoid gossiping internal addresses from pods in Kubernetes to NATS clients. +## Setting up a NATS Server with external access on Azure + +With the following, you can create a 3-node NATS Server cluster: + +```sh +kubectl apply -f https://raw.githubusercontent.com/nats-io/k8s/b55687a97a5fd55485e1af302fbdbe43d2d3b968/nats-server/leafnodes/nats-cluster.yaml +``` + +The configuration map from the NATS cluster that was created can be found below. + +```yaml +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: nats-config +data: + nats.conf: | + pid_file: "/var/run/nats/nats.pid" + http: 8222 + # debug: true + ping_interval: 30s + + cluster { + port: 6222 + no_advertise: true + + routes: [ + nats://nats-0.nats.default.svc:6222 + nats://nats-1.nats.default.svc:6222 + nats://nats-2.nats.default.svc:6222 + ] + } + + leaf { + port: 7422 + authorization { + timeout: 3s + users = [ + { user: "foo", pass: "bar" } + ] + } + } +``` + +Now let's expose the NATS Server by creating an L4 load balancer on Azure: + +```sh +kubectl apply -f https://raw.githubusercontent.com/nats-io/k8s/b55687a97a5fd55485e1af302fbdbe43d2d3b968/nats-server/leafnodes/lb.yaml +``` + +Confirm the public IP that was allocated to the `nats-lb` service that was created, in this case it is `52.155.49.45`: + +``` +$ kubectl get svc -o wide +NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE SELECTOR +kubernetes ClusterIP 10.0.0.1 443/TCP 81d +nats ClusterIP None 4222/TCP,6222/TCP,8222/TCP,7777/TCP,7422/TCP,7522/TCP 7h46m app=nats +nats-lb LoadBalancer 10.0.107.18 52.155.49.45 4222:31161/TCP,7422:30960/TCP 7h40m app=nats +``` + +Notice that the leafnode configuration requires authorization, so in order to connect to it we will need to configuration as follows: + +```ruby +leaf { + remotes = [ + { + url: "nats://foo:bar@52.155.49.45:7422" + } + ] +} +``` + +You can also add a NATS Streaming cluster into the cluster connecting to the port 4222: + +```sh +kubectl apply -f https://raw.githubusercontent.com/nats-io/k8s/b55687a97a5fd55485e1af302fbdbe43d2d3b968/nats-server/leafnodes/stan-server.yaml +``` + +Now if you create two NATS Servers that connect to the same leafnode port, they will be able to receive messages to each other: + +```sh +nats-server -c leafnodes/leaf.conf -p 4222 & +nats-server -c leafnodes/leaf.conf -p 4223 & + +$ nats-sub -s localhost:4222 foo & +$ nats-pub -s localhost:4223 foo hello + +Listening on [foo] +[#1] Received on [foo] : 'hello' +``` +