taigrr/nats.docs
1
0
Fork 0
mirror of https://github.com/taigrr/nats.docs synced 2025-01-18 04:03:23 -08:00
Code Issues Projects Releases Wiki Activity

Merge pull request #96 from nats-io/external-nlb-note

Browse Source 
Add note on using L4 load balancers in K8S
This commit is contained in:
Ginger Collison 2020-05-07 12:07:51 -05:00 committed by GitHub
commit a8bad724db
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 47 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
SUMMARY.md
View File

@ -199,4 +199,4 @@
* [NATS and Prometheus Operator](nats-on-kubernetes/prometheus-and-nats-operator.md) * [NATS and Prometheus Operator](nats-on-kubernetes/prometheus-and-nats-operator.md)
* [NATS Cluster and Cert Manager](nats-on-kubernetes/nats-cluster-and-cert-manager.md) * [NATS Cluster and Cert Manager](nats-on-kubernetes/nats-cluster-and-cert-manager.md)
* [Securing a NATS Cluster with cfssl](nats-on-kubernetes/operator-tls-setup-with-cfssl.md) * [Securing a NATS Cluster with cfssl](nats-on-kubernetes/operator-tls-setup-with-cfssl.md)
* [Using a Load Balancer for External Access to NATS](nats-on-kubernetes/nats-external-nlb.md)

46
nats-on-kubernetes/nats-external-nlb.md Normal file
View File

@ -0,0 +1,46 @@
# Using a load balancer for external access to NATS on K8S
Although it is not recommended in general to use a load balancer
with NATS for external access, sometimes due to policy it might
help to use one. If that is the case, then one option would be
to use an L4 load balancer that has raw tcp support.
In the example below, you can find how to use an [AWS Network Load Balancer](https://docs.aws.amazon.com/elasticloadbalancing/latest/network/introduction.html)
to connect externally to a cluster that has TLS setup.
```sh
# One-line installer creates a secure cluster named 'nats'
$ curl -sSL https://nats-io.github.io/k8s/setup.sh | sh
# Create AWS Network Load Balancer service
$ echo '
apiVersion: v1
kind: Service
metadata:
name: nats-nlb
namespace: default
labels:
app: nats
annotations:
service.beta.kubernetes.io/aws-load-balancer-type: "nlb"
spec:
type: LoadBalancer
externalTrafficPolicy: Local
ports:
- name: nats
port: 4222
protocol: TCP
targetPort: 4222
selector:
app: nats
' | kubectl apply -f -
$ kubectl get svc nats-nlb -o wide
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE SELECTOR
nats-nlb LoadBalancer 10.100.67.123 a18b60a948fc611eaa7840286c60df32-9e96a2af4b5675ec.elb.us-east-2.amazonaws.com 4222:30297/TCP 151m app=nats
$ nats-pub -s nats://a18b60a948fc611eaa7840286c60df32-9e96a2af4b5675ec.elb.us-east-2.amazonaws.com:4222 -creds nsc/nkeys/creds/KO/A/test.creds test.foo bar
```
Also, it would be recommended to disable [no_advertise](../nats-server/configuration/clustering/cluster_config.md)
to avoid gossiping internal addresses from pods in Kubernetes to NATS clients.