Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

how to Allow leafnode remotes but not leafnode connections #895

Closed
tommyjcarpenter opened this issue Apr 26, 2024 · 2 comments
Closed

how to Allow leafnode remotes but not leafnode connections #895

tommyjcarpenter opened this issue Apr 26, 2024 · 2 comments
Labels
proposal Enhancement idea or proposal

Comments

@tommyjcarpenter
Copy link

tommyjcarpenter commented Apr 26, 2024
edited
Loading

What motivated this proposal?

i dont see how its possible to form a config that looks like this:

listen:4222

port: 4222 # client port

leafnodes {
    # NO PORT DOES NOT LISTEN FOR  LEAFS
    remotes = [
        {
            url: "nats://...:7422",
            account: ...
            credentials: ...
        },
    ],
}

without adding a port, so that this server itself does not allow leaf connections.

I have tested that this works, without helm.

even explicitly setting to null:

nats:
   config:
      leafnodes:
        enabled: true
        port: null   # doesnt work
        remotes:
          - url: xxx:7222
            account: ...
            credentials: ...

doesnt work:

[7] 2024/04/26 15:34:31.189556 [INF] Listening for leafnode connections on 0.0.0.0:7422.  # DONT WANT
[7] 2024/04/26 15:34:31.189855 [INF] Listening for client connections on 0.0.0.0:4222
[7] 2024/04/26 15:34:31.189865 [INF] TLS required for client connections
[7] 2024/04/26 15:34:31.189974 [INF] Server is ready
[7] 2024/04/26 15:34:31.190021 [INF] Cluster name is infra-nats
[7] 2024/04/26 15:34:31.190045 [INF] Listening for route connections on 0.0.0.0:6222
... trying to connect to route (attempt 1): dial (unrelated error connecting out to xxx:7222)

the relevent template is here: https://github.com/nats-io/k8s/blob/main/helm/charts/nats/files/config/leafnodes.yaml#L2

What is the proposed change?

maybe move port under a flag like if allowConnections?

Who benefits from this change?

No response

What alternatives have you evaluated?

No response
@tommyjcarpenter tommyjcarpenter added the proposal Enhancement idea or proposal label Apr 26, 2024
@caleblloyd
Copy link
Contributor

Dupe of #772

Right now the config.leafnodes.enabled turns on the server portion. If all you need is remotes leave config.leafnodes.enabled=false, you should be able to workaoround with something like this:

config:
  merge:
    lefanodes:
      remotes:
      - url: xxx:7222
        account: ...
        credentials: ...

Since you can put any valid nats.conf into config.merge

@tommyjcarpenter
Copy link
Author

@caleblloyd that still leaves:

[7] 2024/04/26 23:19:40.432725 [ERR] Error trying to connect as leafnode to remote server ":7422" (attempt 1): lookup for host "": lookup : no such host

because it gets merged in with the default parameters..

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
proposal Enhancement idea or proposal
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@caleblloyd @tommyjcarpenter