First of all, thank you for the great product and support you provide (I use the NATS slack workspace to ask specific questions), bravo!
Going back to the issue, we use NATS sever version is 2.10.9.
What environment was the server running in?
we use Helm chart running on Kubernetes version v1.26.10-gke.1101000 in the cloud:
apiVersion: v2
appVersion: 2.10.9
description: A Helm chart for the NATS.io High Speed Cloud Native Distributed Communications
Technology.
home: http://github.com/nats-io/k8s
icon: https://nats.io/img/nats-icon-color.png
keywords:
- nats
- messaging
- cncf
maintainers:
- email: info@nats.io
name: The NATS Authors
url: https://github.com/nats-io
name: nats
version: 1.1.7
Is this defect reproducible?
we recently added a leaf node to connect to our main cluster. For that we updated our configuration to be able to connect the leaf node to the main cluster using TLS (cluster was already there). We only enable TLS to connect the leaf node, but it's disable on the NATS server and on the main cluster itself.
The connection of the leaf node using TLS, works perfectly fine.
The issue we experience is that when trying to connect to the nats-box in the main cluster (before it was possible), we get this error nats: secure connection not available, e.g.:
kubectl exec -it nats-box-7477647588-m6lsc -- nats stream report
nats: error: setup failed: nats: secure connection not available
The only diff I see with the previous setup in the NATS box is that we have new volume and volumeMount for the CA certificates. But this shouldn't affect if TLS is disable in NATS server, right?
Given the capability you are leveraging, describe your expectation?
I expect that if TLS is only enable in the leaf node, I can execute this command successfully: kubectl exec -it nats-box-7477647588-m6lsc -- nats stream report showing me stream report information.
Given the expectation, what is the defect you are observing?
Seems that somehow TLS is enable when trying to connect to the nats box container.
Thank you in advance and please let me know how I can assist.
susana-garcia
commented
5 months ago
What version were you using?
First of all, thank you for the great product and support you provide (I use the NATS slack workspace to ask specific questions), bravo!
Going back to the issue, we use NATS sever version is 2.10.9.
What environment was the server running in?
we use Helm chart running on Kubernetes version
v1.26.10-gke.1101000in the cloud:Is this defect reproducible?
we recently added a leaf node to connect to our main cluster. For that we updated our configuration to be able to connect the leaf node to the main cluster using TLS (cluster was already there). We only enable TLS to connect the leaf node, but it's disable on the NATS server and on the main cluster itself. The connection of the leaf node using TLS, works perfectly fine. The issue we experience is that when trying to connect to the nats-box in the main cluster (before it was possible), we get this error
nats: secure connection not available, e.g.:Helm char updated values looks like:
The only diff I see with the previous setup in the NATS box is that we have new
volumeandvolumeMountfor the CA certificates. But this shouldn't affect if TLS is disable in NATS server, right?Given the capability you are leveraging, describe your expectation?
I expect that if TLS is only enable in the leaf node, I can execute this command successfully:
kubectl exec -it nats-box-7477647588-m6lsc -- nats stream reportshowing me stream report information.Given the expectation, what is the defect you are observing?
Seems that somehow TLS is enable when trying to connect to the nats box container.
Thank you in advance and please let me know how I can assist.