search

nats-io / nats-server

High-Performance server for NATS.io, the cloud and edge native messaging system.
https://nats.io
Apache License 2.0
16.08k stars 1.42k forks source link

Provide another way to reload the nats config #3950

Closed jarretlavallee closed 12 months ago

jarretlavallee commented 1 year ago

Feature Request

Provide a way to reload the server configuration through natscli and an SYS account API.

Use Case:

Reloading the configuration is currently done through a SIGHUP or service restart. This requires access to the service which adds additional complexity in certain deployments. In the helm chart, this is accomplished by using a shared namespace process to be able to send the HUP. Using shareProcessNamespace is a violation in CIS Benchmark for EKS version 1.0.1. To be compliant, one would need to disable the NATS configuration reload sidecar and identify another process for reloading the configuration.

Having a mechanism to reload the configuration outside of a HUP would enable additional configuration change patterns.

Proposed Change:

Use the robust authentication, authorization, and auditing scheme in nats to provide a mechanism for reloading the server configuration. One possibility is to add an API for the SYS account to reload the server configuration. e.g $SYS.REQ.SERVER.<id>.RELOAD

Who Benefits From The Change(s)?

Users who want to reload the nats server config remotely, or through an automated process without access to the service.

Alternative Approaches

Restart the nats server on configuration changes or file security exceptions.

Bhogster commented 12 months ago

Any updates on this?

jarretlavallee commented 12 months ago

This was implemented in #4307 and can be called with nats server config reload in natscli v0.1.0+.