We will cover the following in this document:
-
Operator managed deployment of nats-server
-
NATS based resolver configuration
-
Using
nsc
to create, push and pull accounts to and from the server -
Creating dynamic accounts and users using go client
Create an operator "op" (with a SYS account) that will be the root of trust for our nats-server:
nsc add operator --sys -n op
We will use above created operator to generate server config:
nsc generate config --nats-resolver --sys-account SYS > server.conf
The above command will write the config to server.conf
. --nats-resolver
flag enables NATS based resolver for account lookup.
nats-server can be started using above generated config:
nats-server -c server.conf
If you try to do pub/sub at this point, you will get "Authorization Violation" error from the nats-server. Let's create an account and an user to do pub/sub.
-
Edit operator to add nats-server URL (Default context will be the recently created operator):
nsc edit operator --account-jwt-server-url nats://0.0.0.0:4222
-
Create account:
nsc add account --name a
-
Push account to the nats-server:
nsc push -a a
-
Create an user for account "a":
nsc add user --name u1 --account a
When a user is created using nsc, it will print out the path for the creds file. We'll use those creds to publish a message.
-
Publish a message
nats pub sub.test hello --creds <path/to/creds/file>