NATS.io is a simple, secure and high performance open source messaging system for cloud
native applications, IoT messaging, and microservices architectures.
- misc ›
This charm provides a way to deploy a NATS core cluster. See https://nats.io/ for
more information about NATS itself.
- installation of nats-server via a snap (either from the store or a resource);
- clustering with route URLs automatically added to the config of each unit;
- debug options.
- TLS support
- NATS core does not have message persistence so leadership is not used for
ordering of addition of units to the cluster - they come up as they are added
and for a full mesh;
- Route URLs are added to all other peers on each unit so that there is no
dependency on a particular unit for discovering others;
- Official NATS clients are multi-endpoint aware and will attempt to connect to
a random NATS server and find the one that is alive so there is no need for a
cluster virtual IP. Therefore, different NATS units can be in different
subnets and are not tied to a shared L2 domain.
juju deploy <nats-charm-dir>
Deploy with TLS Termination via a Relation
juju deploy <nats-charm-dir> -n 3 # The Vault charm implements the same interface. juju deploy cs:~containers/easyrsa juju relate nats easyrsa
A CA certificate obtained via a relation to a CA charm will also be exposed for NATS charm clients.
juju config nats debug=true trace=true juju ssh --unit nats/0 journalctl -f -u snap.nats.server.service
- (int) A port NATS listens on for incoming client connections.
- (int) A port NATS listens on for incoming cluster connections.
- (boolean) Enable nats-server debug logging.
- (boolean) Whether to use 0.0.0.0 for the client listening socket or not (all IPv4 and IPv6 addresses). NATS does not support multiple "listen" directives and the charm will error out if there are cross-model relations that result in multiple *different* bind-addresses available for relations of the client relation endpoint.
- (boolean) Enable or disable usage of values in client certificates for authentication purposes (used in conjunction with verify-tls-clients only.
- (string) Snap Store channel to install the NATs snap from
- (string) A CA certificate to be used for verification of TLS certificates of NATS cluster peers. Optional if TLS certificates are signed by a certificate authority that the core snap trusts.
- (string) A TLS server certificate to be used by NATS.
- (string) A TLS server key to be used by NATS.
- (boolean) Enable tracing of raw protocol messages for nats-server.
- (boolean) Enable or disable mandatory client TLS certificate verification.