NATS Docs
NATS Docs
NATS.io
Twitter
Slack
GitHub
Introduction
What's New!
NATS 2.0
Compare NATS
FAQ
NATS Concepts
What is NATS
Subject-Based Messaging
Publish-Subscribe
Request-Reply
Queue Groups
Acknowledgements
Sequence Numbers
Developing With NATS
Introduction
Connecting
Automatic Reconnections
Securing Connections
Receiving Messages
Sending Messages
Monitoring the Connection
Tutorials
NATS Server
Installing
Running
Clients
Flags
Configuration
Managing A NATS Server
NATS and Docker
NATS Tools
Introduction
mkpasswd
nk
nsc
nats-account-server
nats-top
nats-bench
NATS Streaming Concepts
Introduction
Relation to NATS
Client Connections
Channels
Store Interface
Store Encryption
Clustering
Fault Tolerance
Partitioning
Monitoring
Developing With NATS Streaming
Introduction
Connecting to NATS Streaming
Publishing to a Channel
Receiving Messages from a Channel
Durable Subscriptions
Queue Subscriptions
Acknowledgements
The Streaming Protocol
NATS Streaming Server
Important Changes
Installing
Running
Configuring
Process Signaling
Windows Service
Embedding NATS Streaming Server
Docker Swarm
NATS Protocol
Protocol Demo
Client Protocol
NATS Cluster Protocol
NATS on Kubernetes
Introduction
Basic NATS and NATS Streaming Setup
Creating a Kubernetes Cluster
NATS Streaming Cluster with FT Mode
NATS and Prometheus Operator
NATS Cluster and Cert Manager
Securing a NATS Cluster with cfssl
Using a Load Balancer for External Access to NATS
Creating a NATS Super Cluster in Digital Ocean with Helm
From Zero to K8S to Leafnodes using Helm
Powered by GitBook

Using a Load Balancer for External Access to NATS

Although it is not recommended in general to use a load balancer with NATS for external access, sometimes due to policy it might help to use one. If that is the case, then one option would be to use an L4 load balancer that has raw tcp support.

In the example below, you can find how to use an AWS Network Load Balancer to connect externally to a cluster that has TLS setup.

# One-line installer creates a secure cluster named 'nats'
$ curl -sSL https://nats-io.github.io/k8s/setup.sh | sh
​
# Create AWS Network Load Balancer service
$ echo '
apiVersion: v1
kind: Service
metadata:
  name: nats-nlb
  namespace: default
  labels:
    app: nats
  annotations:
    service.beta.kubernetes.io/aws-load-balancer-type: "nlb"
spec:
  type: LoadBalancer
  externalTrafficPolicy: Local
  ports:
  - name: nats
    port: 4222
    protocol: TCP
    targetPort: 4222
  selector:
    app: nats
' | kubectl apply -f -
​
$ kubectl get svc nats-nlb -o wide
NAME       TYPE           CLUSTER-IP      EXTERNAL-IP                                                                     PORT(S)          AGE    SELECTOR
nats-nlb   LoadBalancer   10.100.67.123   a18b60a948fc611eaa7840286c60df32-9e96a2af4b5675ec.elb.us-east-2.amazonaws.com   4222:30297/TCP   151m   app=nats
​
$ nats-pub -s nats://a18b60a948fc611eaa7840286c60df32-9e96a2af4b5675ec.elb.us-east-2.amazonaws.com:4222 -creds nsc/nkeys/creds/KO/A/test.creds test.foo bar

Also, it would be recommended to set no_advertise to true in order to avoid gossiping internal addresses from pods in Kubernetes to NATS clients.

NATS on Kubernetes - Previous
Securing a NATS Cluster with cfssl
Next - NATS on Kubernetes
Creating a NATS Super Cluster in Digital Ocean with Helm
Last updated 4 months ago
Edit on GitHub