CNCF and Synadia Align on Securing the Future of the NATS.io Project. Read the joint press release.
NATS Docs
NATS.ioNATS by ExampleGitHubSlackTwitter
  • Welcome
  • Release Notes
    • What's New!
      • NATS 2.11
      • NATS 2.10
      • NATS 2.2
      • NATS 2.0
  • NATS Concepts
    • Overview
      • Compare NATS
    • What is NATS
      • Walkthrough Setup
    • Subject-Based Messaging
    • Core NATS
      • Publish-Subscribe
        • Pub/Sub Walkthrough
      • Request-Reply
        • Request-Reply Walkthrough
      • Queue Groups
        • Queueing Walkthrough
    • JetStream
      • Streams
      • Source and Mirror Streams
        • Example
      • Consumers
        • Example
      • JetStream Walkthrough
      • Key/Value Store
        • Key/Value Store Walkthrough
      • Object Store
        • Object Store Walkthrough
      • Headers
    • Subject Mapping and Partitioning
    • NATS Service Infrastructure
      • NATS Adaptive Deployment Architectures
    • Security
    • Connectivity
  • Using NATS
    • NATS Tools
      • nats
        • nats bench
      • nk
      • nsc
        • Basics
        • Streams
        • Services
        • Signing Keys
        • Revocation
        • Managed Operators
      • nats-top
        • Tutorial
    • Developing With NATS
      • Anatomy of a NATS application
      • Connecting
        • Connecting to the Default Server
        • Connecting to a Specific Server
        • Connecting to a Cluster
        • Connection Name
        • Authenticating with a User and Password
        • Authenticating with a Token
        • Authenticating with an NKey
        • Authenticating with a Credentials File
        • Encrypting Connections with TLS
        • Setting a Connect Timeout
        • Ping/Pong Protocol
        • Turning Off Echo'd Messages
        • Miscellaneous functionalities
        • Automatic Reconnections
          • Disabling Reconnect
          • Set the Number of Reconnect Attempts
          • Avoiding the Thundering Herd
          • Pausing Between Reconnect Attempts
          • Listening for Reconnect Events
          • Buffering Messages During Reconnect Attempts
        • Monitoring the Connection
          • Listen for Connection Events
          • Slow Consumers
      • Receiving Messages
        • Synchronous Subscriptions
        • Asynchronous Subscriptions
        • Unsubscribing
        • Unsubscribing After N Messages
        • Replying to a Message
        • Wildcard Subscriptions
        • Queue Subscriptions
        • Draining Messages Before Disconnect
        • Receiving Structured Data
      • Sending Messages
        • Including a Reply Subject
        • Request-Reply Semantics
        • Caches, Flush and Ping
        • Sending Structured Data
      • Building Services
      • JetStream
        • JetStream Model Deep Dive
        • Managing Streams and consumers
        • Consumer Details
        • Publishing to Streams
        • Using the Key/Value Store
        • Using the Object Store
      • Tutorials
        • Advanced Connect and Custom Dialer in Go
    • Running Workloads on NATS
      • Getting Started
        • Installing Nex
        • Building a Service
        • Starting a Node
        • Deploying Services
        • Building a Function
        • Deploying Functions
      • Host Services
        • Javascript | V8
      • Nex Internals
        • Architecture Overview
        • Node Process
        • Nex Agent
        • No Sandbox Mode
        • Root File System
        • Control Interface
      • FAQ
  • Running a NATS service
    • Installing, running and deploying a NATS Server
      • Installing a NATS Server
      • Running and deploying a NATS Server
      • Windows Service
      • Flags
    • Environmental considerations
    • NATS and Docker
      • Tutorial
      • Docker Swarm
      • Python and NGS Running in Docker
      • JetStream
      • NGS Leaf Nodes
    • NATS and Kubernetes
    • NATS Server Clients
    • Configuring NATS Server
      • Configuring JetStream
        • Configuration Management
          • NATS Admin CLI
          • Terraform
          • GitHub Actions
          • Kubernetes Controller
      • Clustering
        • Clustering Configuration
        • v2 Routes
        • JetStream Clustering
          • Administration
          • Troubleshooting
      • Super-cluster with Gateways
        • Configuration
      • Leaf Nodes
        • Configuration
        • JetStream on Leaf Nodes
      • Securing NATS
        • Enabling TLS
        • Authentication
          • Tokens
          • Username/Password
          • TLS Authentication
            • TLS Authentication in clusters
          • NKeys
          • Authentication Timeout
          • Decentralized JWT Authentication/Authorization
            • Account lookup using Resolver
            • Memory Resolver Tutorial
            • Mixed Authentication/Authorization Setup
        • Authorization
        • Multi Tenancy using Accounts
        • OCSP Stapling
        • Auth Callout
      • Logging
      • Enabling Monitoring
      • MQTT
        • Configuration
      • Configuring Subject Mapping
      • System Events
        • System Events & Decentralized JWT Tutorial
      • WebSocket
        • Configuration
    • Managing and Monitoring your NATS Server Infrastructure
      • Monitoring
        • Monitoring JetStream
      • Managing JetStream
        • Account Information
        • Naming Streams, Consumers, and Accounts
        • Streams
        • Consumers
        • Data Replication
        • Disaster Recovery
        • Encryption at Rest
      • Managing JWT Security
        • In Depth JWT Guide
      • Upgrading a Cluster
      • Slow Consumers
      • Signals
      • Lame Duck Mode
      • Profiling
  • Reference
    • FAQ
    • NATS Protocols
      • Protocol Demo
      • Client Protocol
        • Developing a Client
      • NATS Cluster Protocol
      • JetStream wire API Reference
    • Roadmap
    • Contributing
  • Legacy
    • nats-account-server
Powered by GitBook
On this page
  • General
  • Running Workloads
  • Technical Details
  • General
  • What is Nex?
  • Where Can I Find Nex?
  • Who Maintains Nex?
  • Is Nex Free?
  • Running Workloads
  • What workload types can I run?
  • What is a root file system?
  • Technical Details
  • What are namespaces?
  • Are my workload configurations secure?
  • What is the difference between run and devrun?
  • How does Nex Compare to Kubernetes?
  • Do I run Nex inside Firecracker?

Was this helpful?

Edit on GitHub
Export as PDF
  1. Using NATS
  2. Running Workloads on NATS

FAQ

PreviousControl InterfaceNextInstalling, running and deploying a NATS Server

Last updated 10 months ago

Was this helpful?

Frequently Asked Questions about the NATS Execution Engine

General

Running Workloads

Technical Details

General

What is Nex?

Nex is an open source, lightweight execution engine that runs alongside NATS. Nex nodes are run to form a universal pool in which you can deploy services and functions in JavaScript, WebAssembly, and even regular operating system executable binaries.

Where Can I Find Nex?

Who Maintains Nex?

The primary maintainers of the Nex code are employees of Synadia, though more maintainers are always welcome.

Is Nex Free?

Yes, all of the code in the Nex repository is free and licensed under the Apache-2.0 license.

Running Workloads

What workload types can I run?

Nex supports two categories of workloads: services and functions. Services are long-lived while functions are short-lived and triggered on demand by some stimulus.

Services can be native, compiled binaries (64-bit elf when running with Firecracker enabled) and functions can be either a WebAssembly module or a JavaScript exported function. OCI image support is coming soon.

What is a root file system?

The root file system is essentially a snapshot of the operating system disk image that will be used when bringing up the virtual machine. It's like a Docker layer, but much more efficient.

Technical Details

What are namespaces?

A namespace is a unit of multi-tenancy. All workloads are scoped to a namespace. If you deploy the echoservice workload within the default namespace and also deploy it within the sample namespace, they will not be treated the same by Nex. Namespaces are logical groupings and Nex doesn't enforce a hard network boundary between them or enforce opinions about how you use namespaces.

Are my workload configurations secure?

Absolutely! Every request to run a workload is sent to a specific Nex node. This Nex node has a public Xkey that is used to encrypt data, such as environment variables and other sensitive data, sent to that node. Only that node can decrypt data meant for it.

Further, only the entity that started a workload can terminate that workload.

What is the difference between run and devrun?

In short, nex run is meant for production and real deployments while nex devrun is meant for developer iteration loops and testing environments. A regular request to run a workload must contain all of the following:

  • An issuer nkey that counts as the entity certifying the request

  • A publisher xkey that is used as the source of encrypted data

  • A URL indicating the location of the workload that is stored in an object store, in the form of nats://{BUCKET}/{key}.

  • A set of environment variables to be passed to the workload when it is run

  • A fixed and properly formatted workload name

  • A namespace (logical grouping) in which the workload is to be run.

Manually supplying all this information when you're just trying to develop and test on your local machine is cumbersome, so using devrun all you need do is supply a path to the workload binary file (.wasm, .js, ELF binary) and the environment variables, and the nex CLI will take care of managing the rest for you, including uploading your file to an object store automatically.

How does Nex Compare to Kubernetes?

Kubernetes is a distributed workload execution engine, as is Nex. This is where their paths diverge. Nex is able to provide an efficient, tailored user experience because it is opinionated and optimized for running NATS-based workloads, where Kubernetes is designed to be so generalized that it can do practically anything given enough time or money. This broad set of uses can make Kubernetes difficult to manage, deploy, and configure.

While most users interact with a declarative layer in Kubernetes that is managed an enormous amount of YAML, Nex is a purely imperative system easily managed via CLI and a simple API.

Do I run Nex inside Firecracker?

In a word, no. The Nex node process is responsible for spawning Firecracker VMs that contain the Nex agent. As a supervisor of Firecracker processes, the Nex node itself can't be run inside a Firecracker VM. Most of that complexity should be hidden from end users.

The code for Nex can be found in the appropriate repository. It is an open source project that is supported by Synadia, the creators of NATS.

By default, Nex uses to launch small, secure, fast, and light weight virtual machines. These machines each run an agent that manages the workload in that machine as well as communications with the Nex node.

Synadia
Firecracker
What is Nex?
Where can I find Nex?
Who maintains Nex?
Is Nex free?
What workload types can I run?
What is a root file system?
What are namespaces?
Are my workload configurations secure?
What is the difference between run and devrun?
How does Nex compare to Kubernetes?
Do I run Nex inside Firecracker?