how to Allow leafnode remotes but not leafnode connections
tommyjcarpenter opened this issue · 2 comments
What motivated this proposal?
i dont see how its possible to form a config that looks like this:
listen:4222
port: 4222 # client port
leafnodes {
# NO PORT DOES NOT LISTEN FOR LEAFS
remotes = [
{
url: "nats://...:7422",
account: ...
credentials: ...
},
],
}
without adding a port, so that this server itself does not allow leaf connections.
I have tested that this works, without helm.
even explicitly setting to null:
nats:
config:
leafnodes:
enabled: true
port: null # doesnt work
remotes:
- url: xxx:7222
account: ...
credentials: ...
doesnt work:
[7] 2024/04/26 15:34:31.189556 [INF] Listening for leafnode connections on 0.0.0.0:7422. # DONT WANT
[7] 2024/04/26 15:34:31.189855 [INF] Listening for client connections on 0.0.0.0:4222
[7] 2024/04/26 15:34:31.189865 [INF] TLS required for client connections
[7] 2024/04/26 15:34:31.189974 [INF] Server is ready
[7] 2024/04/26 15:34:31.190021 [INF] Cluster name is infra-nats
[7] 2024/04/26 15:34:31.190045 [INF] Listening for route connections on 0.0.0.0:6222
... trying to connect to route (attempt 1): dial (unrelated error connecting out to xxx:7222)
the relevent template is here: https://github.com/nats-io/k8s/blob/main/helm/charts/nats/files/config/leafnodes.yaml#L2
What is the proposed change?
maybe move port
under a flag like if allowConnections
?
Who benefits from this change?
No response
What alternatives have you evaluated?
No response
Dupe of #772
Right now the config.leafnodes.enabled
turns on the server portion. If all you need is remotes leave config.leafnodes.enabled=false
, you should be able to workaoround with something like this:
config:
merge:
lefanodes:
remotes:
- url: xxx:7222
account: ...
credentials: ...
Since you can put any valid nats.conf
into config.merge
@caleblloyd that still leaves:
[7] 2024/04/26 23:19:40.432725 [ERR] Error trying to connect as leafnode to remote server ":7422" (attempt 1): lookup for host "": lookup : no such host
because it gets merged in with the default parameters..