-
Notifications
You must be signed in to change notification settings - Fork 164
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Configure TLS for connection to NATS KV #9036
Comments
@kobergj Can you take a look please? |
Yes. Absolutely valid point. This was not taken into account on initial implementation, but should be fairly easy to implement. We should also add an option to add TLS config for the But maybe we should adjust envvar names so we can reuse the same on all nats related features (evenst/stores/caches/registry)? I mean this will probably always be the same anyways. |
I strongly vote for sticking to KISS |
So that means we add new envvar |
Is your feature request related to a problem? Please describe.
Currently there are options to connect to the events bus (NATS) with certificates provided in env vars:
OCIS_EVENTS_ENABLE_TLS
OCIS_EVENTS_TLS_ROOT_CA_CERTIFICATE
However, there aren't any similar env vars to connect to the registry when using
nats-js-kv
.Describe the solution you'd like
Add similar env vars to connect to the app registry:
OCIS_REGISTRY_ENABLE_TLS
OCIS_REGISTRY_TLS_ROOT_CA_CERTIFICATE
The NATS options can be configured in the file:
https://github.com/owncloud/ocis/blob/master/ocis-pkg/natsjsregistry/registry.go#L170-L182
Describe alternatives you've considered
Currently we'd have to disable TLS completely in our NATS instance, or have a separate NATS instance just for the registry.
Additional context
The text was updated successfully, but these errors were encountered: