Overview
NATS is our messaging broker of choice.
It offers:
- regular pub/sub messaging, we use that for the app-internal message bus (module-2-module) or app-internal events
- streams (aka JetStream), which are durable and store messages on disk. We use those for microservice-2-microservice communication
- request/response pattern, while not in use at the time of writing, could be useful for requesting data from Mercury in the future
NACK
To manage NATS in our Kubernetes clusters, we use NACK1 which allows us to declare required streams and other configurations using Kubernetes resources
NUI
To get some kind of visualization of what's going on in NATS, debug things, etc we host an instance of NUI2.
Tools
The following tools are needed to manage NATS from you local system.
# install nats tools
brew tap nats-io/nats-tools
brew install nats-io/nats-tools/nsc
brew install nats-io/nats-tools/nats
# install nkeys util
go install github.com/nats-io/nkeys/nk@latest
NATS management basics
Operator creation
nsc add operator --name MyOperator --generate-signing-key --sys
Account creation
Accounts in NATS NKeys are groups of users. Generally, streams or messages are not shared between accounts.
To add an account
nsc add account stream-core
nsc edit account stream-core --sk generate
and enable JetStream (-1 == infinite)
nsc edit account stream-core --js-disk-storage -1 --js-consumer -1 --js-streams -1
User creation
Users are nested inside accounts and allow fine-grained permissions for each app.
Create users
nsc add user --account stream-core --name nexus
nsc add user --account stream-core --name solaris
and set their permissions
nsc edit user nexus \
--account stream-core \
--allow-pub "my.topic" \
--allow-sub "my.topic"
nsc edit user solaris \
--account stream-core \
--allow-sub "staging.tunnel.inbound" \
--allow-pub "staging.tunnel.outbound" \
--allow-pub "staging.private.solaris.>" \
--allow-sub "staging.private.solaris.>" \
--allow-pub "audit" \
--allow-pub '$JS.API.>' \
--allow-sub "_INBOX.>"