Skip to content

Setup

This page contains the exact commands that were used to create the currently setup operator structure.

Staging Setup

Operator: stream-staging

stream-staging (Account)

nsc add account stream-staging
nsc edit account stream-staging --sk generate \
  --js-disk-storage -1 \
  --js-consumer -1 \
  --js-streams -1

solaris (User)

nsc add user  --account stream-staging --name solaris \
  --allow-pub "staging.tunnel.inbound" \
  --allow-sub "staging.tunnel.outbound" \
  --allow-pub "staging.private.solaris.>" \
  --allow-sub "staging.private.solaris.>" \
  --allow-pub "audit" \
  --allow-pub '$JS.API.>' \
  --allow-pub '$JS.ACK.>' \
  --allow-pub '$JS.FC.>' \
  --allow-pub '$JSC.>' \
  --allow-sub '$JS.API.>' \
  --allow-sub '$JS.ACK.>' \
  --allow-sub '$JS.FC.>' \
  --allow-sub '$JSC.>' \
  --allow-sub "_INBOX.>"

nexus (User)

nsc add user  --account stream-staging --name nexus \
  --allow-pub "staging.tunnel.outbound" \
  --allow-sub "staging.tunnel.inbound" \
  --allow-pub "audit" \
  --allow-pub '$JS.API.>' \
  --allow-pub '$JS.ACK.>' \
  --allow-pub '$JS.FC.>' \
  --allow-pub '$JSC.>' \
  --allow-sub '$JS.API.>' \
  --allow-sub '$JS.ACK.>' \
  --allow-sub '$JS.FC.>' \
  --allow-sub '$JSC.>' \
  --allow-sub "_INBOX.>"

nui (User)

The nui user is used by NUI to monitor the NATS cluster and look at stuff.

nsc add user --account stream-staging --name nui \
  --allow-pub '>' \
  --allow-sub '>'

init (User)

The init user is used by nack to manage our streams

nsc add user --account stream-staging --name init \
  --allow-pub '$JS.API.>' \
  --allow-sub '$JS.API.>' \
  --allow-sub "_INBOX.>"

stream-dev (Account)

nsc add account stream-dev
nsc edit account stream-dev --sk generate \
  --js-disk-storage -1 \
  --js-consumer -1 \
  --js-streams -1

solaris (User)

nsc add user  --account stream-dev --name solaris \
  --allow-pub "dev.tunnel.inbound" \
  --allow-sub "dev.tunnel.outbound" \
  --allow-pub "dev.private.solaris.>" \
  --allow-sub "dev.private.solaris.>" \
  --allow-pub "audit" \
  --allow-pub '$JS.API.>' \
  --allow-pub '$JS.ACK.>' \
  --allow-pub '$JS.FC.>' \
  --allow-pub '$JSC.>' \
  --allow-sub '$JS.API.>' \
  --allow-sub '$JS.ACK.>' \
  --allow-sub '$JS.FC.>' \
  --allow-sub '$JSC.>' \
  --allow-sub "_INBOX.>"

nexus (User)

nsc add user  --account stream-dev --name nexus \
  --allow-pub "dev.tunnel.outbound" \
  --allow-sub "dev.tunnel.inbound" \
  --allow-pub "audit" \
  --allow-pub '$JS.API.>' \
  --allow-pub '$JS.ACK.>' \
  --allow-pub '$JS.FC.>' \
  --allow-pub '$JSC.>' \
  --allow-sub '$JS.API.>' \
  --allow-sub '$JS.ACK.>' \
  --allow-sub '$JS.FC.>' \
  --allow-sub '$JSC.>' \
  --allow-sub "_INBOX.>"

nui (User)

The nui user is used by NUI to monitor the NATS cluster and look at stuff.

nsc add user --account stream-dev --name nui \
  --allow-pub '>' \
  --allow-sub '>'

init (User)

The init user is used by nack to manage our streams

nsc add user --account stream-dev --name init \
  --allow-pub '$JS.API.>' \
  --allow-sub '$JS.API.>' \
  --allow-sub "_INBOX.>"

Production Setup

Operator: stream-prod

stream-prod (Account)

nsc add account stream-prod
nsc edit account stream-prod --sk generate \
  --js-disk-storage -1 \
  --js-consumer -1 \
  --js-streams -1

solaris (User)

nsc add user  --account stream-prod --name solaris \
  --allow-pub "prod.tunnel.inbound" \
  --allow-sub "prod.tunnel.outbound" \
  --allow-pub "prod.private.solaris.>" \
  --allow-sub "prod.private.solaris.>" \
  --allow-pub "audit" \
  --allow-pub '$JS.API.>' \
  --allow-pub '$JS.ACK.>' \
  --allow-pub '$JS.FC.>' \
  --allow-pub '$JSC.>' \
  --allow-sub '$JS.API.>' \
  --allow-sub '$JS.ACK.>' \
  --allow-sub '$JS.FC.>' \
  --allow-sub '$JSC.>' \
  --allow-sub "_INBOX.>"

nexus (User)

nsc add user  --account stream-prod --name nexus \
  --allow-pub "prod.tunnel.outbound" \
  --allow-sub "prod.tunnel.inbound" \
  --allow-pub "audit" \
  --allow-pub '$JS.API.>' \
  --allow-pub '$JS.ACK.>' \
  --allow-pub '$JS.FC.>' \
  --allow-pub '$JSC.>' \
  --allow-sub '$JS.API.>' \
  --allow-sub '$JS.ACK.>' \
  --allow-sub '$JS.FC.>' \
  --allow-sub '$JSC.>' \
  --allow-sub "_INBOX.>"

nui (User)

The nui user is used by NUI to monitor the NATS cluster and look at stuff.

nsc add user --account stream-prod --name nui \
  --allow-pub '>' \
  --allow-sub '>'

init (User)

The init user is used by nack to manage our streams

nsc add user --account stream-prod --name init \
  --allow-pub '$JS.API.>' \
  --allow-sub '$JS.API.>' \
  --allow-sub "_INBOX.>"

Updating NATS

First, port-forward nats to your local machine

kubectl port-forward svc/nats -n nats 4223:4222

Then, push the config

nsc push --system-account SYS -u nats://localhost:4223 -A --data-dir ./nats-config/stores

!!! note The --data-dir flag is very important! We utilize it to store the operator config in the stream-infra repository.