Proper way to configure Leaf Nodes to only export some subjects #5941
-
I'm trying to connect a bunch of nats instances in our cluster back to a global nats using Leaf Nodes. However, I only want to send a subset of messages (e.g., define a single pattern to sync, ignore the rest) going to the leaf node instances back to the global nats. In the docs I see mention of Is this possible? If not, are there better ways to achieve this approach? |
Beta Was this translation helpful? Give feedback.
Replies: 2 comments 1 reply
-
Soliciting leafnodes should provide authentication information for when they connect to the hub. Just put permissions on that user from the hub side the restricts what that user (the one that was used to form the leafnode connection) can and can not do. |
Beta Was this translation helpful? Give feedback.
-
@derekcollison @humphd NATS HUB CONFIG FILE BELOW`leafnodes { authorization: { no_auth_user: default_user ====================== On the leaf node I have following NATS LEAF CONFIG FILE BELOW`leafnodes { `Now when I publish something on the leaf node using ./nats pub cli.demo "hello from leaf node" --server nats://nats-leaf.test.local I still see it on the nats hub ./nats sub cli.demo --server nats://nats-hub.test.local [#1] Received on "cli.demo" Shouldn't this be denied on the hub with a config of |
Beta Was this translation helpful? Give feedback.
Soliciting leafnodes should provide authentication information for when they connect to the hub. Just put permissions on that user from the hub side the restricts what that user (the one that was used to form the leafnode connection) can and can not do.