NATS 2.10 Webinar
ฝัง
- เผยแพร่เมื่อ 27 ส.ค. 2024
- Additional NATS 2.10 Resources
- Blog post - nats.io/blog/n...
- Upgrade guide - docs.nats.io/r...
- Release notes - github.com/nat...
- NATS.fm EP06 - www.synadia.co...
Video Errata:
- ^Correction "no more clear-text INFO messages", CONNECT messages are encrypted if TLS is required
12:00 a small correction: TLS handshake was always performed after INFO (that says to a client that TLS is required) and before CONNECT (that carries e.g. client's password). It was never the case that a password would be sent as clear text. The new feature TLS-first is needed in cases when a client connects to e.g. a cloud that accepts *only* TLS. The workaround until now was to use WSS.
100% thank you for the correction.
Thanks for this great presentation Byron :)
I still think there should be a gui dashboard that should ship with the binary to allow full control of nats without having to learn and dive into config after config. It's holding nats back imo.
Very much acknowledged :) There are a couple things in the works.
and many thanks for the auth callout, I'm really looking forward to NATS-LDAP integration out of the box
Is that a plan?
impressive improvements. I 2nd the GUI , as it will make management easier
Timestamps
00:24 Highlights
01:18 Stream compression
04:25 Stream storage format
07:50 MQTT QoS 2
08:01 Native MQTT client support
10:20 IBG z/OS and NetBSD
11:57 TLS-first leafnodes
14:50 Auth callout
17:36 v2 networking
27:15 Multi-filter consumers
30:15 Stream subject transforms
34:56 Demo (Auth callout + OAuth2)
53:00 Q&A
Lovely session, thank you so so much! Learning a lot. Love demos like this.
Just to "throw it out there": maybe auth callout could be combined nicely with Open Policy Agent?!? 🤔 (Don't need it myself right now, but the idea might be inspiring for someone..).
Thank you! OPA has been considered for a way to generalize the expression of authentication checks and JWT formation across backends.
Are different TCP Destination Ports needed for the multi TCP Connections or are they just identified by Source Port where the Client opens multiple TCP Connections to the same Server Port, meaning Firewalls or k8s Services are unaware about the multiple TCP connections?
Correct, the latter. Same destination port, but source port is different.
@@SynadiaCommunications well done!
AFAIK MQTT5 support REQ/REPLY Semantics, does it makes sense ot have this in the MQTT Bridge ?
Good question! The MQTT subsystem in NATS supports version 3.1.x today, not yet version 5.
@@SynadiaCommunications sure, read that, was just acomment that 5.0 claims RPC support, which fact seems to be just REQ REPL topics
Where is the auth0 integration code repo?
Not sure about Auth0, but we do have docs on our Auth callout feature here: docs.nats.io/running-a-nats-service/configuration/securing_nats/auth_callout