Authorization Violation connection issue with management through accounts
andreyreshetnikov-zh opened this issue · comments
Hello everyone, there is a problem with creating resources using NACK
versions:
nats: nats:2.9.8-alpine, deployed by helm chart 0.19.1
nack: jetstream-controller:0.8.0, deployed by helm chart 0.19.0 and CRD v0.8.0
NACK config:
jetstream:
enabled: true
resources:
limits:
cpu: 500m
memory: 1024Mi
requests:
cpu: 100m
memory: 256Mi
after deployment, NACK works well, there are no errors in the logs.
I want to manage many resources in different accounts, so after creating an account in NATS, I added the credentials of this account to the secrets of k8s and created an account entity:
---
apiVersion: jetstream.nats.io/v1beta2
kind: Account
metadata:
name: test
spec:
name: test
servers:
- nats://nats.${URL}:4222
creds:
secret:
name: nats-nack-account-test
file: nats-nack-account-test.creds
next, I tried to create a Stream using this account, added stream:
---
apiVersion: jetstream.nats.io/v1beta2
kind: Stream
metadata:
name: test-nack
spec:
name: test-nack
subjects: ["foo", "foo.>"]
storage: file
replicas: 1
account: test
after that, errors appeared in the NACK logs:
failed to process stream: failed to connect to nats-servers(nats://nats.${URL}:4222): nats: Authorization Violation
I rechecked the URL and accounts secrets, everything is correct and there are no errors.
Its important that if I specify this account directly in the NACK config, then everything works without errors, Stream is created:
jetstream:
enabled: true
nats:
url: nats://nats.${URL}:4222
credentials:
secret:
name: nats-nack-account-test
key: "nats-nack-account-test.creds"
resources:
limits:
cpu: 500m
memory: 1024Mi
requests:
cpu: 100m
memory: 256Mi
but in this configuration, I can only manage one account, so it's not suitable.
Could you tell me what the error may be and how to solve it? klogLevel: 10
does not add clarity
also tested working with different versions, the same error:
nack-0.19.0(image 0.8.0)
E1222 15:53:21.213459 1 controller.go:416] failed to process stream: failed to connect to nats-servers(nats://nats.${URL}:4222): nats: Authorization Violation
nack-0.18.0(image v0.7.4)
E1222 15:53:21.213459 1 controller.go:416] failed to process stream: failed to connect to nats-servers(nats://nats.${URL}:4222): nats: Authorization Violation
nack-0.17.5(image 0.7.4)
E1222 15:53:21.213459 1 controller.go:416] failed to process stream: failed to connect to nats-servers(nats://nats.${URL}:4222): nats: Authorization Violation
@wallyqs thank you a lot! It works great, no errors!