Multi-tenancy & Resource Mgmt

To enable JetStream in a server we have to configure it at the top level first:

This will dynamically determine the available resources. It’s recommended that you set specific limits though:

  1. jetstream {
  2.     store_dir: /data/jetstream
  3.     max_mem: 1G
  4.     max_file: 100G
  5. }

At this point JetStream will be enabled and if you have a server that does not have accounts enabled, all users in the server would have access to JetStream

  1. jetstream {
  2.     store_dir: /data/jetstream
  3.     max_mem: 1G
  4.     max_file: 100G
  5. }
  7. accounts {
  8.         jetstream: enabled
  9.     }
  10. }

Here the HR account would have access to all the resources configured on the server, we can restrict it:

Now the HR account is limited in various dimensions.

If your setup is in operator mode, JetStream specific account configuration can be stored in account JWT. The earlier account named HR can be configured as follows:

  1. nsc add account --name HR
  2. nsc edit account --name HR --js-mem-storage 1G --js-disk-storage 512M  --js-streams 10 --js-consumer 100

As part of the JetStream efforts a new nats CLI has been developed to act as a single point of access to the NATS ecosystem.

This CLI has been seen throughout the guide, it’s available in the Docker containers today and downloadable on the Releases page.

Configuration Contexts

The CLI has a number of environment configuration settings - where your NATS server is, credentials, TLS keys and more:

  1. $ nats --help
  2. ...
  3.   -s, --server=NATS_URL         NATS servers
  4.       --user=NATS_USER          Username of Token
  5.       --password=NATS_PASSWORD  Password
  6.       --creds=NATS_CREDS        User credentials
  7.       --nkey=NATS_NKEY          User NKEY
  8.       --tlscert=NATS_CERT       TLS public certificate
  9.       --tlskey=NATS_KEY         TLS private key
  10.       --tlsca=NATS_CA           TLS certificate authority chain
  11.       --context=CONTEXT         NATS Configuration Context to use for access
  12. ...

You can set these using the CLI flag, the environment variable - like NATS_URL - or using our context feature.

Creating one is easy, just specify the same settings to the nats context save

We passed --select to the one meaning it will be the default when nothing is set.

  1. $ nats rtt
  2. nats://localhost:4222:
  4.    nats://127.0.0.1:4222: 245.115µs
  5.        nats://[::1]:4222: 390.239µs
  7. $ nats rtt --context example
  8. nats://nats.example.net:4222:
  10.    nats://192.0.2.10:4222: 41.560815ms
  11.    nats://192.0.2.11:4222: 41.486609ms
  12.    nats://192.0.2.12:4222: 41.178009ms

The nats context select command can be used to set the default context.

All nats commands are context aware and the nats context command has various commands to view, edit and remove contexts.

Server URLs and Credential paths can be resolved via the nsc command by specifying an URL, for example to find user new within the orders account of the acme operator you can use this: