Nubus for Kubernetes - Operation Manual 1.x

Use external NATS message queue

6.1.4. Use external NATS message queue#

Nubus for Kubernetes allows configuring your own instance of NATS for message queuing, instead of the built-in NATS. This section describes how you need to prepare your existing NATS deployment, and how you configure Nubus for Kubernetes to connect and access your existing NATS.

To connect your external NATS deployment, you need to follow the steps in the given order:

  1. Prepare the existing NATS deployment for Nubus for Kubernetes.

  2. Configure the connection to the existing NATS deployment in Nubus for Kubernetes.

  3. Configure the secrets to connect to the existing NATS deployment.

See also

Message queues as architectural piece in Nubus

in Univention Nubus for Kubernetes - Architecture Manual [2] for information about application components using message queues through NATS.

6.1.4.1. Prepare the existing NATS deployment#

Before Nubus for Kubernetes can use your existing NATS deployment, you need to ensure the following aspects:

  • Create a user in NATS for each of the following services:

    • UDM Listener

    • Provisioning Service:

      • API

      • Dispatcher

      • Prefill

      • UDM Transformer

  • Give each user the permission to publish and subscribe on any subject.

See also

See the following content in The official NATS documentation [4]:

Username / Password | NATS Docs

for information about user creation in NATS.

Authorization | NATS Docs

for information about assigning permissions to users in NATS.

6.1.4.2. Configure the connection#

To connect Nubus for Kubernetes to your existing NATS deployment, you need to go through the following steps. Before you continue, ensure you Prepare the existing NATS deployment.

  1. Deactivate the usage of the Nubus internal NATS in the Provisioning Service.

    Add the configuration in Listing 6.9 to your custom_values.yaml values file.

    Listing 6.9 Deactivate using the Nubus internal NATS in the Provisioning Service#
    nubusProvisioning:
  nats:
    enabled: false

  2. Configure the connection to the existing NATS.

    Add the configuration in Listing 6.10 to your custom_values.yaml values file and adjust the values to your environment.

    Listing 6.10 Configure the connection to an existing NATS deployment#
    nubusProvisioning:
  nats:
    connection:
      host: "queue.example.com"
      port: "4222"
nubusUdmListener:
   nats:
     connection:
       host: "queue.example.com"
       port: "4222"

6.1.4.3. Configure the secrets#

To finish using an existing NATS deployment, you need to provide the secrets to the components in Nubus using NATS. You can either define custom secrets or use existing secrets. For more information about secrets handling, see Secrets in Nubus for Kubernetes.

Before you continue, ensure you Configure the connection.

Add the secrets configuration for your existing NATS deployment to your custom_values.yaml values file. You need to pick either one of the following options.

Custom credential configuration

Use the example in Listing 6.11, if you want to provide custom credentials.

Listing 6.11 Configure custom credentials for your own NATS deployment#
nubusProvisioning:
  api:
    nats:
      auth:
        password: "<some-password-value-for-provisioning-api>"
  dispatcher:
    nats:
      auth:
        password: "<some-password-value-for-provisioning-dispatcher>"
  prefill:
    nats:
      auth:
        password: "<some-password-value-for-provisioning-prefill>"
  udmTransformer:
    nats:
      auth:
        password: "<some-password-value-for-provisioning-udm-transformer>"
  nubusUdmListener:
    nats:
      auth:
        password: "<some-password-value-for-provisioning-udm-listener>"
Kubernetes secrets for credential configuration

Use the example in Listing 6.12, if you want to use existing Kubernetes Secrets.

Listing 6.12 Configure the existing Kubernetes secrets for using your own NATS deployment#
nubusProvisioning:
  api:
    nats:
      auth:
        existingSecret:
          name: "<name-to-secret-object-for-api>"
          keyMapping:
            provisioningApiPassword: "<custom-secret-key-name-if-needed>"
  dispatcher:
    nats:
      auth:
        existingSecret:
          name: "<name-to-secret-object-for-dispatcher>"
          keyMapping:
            dispatcherPassword: "<custom-secret-key-name-if-needed>"
  prefill:
    nats:
      auth:
        existingSecret:
          name: "<name-to-secret-object-for-prefill>"
          keyMapping:
            prefillPassword: "<custom-secret-key-name-if-needed>"
  udmTransformer:
    nats:
      auth:
        existingSecret:
          name: "<name-to-secret-object-for-udm-transformer>"
          keyMapping:
            udmTransformerPassword: "<custom-secret-key-name-if-needed>"
  nubusUdmListener:
    nats:
      auth:
        credentialSecret:
          name: "<name-to-secret-object-for-udm-listener>"
          key: "<custom-secret-key-name-if-needed>"

6.1.4.4. Apply the configuration#

To finally apply the configuration, you need to go through the following steps:

  1. To apply the configuration, follow the steps in Apply configuration.

  2. Delete all the Kubernetes pods where the configuration changes the secrets.

On this page