Our team is always working to bring you features to improve your NATS experience. Take a look at the following features in the latest releases of NATS Server and a sneak peek into JetStream! Response Only Permissions NATS Server v2.0.4 For services, the authorization for responding to requests usually included wildcards for _INBOX.> and possibly $GR.> with a supercluster for sending responses. What we really wanted was the ability to allow a service responder to only respond to the reply subject it was sent. Read more...

Dale Bingham of Cingulara is back with part 2 of his article about using NATS to implement Service Mesh functionality. This time, Dale takes on Security. In this post, Dale dives into the introduction of NKeys, JWTs, and the Operator — Account — Users security model. Comparing and contrasting the NATS model with the security model of mainstream service meshes. Read the full article Using NATS To Implement Service Mesh, Part 2: Security . Read more...

Can you use the power and simplicity of NATS to create a service mesh without all the heavy overhead and complexity of current service meshes? Dale Bingham thinks so. Read about how he uses his experience and some of the new features of NATS 2.0 to do just that in part 1 of this 4 part series. Using NATS to Implement Service Mesh Functionality, Part 1: Service Discovery More About the Author Dale Bingham is the CTO of Cingulara. Read more...

Often times, blogs or articles with titles like this one will contain bad news. That isn’t the case here! We’re sharing the results of our security review, and how that bolsters our new security features in the upcoming NATS server 2.0 release, expected in Q2 2019. Security Audit In November of last year, the CNCF sponsored Cure53 to perform a security audit of the NATS server and some of the more popular NATS clients. Read more...

2018 was a banner year for the NATS.io ecosystem! NATS was accepted as a project into the CNCF organization NATS is being used in mission-critical production deployments around the globe and continues to grow And at almost 8 years old, 2018 saw the most features ever added to the project since its inception At the start of 2018, the team set a course to provide additional security options, secure multi-tenancy, and larger network options for NATS to name just a few. Read more...

I think it was during early 2015 when I first heard the term message broker. I was pursuing my masters degree on P2P networking and had to simulate a steady throughput of incoming messages. I wasn’t a geek then - so the workaround was to do an infinite Thread.sleep() loop. Don’t groan - I was just 21. RabbitMQ was my first tryst with the messaging systems lot. I was new to relationships and didn’t have much to compare with, so RabbitMQ seemed just fine. Read more...

REST APIs are nice. Simple. Stateless. Scalable. But to keep client data updated in real time, things get more complicated. Streaming events is easy, but you start having to deal with questions like: Which resources do I need events for? How do I manage sending each client only the events they need? Can I prevent subscription to some events for unauthorized clients? Who keeps state of these event subscriptions? How do I handle lost connections? Read more...

How good is software if you don’t know how to use it? Documentation is needed no matter how simple to follow and easy to use you purport your code to be, and that is especially true with open source software. The NATS Team has worked hard to improve and reorganize our documentation along with newly created code examples across six different client languages that illustrate how to use supported NATS clients. Read more...

Ode to Node-NATS: Ts-NATS - the TypeScript native NATS for Node. On December 23, 2011, Derek Collison gave us node-nats (Node.js v0.06). Node-nats is the second oldest client for NATS; only ruby-nats is older (10/30/2010). Node-nats is arguably one of the most popular NATS clients sporting over 64K monthly downloads. Over the last year or so, we have been getting requests here and there to promisify the library. While on the surface these seem like syntactic sugar, changing node-nats to offer Promise and Async support requires a bit more. Read more...

The latest release of the NATS Operator has alpha support to configure the authorization rules for an operated NATS cluster, via CustomResourceDefinitions , by using Kubernetes ServiceAccounts present in a namespace. In this blog post, we will explain how to use this feature along with details of the internals on how it currently works. Getting started In order to use the ServiceAccounts mapped accounts for an operated NATS cluster, you will need at minimum, a Kubernetes v1. Read more...