Change default URL to be localhost:4222 unless otherwise defined.

The default use case is:

docker run --rm --network host -it -v /tmp/configs:/configs synadia/nats-server:latest

docker run --rm --network host -it  synadia/nats-box:latest
nats-pub foo bar

With network host, this works right out of the box without any typing. Instead it gets (correctly) an error from NGS.

The security team at my work use artifacthub to assess security vulnerabilities. They noticed some failing scores on nats-box. Link here:
https://artifacthub.io/packages/helm/nats/nats

(click open full report)

It seems like the fixes are to use a newer version of alpine, and use a newer JWT library.

What version were you using?

0.13.8

What environment was the server running in?

Kubernetes

Is this defect reproducible?

Yes

Given the capability you are leveraging, describe your expectation?

Knowing what has changed between 0.13.8 and 0.13.9

Given the expectation, what is the defect you are observing?

Latest tag (and docker image) is 0.13.9
Latest release is 0.13.8

please add nats-bench to nats-box

have to build it myself and copy over

What motivated this proposal?

I was looking for a way to run the nk tool without directly installing it on my computer

What is the proposed change?

Add nk tool to the image

Who benefits from this change?

Anyone that does not have go installed since nk installation seems to require go.

What alternatives have you evaluated?

Installing go on my local computer and then installing the nk tool.

0.6.0:

kubectl run -i --rm --tty nats-box --image=synadia/nats-box:0.6.0 --restart=Never
nats-box:~# stan-pub
Usage: stan-bench [-s server (nats://127.0.0.1:4222)] [-c CLUSTER_ID] [-id CLIENT_ID] [-qgroup QUEUE_GROUP_NAME] [-np NUM_PUBLISHERS] [-ns NUM_SUBSCRIBERS] [-n NUM_MSGS] [-ms MESSAGE_SIZE] [-csv csvfile] [-mpa MAX_NUMBER_OF_PUBLISHED_ACKS_INFLIGHT] [-io] [-sync] [--creds credentials_file] [-cd PATH_TO_CERTS] [-cf CERTIFICATE_FILE] [-ck CERTIFICATE_KEY] [-u USERID] [-pw PASSWORD] <subject>

0.4.0:

kubectl run -i --rm --tty nats-box --image=synadia/nats-box:0.4.0 --restart=Never
nats-box:~# stan-pub

Usage: stan-pub [options] <subject> <message>

Options:
        -s,  --server   <url>            NATS Streaming server URL(s)
        -c,  --cluster  <cluster name>   NATS Streaming cluster name
        -id, --clientid <client ID>      NATS Streaming client ID
        -a,  --async                     Asynchronous publish mode
        -cr, --creds    <credentials>    NATS 2.0 Credentials

What motivated this proposal?

We are moving from docker-hub to Amazon Elastic Container Registry

What is the proposed change?

Could You please upload your images to AWS ECR public repository
I can easily find there nats https://gallery.ecr.aws/docker/library/nats
but I can not find there natsio/* at all

nats-boot-config
nats-box
nats-jetstream
nats-server-config-reloader
prometheus-nats-exporter

Who benefits from this change?

all users: I guess

What alternatives have you evaluated?

No response

Issue

Tried referring to the nats binary without SHELL-ing into the box and it gave me the following error.
docker run --rm natsio/nats-box:latest /usr/local/bin/nats stream add stream_name

Solution

My recommendation is to replace ENTRYPOINT with CMD to allow external commands to overwrite it

nats-rply/req doesn't seem to be honoring the -s flag

docker run --network host -ti synadia/jsm:nightly
             _             _               
 _ __   __ _| |_ ___      | |__   _____  __
| '_ \ / _` | __/ __|_____| '_ \ / _ \ \/ /
| | | | (_| | |_\__ \_____| |_) | (_) >  < 
|_| |_|\__,_|\__|___/     |_.__/ \___/_/\_\
                                           
nats-box v0.3.0
docker-desktop:~# nats-rply -s demo.nats.io hello "hi there!"
nats: no servers available for connection

❯ docker run --network host -ti synadia/jsm:nightly
             _             _               
 _ __   __ _| |_ ___      | |__   _____  __
| '_ \ / _` | __/ __|_____| '_ \ / _ \ \/ /
| | | | (_| | |_\__ \_____| |_) | (_) >  < 
|_| |_|\__,_|\__|___/     |_.__/ \___/_/\_\
                                           
nats-box v0.3.0
docker-desktop:~# nats-req -s demo.nats.io hello ""
nats: no servers available for connection
docker-desktop:~# 

Hello, I've been using eats-streaming on arm64 based cluster and recently I moved to Jetstream, I found that:

✅ NATS supports arm64 without any problems

• nats-config-reloader
• nats-box
• nats-prometheus-exported

All say that the latest tag has arm64 manifest but it's actually not compatible with arm64, I'm getting exec format error on arm64 machine, while NATS works perfectly on exactly the same server.

So that we can connect using self signed certs if needed, base it from curl options like:

nats-sub -cacert ca.crt -cert tls.crt -key tls.key
nats-pub -cacert ca.crt -k # for insecure

if nats-server is configured with username/password authorization how can we use nats-sub/nats-pub utilities?
Running something like nats-pub -s nats://user:pass@nats-server:4222 mysubject returns
on client side: nats: Authorization Violation
on server side:

[6] 2020/07/09 23:29:43.806684 [DBG] 172.1.1.233:46388 - cid:1 - Client connection created
[6] 2020/07/09 23:29:43.807349 [ERR] 172.1.1.233:46388 - cid:1 - authentication error - User ""
[6] 2020/07/09 23:29:43.807368 [DBG] 172.1.1.233:46388 - cid:1 - Client connection closed: Authentication Failure

tested with catnats.py (https://github.com/yuce/catnats) using the same user/pass - was working fine

When nats-box is installed in a kubernetes cluster either via helm or using a basic yaml spec, the default NATS_URL environment variable is generated

    env:
    - name: NATS_URL
      value: nats

As a result, the following are observed

• It is not possible to over-ride the the value of NATS_URL when using nats-box via the -s option eg. nats-box -s nats://some/other/server topic.test hello will still publish to nats
• if the NATS_URL is removed from the yaml spec, it is possible to use the -s option as expected
• the NATS_URL should at least be namespace scoped or even be removed

Slack discussion captured at https://natsio.slack.com/archives/C069GSYFP/p1593703420250700

@wallyqs @ripienaar were involved in the discussion

What version were you using?

nats helm chart 1.1.10

What environment was the server running in?

Kubernetes OpenShift

Is this defect reproducible?

Yes

1. In OpenShift environment with no root policy. When deploying nats helm chart:

 helm upgrade --install my-nats nats/nats --version 1.1.10 --namespace nats

2. In a simpler way, with just docker:

docker run -u 12345 --rm -ti natsio/nats-box:0.14.2 sh -c "id && pwd && cd /root"
uid=12345 gid=0(root) groups=0(root)
/
sh: cd: line 0: can't cd to /root: Permission denied

Given the capability you are leveraging, describe your expectation?

The working dir set in Dockerfile https://github.com/nats-io/nats-box/blob/main/Dockerfile#L54 should not be /root, because in production environment, images are launched as non root. Instead, the working dir should be agnostic of that, by example by setting it to /tmp.

Given the expectation, what is the defect you are observing?

Deployment of nats-box in error. Logs says permission denied for /root.

I use nats str info, and it just print informastions like this:

Configuration:

             Subjects: app.*
     Acknowledgements: true
            Retention: File - Limits
             Replicas: 3
...

How to kown app.* contains how many subjects?

Hello,

Some of NATS.io docs make use of jq to showcase administration & usage examples, however nats-box docker image does not include a jq binary.

docker-desktop:~# nats str info test-stream -j
{
  "config": {
    "name": "test-stream",
    "subjects": [
      "stream-subject-a",
      "stream-subject-b"
    ],
    "retention": "limits",
    "max_consumers": -1,
    "max_msgs_per_subject": -1,
    "max_msgs": -1,
    "max_bytes": -1,
    "max_age": 0,
    "max_msg_size": -1,
    "storage": "memory",
    "discard": "old",
    "num_replicas": 1,
    "duplicate_window": 120000000000
  },
  "created": "2021-10-28T17:01:27.6609806Z",
  "state": {
    "messages": 0,
    "bytes": 0,
    "first_seq": 0,
    "first_ts": "0001-01-01T00:00:00Z",
    "last_seq": 0,
    "last_ts": "0001-01-01T00:00:00Z",
    "consumer_count": 0
  }
}

docker-desktop:~# nats str info test-stream -j | jq .config.subjects
/bin/sh: jq: not found

Could you guys please add jq to the official image?

Running as root can cause security risk and should be avoided if at all possible. Running the image as non-root is considered a best practice.

Related to #30

Hi guys, When I run this command nats stream view to get messages, but I don't know these messages are acked or not. How we can just get messages is unacked?

Hello, I have this as a docker image and I am trying to connect with the provided nats cli to see what streams it has, however I get the following error...

~ # nats stream ls
nats: error: setup failed: nats: Authorization Violation

I do have some accounts setup and I did setup the server with one of the accounts

Hi,

it looks like the stan-bench is missing in the Docker image even though it should be copied (see: https://github.com/nats-io/nats-box/blob/main/Dockerfile#L23 ). Could you confirm it's a bug?

What do you think about including nats-bench as well?

What motivated this proposal?

For IBM Z and LinuxONE

What is the proposed change?

Add support for the s390x architecture

Who benefits from this change?

No response

What alternatives have you evaluated?

No response

Hi Guys,

could you please make a new release? Some function (queue group for example) don't work with this release.