I have deployed NATS using k8 repo https://nats-io.github.io/k8s/helm/charts/.
I have enabled TLS and jetstream in the value.yaml as listed below
config:
cluster:
enabled: true
replicas: 3
port: 6222
jetstream:
enabled: true
fileStore:
pvc:
size: 10Gi
nats:
tls:
enabled: true
merge: {
verify: true,
cert_file: '/mnt/nats-certificate/nats-playground-server.crt',
key_file: '/mnt/nats-certificate/nats-playground-server.key',
ca_file: '/mnt/nats-certificate/rootCA-playground.crt',
timeout: 50
}
podTemplate:
topologySpreadConstraints:
kubernetes.io/hostname:
maxSkew: 1
whenUnsatisfiable: DoNotSchedule
patch:
- op: add
path: /spec/volumes/-
value:
name: nats-certificate-volume
csi:
driver: secrets-store.csi.k8s.io
readOnly: true
volumeAttributes:
secretProviderClass: 'nats-certificate'
service:
merge:
spec:
type: LoadBalancer
# promExporter:
# enabled: true
# podMonitor:
# enabled: true
container:
image:
repository: nats
image: 2.10.11-alpine
patch:
- op: add
path: /volumeMounts/-
value:
name: nats-certificate-volume
mountPath: /mnt/nats-certificate
reloader:
patch:
- op: add
path: /volumeMounts/-
value:
name: nats-certificate-volume
mountPath: /mnt/nats-certificate
Issue is my Nats pod is see TLS handhshake error logs like below:-
TLS handshake error: read tcp 10.244.2.29:4222->10.240.0.8:51404: read: connection reset by peer
10.244.2.29 is my Nats pod Ip and 10.240.0.8 is the node ip in k8. I have not connected any client to my nats server, still I see the TLS handshake error. I'm confused why there is TLS connection being made between the NATS server pod and the k8 node.If so, I'm not sure about how can I resolve the TLS handshake error.