nats-jetstream type

When creating this type of connector, you need to define values for the following settings:

Basic settings tab:

• Name (required)—a unique name for this type of resource. Must contain 1 to 128 Unicode characters.
• Tenant (required)—name of the tenant that owns the resource.
• Type (required)—connector type, nats-jetstream.
• URL (required)—URL that you need to connect to.
• Topic (required)—the topic for NATS messages. Must contain Unicode characters.
• Delimiter is used to specify a character representing the delimiter between events. Available values: \n, \t, \0. If no separator is specified (an empty value is selected), events are not separated.
• Description—resource description: up to 4,000 Unicode characters.

Advanced settings tab:

• Buffer size is used to set a buffer size for the connector. The default value is 16 KB, and the maximum value is 64 KB.
• GroupID—the GroupID parameter for NATS messages. Must contain 1 to 255 Unicode characters. The default value is default.
• Workers—used to set worker count for the connector. The default value is 1.
• Character encoding setting specifies character encoding. The default value is UTF-8.
• Cluster ID is the ID of the NATS cluster.
• TLS mode specifies whether TLS encryption is used:
  • Disabled (default)—do not use TLS encryption.
  • Enabled—use encryption without certificate verification.
  • With verification—use encryption with verification that the certificate was signed with the KUMA root certificate. The root certificate and key of KUMA are created automatically during program installation and are stored on the KUMA Core server in the folder /opt/kaspersky/kuma/core/certificates/.
  • Custom CA—use encryption with verification that the certificate was signed by a Certificate Authority. The secret containing the certificate is selected from the Custom CA drop-down list, which is displayed when this option is selected.

    Creating a certificate signed by a Certificate Authority

    You can create a CA-signed certificate on the KUMA Core server (the following command examples use OpenSSL).

    To create a certificate signed by a Certificate Authority:

    1. Generate a key to be used by the Certificate Authority, for example:

       openssl genrsa -out ca.key 2048

    2. Create a certificate for the generated key, for example:

       openssl req -new -x509 -days 365 -key ca.key -subj "/CN=<common host name of Certificate Authority>" -out ca.crt

    3. Create a private key and a request to have it signed by the Certificate Authority, for example:

       openssl req -newkey rsa:2048 -nodes -keyout server.key -subj "/CN=<common host name of KUMA server>" -out server.csr

    4. Create the certificate signed by the Certificate Authority. You need to include the domain names or IP addresses of the server for which you are creating the certificate in the subjectAltName variable, for example:

       openssl x509 -req -extfile <(printf "subjectAltName=DNS:domain1.ru,DNS:domain2.com,IP:192.168.0.1") -days 365 -in server.csr -CA ca.crt -CAkey ca.key -CAcreateserial -out server.crt

    5. Upload the created server.crt certificate in the KUMA Console to a secret of the certificate type, then in the Custom CA drop-down list, select the secret of the certificate type.

    When using TLS, it is impossible to specify an IP address as a URL.

    To use KUMA certificates on third-party devices, you must change the certificate file extension from CERT to CRT. Otherwise, error x509: certificate signed by unknown authority may be returned.

• Compression—you can use Snappy compression. By default, compression is disabled.
• Debug—a toggle switch that lets you specify whether resource logging must be enabled. By default, this toggle switch is in the Disabled position.

Page top