NatsAccountRule YAML Specification
The NatsAccountRule kind defines the NATS account-level policy: connection and JetStream limits, imports/exports, and publish/subscribe allow/deny. Applications reference it via spec.natsConfig.natsRule to assign NATS account access. Microservices then use NatsUserRule names for user-level permissions within that account.
Example
apiVersion: datasance.com/v3
kind: NatsAccountRule
metadata:
name: test-export
spec:
description: Orders account
maxConnections: -1
maxSubscriptions: -1
exportsAllowWildcards: true
memStorage: -1
diskStorage: -1
streams: -1
consumer: -1
exports:
- name: orders-stream
subject: foo.>
type: stream
description: Orders event stream
Main fields
| Field | Description |
|---|---|
metadata.name | Unique name. Use this in Application spec.natsConfig.natsRule. |
spec.description | Optional description. |
spec.maxConnections, spec.maxSubscriptions | Limits (-1 = unlimited). |
spec.exports, spec.imports | Stream or service exports/imports for multi-account NATS. |
spec.memStorage, spec.diskStorage, spec.streams, spec.consumer | JetStream limits. |
spec.pubAllow, spec.pubDeny, spec.subAllow, spec.subDeny | Subject allow/deny lists. |
Deploy with potctl deploy -f nats-account-rule.yaml. For all fields, predefined rules, and REST API, see Security – NATS Account Rule.
See anything wrong with the document? Help us improve it!