Overview

By default, when Synadia Control Plane is deployed, it expects to be able to connect to NATS servers directly. This is the most common deployment model since all components are on the same network. However, there are situations when NATS servers are behind a firewall and Control Plane is not able to directly connect to them.

Synadia Private Link is a lightweight agent that can be deployed alongside the NATS cluster in order to initiate an outbound connection to Control Plane. It works by establishing a secure WebSocket connection to Control Plane and then Control Plane-initiated NATS connections are proxied through it to the NATS servers.

Install

Binary

Download from GitHub Releases

OCI Image

An OCI image (Docker/Podman) is available in the Synadia Registry.

docker pull registry.synadia.io/private-link:latest

Use tag latest for latest version or a specific SemVer version, e.g. 1.0.1, for specific release.

Kubernetes

View the Helm Chart documentation on ArtifactHub.

Setup

In order to run Private Link, it requires a token generated from Synadia Control Plane. This token is used to authenticate the connection between Private Link and Control Plane.

Reference

usage: synadia-private-link [<flags>]

Private Link

Global Flags:
  -h, --help               Show context-sensitive help
  -v, --version            Show application version.
      --platform-url="https://cloud.synadia.com"
                           URL for the Synadia Platform (Synadia Control Plane /
                           Synadia Cloud) ($SPL_PLATFORM_URL)
      --nats-url=NATS-URL  URL for NATS Server Connection ($SPL_NATS_URL)
      --token=TOKEN        Synadia Platform Token ($SPL_TOKEN)
      --tlscert=TLSCERT    TLS Certificate ($SPL_TLS_CERT)
      --tlskey=TLSKEY      TLS Key ($SPL_TLS_KEY)
      --tlsca=TLSCA        TLS CA ($SPL_TLS_CA)
      --[no-]insecure      No TLS Validation ($SPL_INSECURE)
  -V, --[no-]verbose       Enable verbose logging