Description
NATS FIPS-validated messaging system container providing secure, high-performance cloud native messaging infrastructure. Features FIPS 140-2 compliance, built-in security controls, and enterprise-grade reliability for mission-critical deployments requiring regulatory compliance.
Key Features
Core capabilities and strengths of this container
- FIPS 140-2 validated cryptographic modules
- High-performance message streaming capabilities
- Built-in security controls and authentication
- Enterprise-grade reliability and scalability
Common Use Cases
Typical scenarios where this container excels
- Government and military messaging systems
- Financial services communication infrastructure
- Healthcare data exchange platforms
- Regulated industry deployments
Pull Latest Image
Download the container image from the registry
docker pull clnstrt-images.cleanstart.com/$ORGANIZATION/nats-fips:latestdocker pull clnstrt-images.cleanstart.com/$ORGANIZATION/nats-fips:latest-devBasic Run
Run the container with basic configuration
bashdocker run -d --name nats-fips -p 4222:4222 clnstrt-images.cleanstart.com/$ORGANIZATION/nats-fips:latest
Production Deployment
Deploy with production security settings
bashdocker run -d --name nats-fips-prod \
--read-only \
--security-opt=no-new-privileges \
--user 1000:1000 \
-p 4222:4222 -p 8222:8222 \
-v nats-data:/data \
clnstrt-images.cleanstart.com/$ORGANIZATION/nats-fips:latest
Volume Mount
Mount local directory for persistent data
bashdocker run -d --name nats-fips \
-v $(pwd)/nats-data:/data \
-v $(pwd)/config:/etc/nats \
clnstrt-images.cleanstart.com/$ORGANIZATION/nats-fips:latest
Port Forwarding
Run with custom port mappings
bashdocker run -d --name nats-fips \
-p 4222:4222 \
-p 8222:8222 \
-p 6222:6222 \
clnstrt-images.cleanstart.com/$ORGANIZATION/nats-fips:latest
Environment Variables
Configuration options available through environment variables
- NATS_SERVER_NAME
- Name of the NATS server
nats-fips- NATS_CLUSTER_NAME
- Name of the NATS cluster
nats-cluster- NATS_CLIENT_PORT
- Port for client connections
4222- NATS_MONITORING_PORT
- Port for monitoring interface
8222
Security Best Practices
Recommended security configurations and practices
- Enable TLS for all client connections
- Configure authentication for all users
- Implement proper access control policies
- Regular security audits and updates
- Monitor system logs for security events
- Use secure configuration templates
- Implement network segmentation
- Regular backup of configuration and data
Kubernetes Security Context
Recommended security context for Kubernetes deployments
yamlsecurityContext:
runAsNonRoot: true
runAsUser: 1000
runAsGroup: 1000
readOnlyRootFilesystem: true
allowPrivilegeEscalation: false
capabilities:
drop: ["ALL"]
seccompProfile:
type: RuntimeDefault
Documentation Resources
Essential links and resources for further information