# Overview This guide will provide step-by-step instructions for configuring the `nats` section of the Embedded Helm Chart's `values.yaml`. The following sections will cover different testing phases such as running NATs Pods, connecting Embedded to NATs, and setting up NATs TLS. # Prerequisites This document assumes you have already generated valid NATs Account objects using the steps described in [NATs Account Initialization](/embedded/bridge/accounts). # First NATs Run The first step of enabling NATs is to get the NATs Pod(s) running. The `nats` section of Embedded's `values.yaml` is structured to allow running the NATs Pod(s) without configuring Embedded to connect to them. This makes it easier to test NATs in isolation before making your Embedded Pod(s) dependent on it. To get started, we'll set the following configuration in `values.yaml`: - `nats.enabled` - `nats.bridgeUserCreds` - `nats.bridgeNkey` - `nats.config.merge.operator` - `nats.statefulSet.name` - `nats.config.cluster.patch[0].value` The following is an example section of `values.yaml` using test values. For the sake of continuity, these examples will use the same sample values as [NATs Account Initialization](/embedded/bridge/accounts). Any configuration options not included below are set to the default values. `values.yaml`: ```yaml nats: # ====================== Custom Synqly NATS values ========================== # (Comment omitted for legibility) enabled: true # (Comment omitted for legibility) # NOTE: We are leaving `connectToNats` set to false so that the Embedded Pods do not try # to connect to NATs until we are sure it's properly configured connectToNats: false # (Comment omitted for legibility) natsURL: # (Comment omitted for legibility) bridgeUserCreds: LS0tLS1CRUdJTiBOQVRTIFVTRVIgSldULS0tLS0KZXlKMGVYQWlPaUpLVjFRaUxDSmhiR2NpT2lKbFpESTFOVEU1TFc1clpYa2lmUS5leUpxZEdraU9pSlBRa1ZPUjFCSVdsbzBSVWhZVUZWS1dUYzFWVEpZVXpORFQwbFVXRk5GUkRZMFMxTkJRek5ZVXpSRVRrOUhRa3MzTjFsUklpd2lhV0YwSWpveE56SXlPVGN4TnpnMExDSnBjM01pT2lKQlFsQlVORVZZTlZwV1ExY3lOMGhRTTFsTVJUTkRWMVJHU0RVeVdFbExOazVXVGxoWFJ6VkpSMW95UlZaUk5sSlpWVE5QUVZOV1JTSXNJbTVoYldVaU9pSnplVzV4YkhraUxDSnpkV0lpT2lKVlExaE9XRlpRUlRkUFdWUlBWRTFhVTB4WVJrRlJSRTlSUXpKQlJ6UllOVWxaUTBrM1FrTlNRalJWVkRWRVdFUTNNMUJLVGtSSlRpSXNJbTVoZEhNaU9uc2ljSFZpSWpwN2ZTd2ljM1ZpSWpwN2ZTd2ljM1ZpY3lJNkxURXNJbVJoZEdFaU9pMHhMQ0p3WVhsc2IyRmtJam90TVN3aWRIbHdaU0k2SW5WelpYSWlMQ0oyWlhKemFXOXVJam95ZlgwLlFVcy1faDNUQXpIWjJWY1VhNERVRXNsWF91OGlNOFhUSTY5ZjZxd251VGh4T2luamdoNE5YbjNRNlVTalYwdVFHQi1ORmFjdE9CT05sNUxZTjhFREF3Ci0tLS0tLUVORCBOQVRTIFVTRVIgSldULS0tLS0tCgoqKioqKioqKioqKioqKioqKioqKioqKioqIElNUE9SVEFOVCAqKioqKioqKioqKioqKioqKioqKioqKioqCk5LRVkgU2VlZCBwcmludGVkIGJlbG93IGNhbiBiZSB1c2VkIHRvIHNpZ24gYW5kIHByb3ZlIGlkZW50aXR5LgpOS0VZcyBhcmUgc2Vuc2l0aXZlIGFuZCBzaG91bGQgYmUgdHJlYXRlZCBhcyBzZWNyZXRzLgoKLS0tLS1CRUdJTiBVU0VSIE5LRVkgU0VFRC0tLS0tClNVQUFWWEVCU1NBUTdaWFZNMjZIWEJXU0U3QlFKNVNOQ1BCQkpOR0ZEQkZFQlNKNjRWQzJXM0RNU1kKLS0tLS0tRU5EIFVTRVIgTktFWSBTRUVELS0tLS0tCgoqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqCg== # (Comment omitted for legibility) bridgeNkey: QUJQVDRFWDVaVkNXMjdIUDNZTEUzQ1dURkg1MlhJSzZOVk5YV0c1SUdaMkVWUTZSWVUzT0FTVkUKU0FBUENKRTYyU0JNUEY2VjY0TTc0NldVUTdWRk5QRkdHR09KRUxNVFA3STNJUkNXT0lUTTRONUxPSQ== # ========================= Nats Helm Chart values ========================== # (Comment omitted for legibility) config: # (Comment omitted for legibility) merge: # (Comment omitted for legibility) operator: eyJ0eXAiOiJKV1QiLCJhbGciOiJlZDI1NTE5LW5rZXkifQ.eyJqdGkiOiJNREZDUU5VUjNSWDRVSklCVEdVMlRBSjdHSlVSUTNKWDdWRktaTjZRNDc0T0xDTkc3V1dRIiwiaWF0IjoxNzIyOTcxNzg0LCJpc3MiOiJPRFNMTElHSUNFREEyN0ZJWUZHQVBSVU5ESVZWU0pNQTZBTUs1VjRaVUtLSlo1QU9UVUtGR1ZIWSIsIm5hbWUiOiJzeW5xbHkiLCJzdWIiOiJPRFNMTElHSUNFREEyN0ZJWUZHQVBSVU5ESVZWU0pNQTZBTUs1VjRaVUtLSlo1QU9UVUtGR1ZIWSIsIm5hdHMiOnsib3BlcmF0b3Jfc2VydmljZV91cmxzIjpbIm5hdHM6Ly9sb2NhbGhvc3Q6NDIyMiJdLCJzeXN0ZW1fYWNjb3VudCI6IkFBNFhIU1cySkI3NjJNVEczWkNSMjVTQkNQVjdSSE5PNUVLWVRaUEg2Q1RONU4zSkw1WkJISUFMIiwidHlwZSI6Im9wZXJhdG9yIiwidmVyc2lvbiI6Mn19.F_1hNZeMVX_1kqt7OGI4uaw6jJ5DVcY1D-6d2lts-NJJDlGQHQq8jVHrlWpLjAKZHR7Y_WFhWGpygiTLFnnYBQ system_account: AA4XHSW2JB762MTG3ZCR25SBCPV7RHNO5EKYTZPH6CTN5N3JL5ZBHIAL resolver: MEM resolver_preload: AA4XHSW2JB762MTG3ZCR25SBCPV7RHNO5EKYTZPH6CTN5N3JL5ZBHIAL: eyJ0eXAiOiJKV1QiLCJhbGciOiJlZDI1NTE5LW5rZXkifQ.eyJqdGkiOiI1UlkzRlFJNkNGVUtZVFFOQ1BFTUpBRlhUWjcyWElUMkNJTlE2R01YQjZOUlFaUlVWRTJRIiwiaWF0IjoxNzIyOTcxNzg0LCJpc3MiOiJPRFNMTElHSUNFREEyN0ZJWUZHQVBSVU5ESVZWU0pNQTZBTUs1VjRaVUtLSlo1QU9UVUtGR1ZIWSIsIm5hbWUiOiJTWVMiLCJzdWIiOiJBQTRYSFNXMkpCNzYyTVRHM1pDUjI1U0JDUFY3UkhOTzVFS1lUWlBINkNUTjVOM0pMNVpCSElBTCIsIm5hdHMiOnsiZXhwb3J0cyI6W3sibmFtZSI6ImFjY291bnQtbW9uaXRvcmluZy1zdHJlYW1zIiwic3ViamVjdCI6IiRTWVMuQUNDT1VOVC4qLlx1MDAzZSIsInR5cGUiOiJzdHJlYW0iLCJhY2NvdW50X3Rva2VuX3Bvc2l0aW9uIjozLCJkZXNjcmlwdGlvbiI6IkFjY291bnQgc3BlY2lmaWMgbW9uaXRvcmluZyBzdHJlYW0iLCJpbmZvX3VybCI6Imh0dHBzOi8vZG9jcy5uYXRzLmlvL25hdHMtc2VydmVyL2NvbmZpZ3VyYXRpb24vc3lzX2FjY291bnRzIn0seyJuYW1lIjoiYWNjb3VudC1tb25pdG9yaW5nLXNlcnZpY2VzIiwic3ViamVjdCI6IiRTWVMuUkVRLkFDQ09VTlQuKi4qIiwidHlwZSI6InNlcnZpY2UiLCJyZXNwb25zZV90eXBlIjoiU3RyZWFtIiwiYWNjb3VudF90b2tlbl9wb3NpdGlvbiI6NCwiZGVzY3JpcHRpb24iOiJSZXF1ZXN0IGFjY291bnQgc3BlY2lmaWMgbW9uaXRvcmluZyBzZXJ2aWNlcyBmb3I6IFNVQlNaLCBDT05OWiwgTEVBRlosIEpTWiBhbmQgSU5GTyIsImluZm9fdXJsIjoiaHR0cHM6Ly9kb2NzLm5hdHMuaW8vbmF0cy1zZXJ2ZXIvY29uZmlndXJhdGlvbi9zeXNfYWNjb3VudHMifV0sImxpbWl0cyI6eyJzdWJzIjotMSwiZGF0YSI6LTEsInBheWxvYWQiOi0xLCJpbXBvcnRzIjotMSwiZXhwb3J0cyI6LTEsIndpbGRjYXJkcyI6dHJ1ZSwiY29ubiI6LTEsImxlYWYiOi0xfSwic2lnbmluZ19rZXlzIjpbIkFCWk1BQjVIN0lDSldMU1hCTkdUQ05aRlRYSTU1M1FCQ1gzWUU1TUhGNzZNWkRFM1BGR0syQUxUIl0sImRlZmF1bHRfcGVybWlzc2lvbnMiOnsicHViIjp7fSwic3ViIjp7fX0sImF1dGhvcml6YXRpb24iOnt9LCJ0eXBlIjoiYWNjb3VudCIsInZlcnNpb24iOjJ9fQ.xrWGVRyiJNcstIxVwkTYF0UIr7_M3qMoAbMnrDTNygG9XF3gLK59ykNBaV6B__C92BHzRooIlzVPlwJKFi59CQ ABPT4EX5ZVCW27HP3YLE3CWTFH52XIK6NVNXWG5IGZ2EVQ6RYU3OASVE: eyJ0eXAiOiJKV1QiLCJhbGciOiJlZDI1NTE5LW5rZXkifQ.eyJqdGkiOiI3MzJWUDJFV0RSNE42UDZaNUlLSlZLM0FURFZQSDZSMkFaUVlPVU5VQ0kzR003Wkk3UUlRIiwiaWF0IjoxNzIyOTcxNzg0LCJpc3MiOiJPRFNMTElHSUNFREEyN0ZJWUZHQVBSVU5ESVZWU0pNQTZBTUs1VjRaVUtLSlo1QU9UVUtGR1ZIWSIsIm5hbWUiOiJzeW5xbHkiLCJzdWIiOiJBQlBUNEVYNVpWQ1cyN0hQM1lMRTNDV1RGSDUyWElLNk5WTlhXRzVJR1oyRVZRNlJZVTNPQVNWRSIsIm5hdHMiOnsibGltaXRzIjp7InN1YnMiOi0xLCJkYXRhIjotMSwicGF5bG9hZCI6LTEsImltcG9ydHMiOi0xLCJleHBvcnRzIjotMSwid2lsZGNhcmRzIjp0cnVlLCJjb25uIjotMSwibGVhZiI6LTF9LCJkZWZhdWx0X3Blcm1pc3Npb25zIjp7InB1YiI6e30sInN1YiI6e319LCJhdXRob3JpemF0aW9uIjp7fSwidHlwZSI6ImFjY291bnQiLCJ2ZXJzaW9uIjoyfX0.8i0qBOEixTDuxoU5sdAorZUOQlGdIDGtK2DNzl-z-uxJRESi5aHjAvhJkwOXF6Hx9mNRzSQ0CmGAEQW4nBXKAA # (Comment omitted for legibility) statefulSet: name: acme-synqly-nats # (Comment omitted for legibility) cluster: enabled: true # (Comment omitted for legibility) replicas: 3 # (Comment omitted for legibility) patch: - op: replace path: /name value: acme-synqly-nats ... # (Comment omitted for legibility) statefulSet: # (Comment omitted for legibility) name: acme-synqly-nats-us-west ``` Once the new `values.yaml` are deployed via `helm install`, the NATs Pods should start in the target Embedded namespace. Validate that the Pods are healthy and their `state` is Running: ```bash kubectl get pods ``` ```bash acme-synqly-nats-us-west-0 2/2 Running 0 10m acme-synqly-nats-us-west-1 2/2 Running 0 10m acme-synqly-nats-us-west-2 2/2 Running 0 10m ``` If you check the logs of one of the Pods, it should show initial server startup logs. It's normal for there to be several errors while all the Pods come up, but the errors should stop once all Pods are running: ```bash kubectl logs -f acme-synqly-nats-us-west-0 Defaulted container "nats" out of: nats, reloader [7] 2026/01/28 20:30:54.839306 [INF] Starting nats-server [7] 2026/01/28 20:30:54.839336 [INF] Version: 2.10.21 [7] 2026/01/28 20:30:54.839339 [INF] Git: [d3a8868] [7] 2026/01/28 20:30:54.839342 [INF] Cluster: acme-synqly-nats [7] 2026/01/28 20:30:54.839344 [INF] Name: acme-synqly-nats-us-west-0 [7] 2026/01/28 20:30:54.839346 [INF] ID: NBFM7X3ZC62MVHNI7ZPF7IKYG65TLTF6HKUNRIQMRRT6P5OGPWQGUQI4 [7] 2026/01/28 20:30:54.839355 [INF] Using configuration file: /etc/nats-config/nats.conf [7] 2026/01/28 20:30:54.839357 [INF] Trusted Operators [7] 2026/01/28 20:30:54.839359 [INF] System : "" [7] 2026/01/28 20:30:54.839361 [INF] Operator: "synqly" [7] 2026/01/28 20:30:54.839364 [INF] Issued : 2026-01-21 21:35:40 +0000 UTC [7] 2026/01/28 20:30:54.839387 [INF] Expires : Never [7] 2026/01/28 20:30:54.840026 [INF] Listening for client connections on 0.0.0.0:4222 [7] 2026/01/28 20:30:54.840167 [INF] Server is ready [7] 2026/01/28 20:30:54.840221 [INF] Cluster name is acme-synqly-nats [7] 2026/01/28 20:30:54.840258 [INF] Listening for route connections on 0.0.0.0:6222 [7] 2026/01/28 20:30:54.854720 [ERR] Error trying to connect to route (attempt 1): lookup for host "acme-synqly-nats-us-west-0.synqly-embedded-nats-headless": lookup acme-synqly-nats-us-west-0.synqly-embedded-nats-headless on 10.0.0.10:53: no such host [7] 2026/01/28 20:30:54.854892 [ERR] Error trying to connect to route (attempt 1): lookup for host "acme-synqly-nats-us-west-0.synqly-embedded-nats-headless": lookup acme-synqly-nats-us-west-0.synqly-embedded-nats-headless on 10.0.0.10:53: no such host [7] 2026/01/28 20:30:54.862992 [ERR] Error trying to connect to route (attempt 1): lookup for host "acme-synqly-nats-us-west-2.synqly-embedded-nats-headless": lookup acme-synqly-nats-us-west-2.synqly-embedded-nats-headless on 10.0.0.10:53: no such host [7] 2026/01/28 20:30:54.882545 [ERR] Error trying to connect to route (attempt 1): lookup for host "acme-synqly-nats-us-west-1.synqly-embedded-nats-headless": lookup acme-synqly-nats-us-west-1.synqly-embedded-nats-headless on 10.0.0.10:53: no such host [7] 2026/01/28 20:30:54.896234 [ERR] Error trying to connect to route (attempt 1): lookup for host "acme-synqly-nats-us-west-2.synqly-embedded-nats-headless": lookup acme-synqly-nats-us-west-2.synqly-embedded-nats-headless on 10.0.0.10:53: no such host [7] 2026/01/28 20:30:54.945990 [ERR] Error trying to connect to route (attempt 1): lookup for host "acme-synqly-nats-us-west-1.synqly-embedded-nats-headless": lookup acme-synqly-nats-us-west-1.synqly-embedded-nats-headless on 10.0.0.10:53: no such host [7] 2026/01/28 20:30:55.948504 [INF] 10.244.14.33:6222 - rid:5 - Route connection created [7] 2026/01/28 20:30:55.997008 [INF] 10.244.14.33:6222 - rid:6 - Route connection created [7] 2026/01/28 20:30:56.108178 [ERR] Error trying to connect to route (attempt 1): lookup for host "acme-synqly-nats-us-west-1.synqly-embedded-nats-headless": lookup acme-synqly-nats-us-west-1.synqly-embedded-nats-headless on 10.0.0.10:53: no such host [7] 2026/01/28 20:30:58.906047 [INF] 10.244.14.33:6222 - rid:7 - Route connection created [7] 2026/01/28 20:31:05.158339 [INF] 10.244.14.33:6222 - rid:8 - Route connection created [7] 2026/01/28 20:31:07.723402 [INF] 10.244.3.42:6222 - rid:10 - Route connection created [7] 2026/01/28 20:31:07.723657 [INF] 10.244.3.42:6222 - rid:9 - Route connection created [7] 2026/01/28 20:31:07.811982 [INF] 10.244.3.42:6222 - rid:11 - Route connection created [7] 2026/01/28 20:31:07.829256 [INF] 10.244.3.42:6222 - rid:12 - Route connection created [7] 2026/01/28 20:31:25.005723 [INF] 10.244.3.42:6222 - rid:13 - Route connection created [7] 2026/01/28 20:31:25.006167 [INF] 10.244.3.42:6222 - rid:13 - Router connection closed: Duplicate Route [7] 2026/01/28 20:31:25.155408 [INF] 10.244.3.42:6222 - rid:14 - Route connection created [7] 2026/01/28 20:31:25.155855 [INF] 10.244.3.42:6222 - rid:14 - Router connection closed: Duplicate Route [7] 2026/01/28 20:31:25.373620 [INF] 10.244.14.33:36224 - rid:15 - Route connection created [7] 2026/01/28 20:31:25.373871 [INF] 10.244.14.33:36224 - rid:15 - Router connection closed: Duplicate Route [7] 2026/01/28 20:31:25.376095 [INF] 10.244.14.33:36232 - rid:16 - Route connection created [7] 2026/01/28 20:31:25.376667 [INF] 10.244.14.33:36232 - rid:16 - Router connection closed: Client Closed [7] 2026/01/28 20:31:25.822841 [INF] 10.244.3.42:42504 - rid:17 - Route connection created [7] 2026/01/28 20:31:25.823218 [INF] 10.244.3.42:42504 - rid:17 - Router connection closed: Duplicate Route [7] 2026/01/28 20:31:25.841441 [INF] 10.244.3.42:42518 - rid:18 - Route connection created [7] 2026/01/28 20:31:25.841852 [INF] 10.244.3.42:42518 - rid:18 - Router connection closed: Client Closed ``` # Configure Public DNS for NATs Next, we'll configure a public DNS entry for NATs so that it is reachable by both Embedded and Bridge agents. To do so, we'll set `nats.service.merge.spec.type` to `LoadBalancer`, converting the internal-only IP for the Kubernetes Service to a cloud-based LB with an external IP. ```yaml nats: ... service: ... merge: ... # (Comment omitted for legibility) spec: type: LoadBalancer ``` After another `helm install`, the Kubernetes Service generated by NATs, `synqly-embedded-nats`, should have `type: Loadbalancer` and an external IP. ```bash kubectl get services ``` ```bash NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE connect-ui ClusterIP 10.0.111.26 3000/TCP 158d embedded ClusterIP 10.0.234.90 8000/TCP,9000/TCP 158d loadtest ClusterIP 10.0.181.74 9006/TCP 158d management-ui ClusterIP 10.0.11.100 3000/TCP 158d synqly-embedded-nats LoadBalancer 10.0.140.22 20.69.173.119 4222:31220/TCP 3h52m synqly-embedded-nats-headless ClusterIP None 4222/TCP,6222/TCP 3h52m ``` In your DNS provider, create a DNS A record pointing to the external-ip listed in Kubernetes. This example will use `acme-embedded-bridge-us-west.synqly.com`. Verify that the DNS record has propagated with the correct IP value, then configure `nats.natsURL` in `values.yaml`: ```yaml nats: ... # (Comment omitted for legibility) # NOTE: We use the `nats://` protocol here to connect to NATs via an unencrypted connection. Once # we have configured TLS, we'll switch the URL to `tls://` natsURL: "nats://acme-embedded-bridge-us-west.synqly.com" ``` # Connect Embedded to NATs Now that NATs has a valid URL and the Pods are running, it's safe to connect Embedded to NATs. Configure `nats.connectToNats` to set Embedded to connect to your NATs instance: ```yaml nats: ... # (Comment omitted for legibility) connectToNats: true ``` Run `helm install` and wait for the `embedded` Pod to redeploy. The new Pod should now have the NATs URL listed in the `--bridge-server-address` CLI flag: ```bash kubectl describe pod embedded-65c66df9fd-sjrkg ``` ```yaml ... --bridge-account-nkey-file /nats-nkey/account.nk --bridge-creds /nats-creds/bridge.creds --bridge-server-address nats://acme-embedded-bridge-us-west.synqly.com:4222 ``` Check the `embedded` Pod logs using the following command. There should be a line containing the phrase "Connecting to nats with servers". If there are no error messages in the logs immediately after, then Embedded succesfully connected to NATs: ```bash kubectl logs embedded-65c66df9fd-sjrkg ``` ```bash {"level":"info","time":"2026-01-28T21:18:12.298Z","message":"engine pods: http://0.0.0.0:9001, http://."} {"level":"info","time":"2026-01-28T21:18:12.298Z","message":"Connecting to nats with servers: [nats://acme-embedded-bridge-us-west.synqly.com:4222]"} {"level":"info","address":"0.0.0.0:9000","time":"2026-01-28T21:18:12.361Z","message":"starting management"} {"level":"info","time":"2026-01-28T21:18:12.613Z","message":"status pods: [http://0.0.0.0:9002], http://."} ``` # Configure NATs TLS Next, we'll configure NATs to require TLS encryption for all client communications. Uncomment the `nats.config.nats.tls` section in `values.yaml`. Per the included comment, `nats.config.nats.tls.secretName` must be set to a Kubernetes TLS secret containing a valid `tls.crt` and `tls.key` for your `nats.natsURL`. ```yaml nats: config: ... # (Optional) TLS configuration for nats server. Uncomment to enable TLS. nats: tls: # When set to true, NATs will attempt to reference a pre-existing # Kubernetes Secret containing a TLS certificate and key. The secret must # have the following format as described in # https://kubernetes.io/docs/concepts/services-networking/ingress/#tls # # data: # tls.crt: base64 encoded cert # tls.key: base64 encoded key # type: kubernetes.io/tls enabled: true secretName: tls-k8s-secret-name merge: timeout: 50 ``` Also update `nats.natURL` to use `tls://` as the protocol scheme ```yaml nats: ... # (Comment omitted for legibility) # NOTE: We use the `nats://` protocol here to connect to NATs via an unencrypted connection. Once # we have configured TLS, we'll switch the URL to `tls://` natsURL: "tls://acme-embedded-bridge-us-west.synqly.com" ``` Once these changes are deployed through `helm install`, the `nats` pods should log "TLS required for client connections": ```bash kubectl logs acme-synqly-nats-us-west-0 ``` ```bash Defaulted container "nats" out of: nats, reloader [7] 2026/01/29 18:03:03.796612 [INF] Starting nats-server [7] 2026/01/29 18:03:03.796666 [INF] Version: 2.10.21 [7] 2026/01/29 18:03:03.796670 [INF] Git: [d3a8868] [7] 2026/01/29 18:03:03.796673 [INF] Cluster: acme-synqly-nats [7] 2026/01/29 18:03:03.796677 [INF] Name: acme-synqly-nats-us-west-0 [7] 2026/01/29 18:03:03.796680 [INF] ID: NBWMOSRE75FJSOCWOPA7OMNJ2AWKJE7NH5SGYTELSORY3JZLWNPH6DCH [7] 2026/01/29 18:03:03.796686 [INF] Using configuration file: /etc/nats-config/nats.conf [7] 2026/01/29 18:03:03.796689 [INF] Trusted Operators [7] 2026/01/29 18:03:03.796692 [INF] System : "" [7] 2026/01/29 18:03:03.796695 [INF] Operator: "synqly" [7] 2026/01/29 18:03:03.796698 [INF] Issued : 2026-01-21 21:35:40 +0000 UTC [7] 2026/01/29 18:03:03.796735 [INF] Expires : Never [7] 2026/01/29 18:03:03.797613 [INF] Listening for client connections on 0.0.0.0:4222 [7] 2026/01/29 18:03:03.797623 [INF] TLS required for client connections [7] 2026/01/29 18:03:03.797795 [INF] Server is ready [7] 2026/01/29 18:03:03.797850 [INF] Cluster name is acme-synqly-nats [7] 2026/01/29 18:03:03.797899 [INF] Listening for route connections on 0.0.0.0:6222 ``` Embedded will also log the `tls://` connection without errors: ```bash kubectl logs embedded-6875f699c4-twxzh ``` ```bash {"level":"error","time":"2026-01-29T18:08:09.662Z","message":"no loadtest organization"} {"level":"info","time":"2026-01-29T18:08:09.737Z","message":"engine pods: http://0.0.0.0:9001, http://."} {"level":"info","time":"2026-01-29T18:08:09.737Z","message":"Connecting to nats with servers: [tls://acme-embedded-bridge-us-west.synqly.com:4222]"} {"level":"info","address":"0.0.0.0:9000","time":"2026-01-29T18:08:09.76Z","message":"starting management"} {"level":"info","time":"2026-01-29T18:08:10.013Z","message":"status pods: [http://0.0.0.0:9002], http://."} {"level":"info","address":"0.0.0.0:9001","time":"2026-01-29T18:08:10.013Z","message":"starting engine"} ``` The NATs setup is now complete! When you work with your end users to configure bridge, make sure that they use the `nats.natsURL` value as their `--bridge-server-address`, i.e. ```bash docker run -v $(pwd):/creds quay.io/synqly/bridge --bridge-creds=/creds/$BRIDGE_NAME.creds --bridge-id=$BRIDGE_ID --bridge-server-address=tls://:4222 ``` For more information on configuring Bridge, please refer to [Synqly Bridge Overview](/bridge/agent-setup).