Configure StreamNative Console
The StreamNative Console is a web-based tool for configuring and managing Apache Pulsar. You can check your environments and associated clusters, as well as configure and manage instances, tenants, namespaces, and topics.
This document provides the items to be configured for StreamNative Console before deploying StreamNative Platform.
Configure login methods
This section describes how to configure different methods for logging in to StreamNative Console.
This table lists the items to be configured when you want to log in to StreamNative Console using a username.
| Item | Description | Default value |
|---|---|---|
DEFAULT_ORGANIZATION | The organization name. Does not support special characters (such as periods (.), slashes (/), dollar signs ($) etc.). If you do not specify the organization name, a default organization (streamnative) is created. | streamnative |
INSTANCE_NAME | The instance name. It starts with a lowercase letter, contains any combination of lowercase letters (a-z), numbers (0-9), and hyphens (-), and must be 4-10 characters. If you do not specify the instance name, a default instance (pulsar) is created. | pulsar |
GLOBAL_RESOURCE_READ_ONLY | Enable or disable the read-only mode for StreamNative Console. If it is enabled, you can only check resources using StreamNative Console. | false |
INIT_DEFAULT_ENVIRONMENT | Configure whether to initiate the default organization and Pulsar cluster. If it is set to true, the default organization (streamnative) and Pulsar cluster (your-release-name) are available for use. | false |
BACKEND_DEFAULT_SUPER_USER_ROLE | The Super Admin of the StreamNative Console. When JWT authentication is enabled, you need to set it to pulsar-manager-admin or admin. | admin |
This table lists the items to be configured when you want to log in to StreamNative Console using a username.
| Item | Description | Default value |
|---|---|---|
DEFAULT_ORGANIZATION | The organization name. Does not support special characters (such as periods (.), slashes (/), dollar signs ($) etc.). If you do not specify the organization name, a default organization (streamnative) is created. | streamnative |
INSTANCE_NAME | The instance name. It starts with a lowercase letter, contains any combination of lowercase letters (a-z), numbers (0-9), and hyphens (-), and must be 4-10 characters. If you do not specify the instance name, a default instance (pulsar) is created. | pulsar |
GLOBAL_RESOURCE_READ_ONLY | Enable or disable the read-only mode for StreamNative Console. If it is enabled, you can only check resources using StreamNative Console. | false |
INIT_DEFAULT_ENVIRONMENT | Configure whether to initiate the default organization and Pulsar cluster. If it is set to true, the default organization (streamnative) and Pulsar cluster (your-release-name) are available for use. | false |
BACKEND_DEFAULT_SUPER_USER_ROLE | The Super Admin of the StreamNative Console. When JWT authentication is enabled, you need to set it to pulsar-manager-admin or admin. | admin |
This table lists the items to be configured when you want to log in to StreamNative Console using a Google account.
| Item | Description | Default value |
|---|---|---|
DEFAULT_ORGANIZATION | The organization name. Does not support special characters (such as periods (.), slashes (/), dollar signs ($) etc.). If you do not specify the organization name, a default organization (streamnative) is created. | streamnative |
INSTANCE_NAME | The instance name. It starts with a lowercase letter, contains any combination of lowercase letters (a-z), numbers (0-9), and hyphens (-), and must be 4-10 characters. If you do not specify the instance name, a default instance (pulsar) is created. | pulsar |
GLOBAL_RESOURCE_READ_ONLY | Enable or disable the read-only mode for StreamNative Console. If it is enabled, you can only check resources using StreamNative Console. | false |
| GOOGLE_CLIENT_ID | The client ID for your application. For details about how to create the Google OAuth client ID, see create authorization credentials. | N/A |
| GOOGLE_CLIENT_SECRET | The client secret for your application. | N/A |
| GOOGLE_RESTRICT_DOMAIN_SUFFIXES_NAME | The domain name restriction. If it is set, only the domain names that meet this rule can log in to the StreamNative Console. | N/A |
| GOOGLE_REDIRECT_URI | The address to which the API server redirects the user after the user completes the authorization flow. | N/A |
| REDIRECT_SCHEME | The redirect scheme. Each URI begins with a scheme name that refers to a specification for assigning identifiers within that scheme. For example, if the front-end domain is http://frontend-host:9527, then the REDIRECT_SCHEME is http. | N/A |
| REDIRECT_HOST | The host of the redirect URI. For example, if the front-end domain is http://frontend-host:9527, then the REDIRECT_HOST is frontend-host. | N/A |
| REDIRECT_PORT | The port ID of the redirect URI. For example, if the front-end domain is http://frontend-host:9527, then the REDIRECT_PORT is 9527. | N/A |
This table lists the items to be configured when you want to log in to StreamNative Console using a Microsoft account.
| Item | Description | Default value |
|---|---|---|
DEFAULT_ORGANIZATION | The organization name. Does not support special characters (such as periods (.), slashes (/), dollar signs ($) etc.). If you do not specify the organization name, a default organization (streamnative) is created. | streamnative |
INSTANCE_NAME | The instance name. Does not support special characters (such as periods (.), slashes (/), dollar signs ($) etc.). If you do not specify the instance name, a default instance (pulsar) is created. | pulsar |
GLOBAL_RESOURCE_READ_ONLY | Enable or disable the read-only mode for StreamNative Console. If it is enabled, you can only check resources using StreamNative Console. | false |
| AZURE_CLIENT_ID | The client (application) ID of an App registered in the tenant. For details about how to create an Azure OAuth client ID, see register App or Web API. | N/A |
| AZURE_CLIENT_SECRET | The client secret that is generated for the registered App. | N/A |
| AZURE_TENANT_ID | The Azure Active Directory (Azure AD) tenant (directory) ID. | N/A |
| AZURE_RESTRICT_DOMAIN_SUFFIXES_NAME | The domain name restriction. If it is set, only the domain names that meet this rule can log in to the StreamNative Console. | N/A |
| AZURE_REDIRECT_URI | The address to which the API server redirects the user after the user completes the authorization flow. | N/A |
| REDIRECT_SCHEME | The redirect scheme. Each URI begins with a scheme name that refers to a specification for assigning identifiers within that scheme. For example, if the front-end domain is http://frontend-host:9527, then the REDIRECT_SCHEME is http. | N/A |
| REDIRECT_HOST | The host of the redirect URI. For example, if the front-end domain is http://frontend-host:9527, then the REDIRECT_HOST is frontend-host. | N/A |
| REDIRECT_PORT | The port ID of the redirect URI. For example, if the front-end domain is http://frontend-host:9527, then the REDIRECT_PORT is 9527. | N/A |
This table lists the items to be configured when you want to log in to StreamNative Console using Okta.
| Item | Description | Default value |
|---|---|---|
DEFAULT_ORGANIZATION | The organization name. Does not support special characters (such as periods (.), slashes (/), dollar signs ($) etc.). If you do not specify the organization name, a default organization (streamnative) is created. | streamnative |
INSTANCE_NAME | The instance name. It starts with a lowercase letter, contains any combination of lowercase letters (a-z), numbers (0-9), and hyphens (-), and must be 4-10 characters. If you do not specify the instance name, a default instance (pulsar) is created. | pulsar |
GLOBAL_RESOURCE_READ_ONLY | Enable or disable the read-only mode for StreamNative Console. If it is enabled, you can only check resources using StreamNative Console. | false |
| OKTA_DOMAIN | The Okta domain for your application. For details about how to create the Okta domain, see find your Okta domain. | N/A |
| OKTA_CLIENT_ID | The client ID for your application. For details about how to create the Okta OAuth client ID, see find your application credentials. | N/A |
| OKTA_CLIENT_SECRET | The client secret for your application. | N/A |
| OKTA_REDIRECT_URI | The address to which the API server redirects the user after the user completes the authorization flow. | N/A |
| OKTA_RESTRICT_DOMAIN_SUFFIXES_NAME | The domain name restriction. If it is set, only the domain names that meet this rule can log in to the StreamNative Console. | N/A |
| REDIRECT_SCHEME | The redirect scheme. Each URI begins with a scheme name that refers to a specification for assigning identifiers within that scheme. For example, if the front-end domain is http://frontend-host:9527, then the REDIRECT_SCHEME is http. | N/A |
| REDIRECT_HOST | The host of the redirect URI. For example, if the front-end domain is http://frontend-host:9527, then the REDIRECT_HOST is frontend-host. | N/A |
| REDIRECT_PORT | The port ID of the redirect URI. For example, if the front-end domain is http://frontend-host:9527, then the REDIRECT_PORT is 9527. | N/A |
This table lists the items to be configured when you want to log in to StreamNative Console using JWT.
| Item | Description | Default value |
|---|---|---|
DEFAULT_ENVIRONMENT_NAME | The name of the default Pulsar cluster. Does not support special characters (such as periods (.), slashes (/), dollar signs ($) etc.). | pulsar |
DEFAULT_ENVIRONMENT_SERVICE_URL | The service URL of the default Pulsar cluster. | N/A |
BACKEND_DEFAULT_SUPER_USER_ROLE | The superuser role that accesses the default Pulsar cluster. If you want to use a custom service account to access the Pulsar cluster, see customize a service account. | pulsar-manager-admin |
| login.pulsarJwt.config.AUTHENTICATION_CUSTOM_CLAIM | The custom authentication claim on users. | sub |
| login.pulsarJwt.config.SERVICE_ACCOUNT_SUPER_TOKEN_SECRET | The Secret for the super service account. | N/A |
| login.pulsarJwt.config.JWT_BROKER_TOKEN_MODE | The mode to enable JWT authentication on a Pulsar cluster. | SECRET |
| login.pulsarJwt.config.JWT_BROKER_PUBLIC_PRIVATE_KEY | A pair of keys to generate and validate tokens in an asymmetric algorithm. You can use Private key to generate tokens. You can use Public key to validate tokens. | N/A |
| login.pulsarJwt.config.JWT_BROKER_SECRET_KEY | A single Secret key to generate and validate tokens in a symmetric algorithm. | N/A |
Forward Grafana requests
StreamNative Platform supports forwarding Grafana requests using StreamNative Console. Therefore, you can directly log in to Grafana after you log in to StreamNative Console. Configure the Grafana property of the StreamNative Console in the values.yaml YAML file as follows, and update the resource.
- [1]
GRAFANA_AUTH_PROXY: configure whether to enable Auth Proxy for StreamNative Console. If enabled, StreamNative Console can forward Grafana requests. By default, it is set tofalse. - [2]
GRAFANA_AUTH_PROXY_USER: configure the user who accesses Grafana through StreamNative Console. By default, it is set topulsar.
Enable the connector page
StreamNative Platform supports multiple Pulsar IO connectors to import data into or export data out of Pulsar topics. You can set the CONNECTOR_ENABLED option of the StreamNative Console in the values.yaml YAML file to configure whether to display the connector page on the StreamNative Console. By default, the connector page displays on the StreamNative Console.
Customize the username and password
For security reasons, the custom username and password are disabled by default. It is recommended to execute the following command to automatically generate the password.
When vault-based authentication is enabled, you can log in to StreamNative Console using a username and a password. By default, an admin user is created for StreamNative Console. You can configure the specific username and password in the values.yaml YAML file and then update the resource, as shown below.
Customize a service account
By default, when JWT authentication is enabled, you can access your Pulsar cluster using the pulsar-manager-admin role. StreamNative Platform also allows you to use a custom service account with Super Admin privilege to access your Pulsar cluster and then create tenants, namespaces, or topics.
After creating a service account with Super Admin privilege through StreamNative Console, you need to add the service account to the superuser list of the Pulsar broker, Pulsar proxy, and StreamNative Console in the auth.superUsers section and to the streamnative_console.configData.BACKEND_DEFAULT_SUPER_USER_ROLE parameter in the values.yaml YAML file, and then update the resource.
The following example shows how to configure a service account (named sa-super) with the Super Admin privilege to access your Pulsar cluster.
Configure StreamNative Console
The StreamNative Console is a web-based tool for configuring and managing Apache Pulsar. You can check your environments and associated clusters, as well as configure and manage instances, tenants, namespaces, and topics.
This document provides the items to be configured for StreamNative Console before deploying StreamNative Platform.
Configure login methods
This section describes how to configure different methods for logging in to StreamNative Console.
This table lists the items to be configured when you want to log in to StreamNative Console using a username.
| Item | Description | Default value |
|---|---|---|
DEFAULT_ORGANIZATION | The organization name. Does not support special characters (such as periods (.), slashes (/), dollar signs ($) etc.). If you do not specify the organization name, a default organization (streamnative) is created. | streamnative |
INSTANCE_NAME | The instance name. It starts with a lowercase letter, contains any combination of lowercase letters (a-z), numbers (0-9), and hyphens (-), and must be 4-10 characters. If you do not specify the instance name, a default instance (pulsar) is created. | pulsar |
GLOBAL_RESOURCE_READ_ONLY | Enable or disable the read-only mode for StreamNative Console. If it is enabled, you can only check resources using StreamNative Console. | false |
INIT_DEFAULT_ENVIRONMENT | Configure whether to initiate the default organization and Pulsar cluster. If it is set to true, the default organization (streamnative) and Pulsar cluster (your-release-name) are available for use. | false |
BACKEND_DEFAULT_SUPER_USER_ROLE | The Super Admin of the StreamNative Console. When JWT authentication is enabled, you need to set it to pulsar-manager-admin or admin. | admin |
This table lists the items to be configured when you want to log in to StreamNative Console using a username.
| Item | Description | Default value |
|---|---|---|
DEFAULT_ORGANIZATION | The organization name. Does not support special characters (such as periods (.), slashes (/), dollar signs ($) etc.). If you do not specify the organization name, a default organization (streamnative) is created. | streamnative |
INSTANCE_NAME | The instance name. It starts with a lowercase letter, contains any combination of lowercase letters (a-z), numbers (0-9), and hyphens (-), and must be 4-10 characters. If you do not specify the instance name, a default instance (pulsar) is created. | pulsar |
GLOBAL_RESOURCE_READ_ONLY | Enable or disable the read-only mode for StreamNative Console. If it is enabled, you can only check resources using StreamNative Console. | false |
INIT_DEFAULT_ENVIRONMENT | Configure whether to initiate the default organization and Pulsar cluster. If it is set to true, the default organization (streamnative) and Pulsar cluster (your-release-name) are available for use. | false |
BACKEND_DEFAULT_SUPER_USER_ROLE | The Super Admin of the StreamNative Console. When JWT authentication is enabled, you need to set it to pulsar-manager-admin or admin. | admin |
This table lists the items to be configured when you want to log in to StreamNative Console using a Google account.
| Item | Description | Default value |
|---|---|---|
DEFAULT_ORGANIZATION | The organization name. Does not support special characters (such as periods (.), slashes (/), dollar signs ($) etc.). If you do not specify the organization name, a default organization (streamnative) is created. | streamnative |
INSTANCE_NAME | The instance name. It starts with a lowercase letter, contains any combination of lowercase letters (a-z), numbers (0-9), and hyphens (-), and must be 4-10 characters. If you do not specify the instance name, a default instance (pulsar) is created. | pulsar |
GLOBAL_RESOURCE_READ_ONLY | Enable or disable the read-only mode for StreamNative Console. If it is enabled, you can only check resources using StreamNative Console. | false |
| GOOGLE_CLIENT_ID | The client ID for your application. For details about how to create the Google OAuth client ID, see create authorization credentials. | N/A |
| GOOGLE_CLIENT_SECRET | The client secret for your application. | N/A |
| GOOGLE_RESTRICT_DOMAIN_SUFFIXES_NAME | The domain name restriction. If it is set, only the domain names that meet this rule can log in to the StreamNative Console. | N/A |
| GOOGLE_REDIRECT_URI | The address to which the API server redirects the user after the user completes the authorization flow. | N/A |
| REDIRECT_SCHEME | The redirect scheme. Each URI begins with a scheme name that refers to a specification for assigning identifiers within that scheme. For example, if the front-end domain is http://frontend-host:9527, then the REDIRECT_SCHEME is http. | N/A |
| REDIRECT_HOST | The host of the redirect URI. For example, if the front-end domain is http://frontend-host:9527, then the REDIRECT_HOST is frontend-host. | N/A |
| REDIRECT_PORT | The port ID of the redirect URI. For example, if the front-end domain is http://frontend-host:9527, then the REDIRECT_PORT is 9527. | N/A |
This table lists the items to be configured when you want to log in to StreamNative Console using a Microsoft account.
| Item | Description | Default value |
|---|---|---|
DEFAULT_ORGANIZATION | The organization name. Does not support special characters (such as periods (.), slashes (/), dollar signs ($) etc.). If you do not specify the organization name, a default organization (streamnative) is created. | streamnative |
INSTANCE_NAME | The instance name. Does not support special characters (such as periods (.), slashes (/), dollar signs ($) etc.). If you do not specify the instance name, a default instance (pulsar) is created. | pulsar |
GLOBAL_RESOURCE_READ_ONLY | Enable or disable the read-only mode for StreamNative Console. If it is enabled, you can only check resources using StreamNative Console. | false |
| AZURE_CLIENT_ID | The client (application) ID of an App registered in the tenant. For details about how to create an Azure OAuth client ID, see register App or Web API. | N/A |
| AZURE_CLIENT_SECRET | The client secret that is generated for the registered App. | N/A |
| AZURE_TENANT_ID | The Azure Active Directory (Azure AD) tenant (directory) ID. | N/A |
| AZURE_RESTRICT_DOMAIN_SUFFIXES_NAME | The domain name restriction. If it is set, only the domain names that meet this rule can log in to the StreamNative Console. | N/A |
| AZURE_REDIRECT_URI | The address to which the API server redirects the user after the user completes the authorization flow. | N/A |
| REDIRECT_SCHEME | The redirect scheme. Each URI begins with a scheme name that refers to a specification for assigning identifiers within that scheme. For example, if the front-end domain is http://frontend-host:9527, then the REDIRECT_SCHEME is http. | N/A |
| REDIRECT_HOST | The host of the redirect URI. For example, if the front-end domain is http://frontend-host:9527, then the REDIRECT_HOST is frontend-host. | N/A |
| REDIRECT_PORT | The port ID of the redirect URI. For example, if the front-end domain is http://frontend-host:9527, then the REDIRECT_PORT is 9527. | N/A |
This table lists the items to be configured when you want to log in to StreamNative Console using Okta.
| Item | Description | Default value |
|---|---|---|
DEFAULT_ORGANIZATION | The organization name. Does not support special characters (such as periods (.), slashes (/), dollar signs ($) etc.). If you do not specify the organization name, a default organization (streamnative) is created. | streamnative |
INSTANCE_NAME | The instance name. It starts with a lowercase letter, contains any combination of lowercase letters (a-z), numbers (0-9), and hyphens (-), and must be 4-10 characters. If you do not specify the instance name, a default instance (pulsar) is created. | pulsar |
GLOBAL_RESOURCE_READ_ONLY | Enable or disable the read-only mode for StreamNative Console. If it is enabled, you can only check resources using StreamNative Console. | false |
| OKTA_DOMAIN | The Okta domain for your application. For details about how to create the Okta domain, see find your Okta domain. | N/A |
| OKTA_CLIENT_ID | The client ID for your application. For details about how to create the Okta OAuth client ID, see find your application credentials. | N/A |
| OKTA_CLIENT_SECRET | The client secret for your application. | N/A |
| OKTA_REDIRECT_URI | The address to which the API server redirects the user after the user completes the authorization flow. | N/A |
| OKTA_RESTRICT_DOMAIN_SUFFIXES_NAME | The domain name restriction. If it is set, only the domain names that meet this rule can log in to the StreamNative Console. | N/A |
| REDIRECT_SCHEME | The redirect scheme. Each URI begins with a scheme name that refers to a specification for assigning identifiers within that scheme. For example, if the front-end domain is http://frontend-host:9527, then the REDIRECT_SCHEME is http. | N/A |
| REDIRECT_HOST | The host of the redirect URI. For example, if the front-end domain is http://frontend-host:9527, then the REDIRECT_HOST is frontend-host. | N/A |
| REDIRECT_PORT | The port ID of the redirect URI. For example, if the front-end domain is http://frontend-host:9527, then the REDIRECT_PORT is 9527. | N/A |
This table lists the items to be configured when you want to log in to StreamNative Console using JWT.
| Item | Description | Default value |
|---|---|---|
DEFAULT_ENVIRONMENT_NAME | The name of the default Pulsar cluster. Does not support special characters (such as periods (.), slashes (/), dollar signs ($) etc.). | pulsar |
DEFAULT_ENVIRONMENT_SERVICE_URL | The service URL of the default Pulsar cluster. | N/A |
BACKEND_DEFAULT_SUPER_USER_ROLE | The superuser role that accesses the default Pulsar cluster. If you want to use a custom service account to access the Pulsar cluster, see customize a service account. | pulsar-manager-admin |
| login.pulsarJwt.config.AUTHENTICATION_CUSTOM_CLAIM | The custom authentication claim on users. | sub |
| login.pulsarJwt.config.SERVICE_ACCOUNT_SUPER_TOKEN_SECRET | The Secret for the super service account. | N/A |
| login.pulsarJwt.config.JWT_BROKER_TOKEN_MODE | The mode to enable JWT authentication on a Pulsar cluster. | SECRET |
| login.pulsarJwt.config.JWT_BROKER_PUBLIC_PRIVATE_KEY | A pair of keys to generate and validate tokens in an asymmetric algorithm. You can use Private key to generate tokens. You can use Public key to validate tokens. | N/A |
| login.pulsarJwt.config.JWT_BROKER_SECRET_KEY | A single Secret key to generate and validate tokens in a symmetric algorithm. | N/A |
Forward Grafana requests
StreamNative Platform supports forwarding Grafana requests using StreamNative Console. Therefore, you can directly log in to Grafana after you log in to StreamNative Console. Configure the Grafana property of the StreamNative Console in the values.yaml YAML file as follows, and update the resource.
- [1]
GRAFANA_AUTH_PROXY: configure whether to enable Auth Proxy for StreamNative Console. If enabled, StreamNative Console can forward Grafana requests. By default, it is set tofalse. - [2]
GRAFANA_AUTH_PROXY_USER: configure the user who accesses Grafana through StreamNative Console. By default, it is set topulsar.
Enable the connector page
StreamNative Platform supports multiple Pulsar IO connectors to import data into or export data out of Pulsar topics. You can set the CONNECTOR_ENABLED option of the StreamNative Console in the values.yaml YAML file to configure whether to display the connector page on the StreamNative Console. By default, the connector page displays on the StreamNative Console.
Customize the username and password
For security reasons, the custom username and password are disabled by default. It is recommended to execute the following command to automatically generate the password.
When vault-based authentication is enabled, you can log in to StreamNative Console using a username and a password. By default, an admin user is created for StreamNative Console. You can configure the specific username and password in the values.yaml YAML file and then update the resource, as shown below.
Customize a service account
By default, when JWT authentication is enabled, you can access your Pulsar cluster using the pulsar-manager-admin role. StreamNative Platform also allows you to use a custom service account with Super Admin privilege to access your Pulsar cluster and then create tenants, namespaces, or topics.
After creating a service account with Super Admin privilege through StreamNative Console, you need to add the service account to the superuser list of the Pulsar broker, Pulsar proxy, and StreamNative Console in the auth.superUsers section and to the streamnative_console.configData.BACKEND_DEFAULT_SUPER_USER_ROLE parameter in the values.yaml YAML file, and then update the resource.
The following example shows how to configure a service account (named sa-super) with the Super Admin privilege to access your Pulsar cluster.