1. Operating StreamNative Platform

Configure JWT authentication

You can configure JSON Web Token (JWT) authentication to allow users to connect to a Pulsar cluster and log in to StreamNative Console.

Before you begin

  • Install the following tools.

    • Install kubectl v1.16 or higher.
    • Install Helm v3.0 or higher.
  • Create a Kubernetes cluster, generate a secret key or a private/public key pair, and tokens for installing the Helm chart.

    1. Clone the StreamNative repository.

      git clone https://github.com/streamnative/charts.git
      cd charts
    2. Create required Kubernetes resources.

      • Create a Kubernetes namespace for installing the StreamNative Platform release (if -c is specified).
      • Create the JWT secret keys and tokens for four superusers: broker-admin, proxy-admin, pulsar-manager-admin, and admin.
        • broker-admin: is used for inter-broker communications.
        • proxy-admin: is used for communications between Pulsar proxies and Pulsar brokers.
        • admin: is used for accessing the pulsar-admin CLI tool.
        • pulsar-manager-admin: is used for accessing the StreamNative Console.
      ./scripts/pulsar/prepare_helm_release.sh -n <k8s-namespace> -k <pulsar-release-name> -c

      By default, this command generates the asymmetric public/private key pair. You can choose to generate a symmetric secret key by specifying -symmetric in the command.

Enable JWT authentication for StreamNative Platform

To enable JWT authentication for StreamNative Platform, you can specify auth.authentication.enabled, auth.authentication.provider, and auth.authentication.jwt.enabled properties in the values.yaml YAML file.

    enabled: true # --- [1]
    provider: 'jwt' # --- [2]
      enabled: true # --- [3]
      usingSecretKey: false # --- [4]
  • [1] enabled: enable or disable authentication on StreamNative Platform.
  • [2] provider: specify the authentication provider.
  • [3] jwt.enabled: enable or disable JWT authentication on StreamNative Platform.
  • [4] jwt.usingSecretKey:
    • If the token is generated by a secret key (symmetric mode), set the usingSecretKey option to true.
    • If the token is generated by a private key (asymmetric mode), set the usingSecretKey option to false. This is the default configuration.

Enable JWT authentication for StreamNative Console

For details about how to configure logging in to StreamNative Console using JWT, see configure login methods.