- Operating StreamNative Platform
Configure JWT authentication
You can configure JSON Web Token (JWT) authentication to allow users to connect to a Pulsar cluster and log in to StreamNative Console.
Before you begin
Install the following tools.
Create a Kubernetes cluster, generate a secret key or a private/public key pair, and tokens for installing the Helm chart.
Clone the StreamNative repository.
git clone https://github.com/streamnative/charts.git cd charts
Create required Kubernetes resources.
- Create a Kubernetes namespace for installing the StreamNative Platform release (if
-c
is specified). - Create the JWT secret keys and tokens for four superusers:
broker-admin
,proxy-admin
,pulsar-manager-admin
, andadmin
.broker-admin
: is used for inter-broker communications.proxy-admin
: is used for communications between Pulsar proxies and Pulsar brokers.admin
: is used for accessing thepulsar-admin
CLI tool.pulsar-manager-admin
: is used for accessing the StreamNative Console.
./scripts/pulsar/prepare_helm_release.sh -n <k8s-namespace> -k <pulsar-release-name> -c
By default, this command generates the asymmetric public/private key pair. You can choose to generate a symmetric secret key by specifying
-symmetric
in the command.- Create a Kubernetes namespace for installing the StreamNative Platform release (if
Enable JWT authentication for StreamNative Platform
To enable JWT authentication for StreamNative Platform, you can specify auth.authentication.enabled
, auth.authentication.provider
, and auth.authentication.jwt.enabled
properties in the values.yaml
YAML file.
auth:
authentication:
enabled: true # --- [1]
provider: 'jwt' # --- [2]
jwt:
enabled: true # --- [3]
usingSecretKey: false # --- [4]
- [1]
enabled
: enable or disable authentication on StreamNative Platform. - [2]
provider
: specify the authentication provider. - [3]
jwt.enabled
: enable or disable JWT authentication on StreamNative Platform. - [4]
jwt.usingSecretKey
:- If the token is generated by a secret key (symmetric mode), set the
usingSecretKey
option totrue
. - If the token is generated by a private key (asymmetric mode), set the
usingSecretKey
option tofalse
. This is the default configuration.
- If the token is generated by a secret key (symmetric mode), set the
Enable JWT authentication for StreamNative Console
For details about how to configure logging in to StreamNative Console using JWT, see configure login methods.