Work with organizations
An organization is a team account configured perfectly for your use case on the cloud provider of your choice.
Currently, snctl does not support creating organizations. You can create an organization through StreamNative Cloud Console. For details about how to create an organization, see create an organization.
After you have created an organization through StreamNative Cloud Console, you can use the snctl config set --organization command to set your default organization.
With the organization option, you need to use the random string for the organization name, not the descriptive name. You can find the random string on the Dashboard, next to the organization’s descriptive name. For an example, see organizations. Work with instances
In this section, we named the organization matrix for an example.
Create an instance
A Pulsar instance is a group of clusters that acts together as a single unit.
To create an instance through snctl, follow these steps.
-
Define an instance named
neo by using a manifest file and save the manifest file instance-neo.yaml.
-
This example shows how to create an instance on Google Cloud.
apiVersion: cloud.streamnative.io/v1alpha1
kind: PulsarInstance
metadata:
namespace: matrix
name: neo
spec:
availabilityMode: zonal
poolRef:
namespace: streamnative
name: shared
-
This example shows how to create an instance on AWS.
apiVersion: cloud.streamnative.io/v1alpha1
kind: PulsarInstance
metadata:
namespace: matrix
name: neo
spec:
availabilityMode: zonal
poolRef:
namespace: streamnative
name: shared-aws
The following table lists fields in the manifest file.
| Field | Description |
|---|
| apiVersion | Specify the version of Pulsar API server. |
| kind | Specify the component to be created. |
-
Apply the manifest file to create the instance.
snctl apply -f /path/to/instance-neo.yaml
-
Check whether the instance is created successfully. This example shows whether the instance is successfully created on AWS.
snctl describe pulsarinstance neo
Name: neo
Namespace: matrix
Labels: <none>
Annotations: <none>
API Version: cloud.streamnative.io/v1alpha1
Kind: PulsarInstance
Metadata:
Creation Timestamp: 2020-08-11T07:37:49Z
Finalizers:
pulsarinstance.finalizers.cloud.streamnative.io
Generation: 1
Resource Version: 367947
Self Link: /apis/cloud.streamnative.io/v1alpha1/namespaces/matrix/pulsarinstances/neo
UID: 53f2958d-c7c9-4628-9290-a34e36cdca3b
Spec:
Availability Mode: zonal
poolRef:
namespace: streamnative
name: shared-aws
Status:
Auth:
oauth2:
Audience: urn:sn:pulsar:test:test
Issuer URL: https://auth.streamnative.cloud
Type: oauth2
Conditions:
Last Transition Time: 2020-08-11T07:38:00Z
Status: True
Type: SubscriptionReady
Last Transition Time: 2020-08-11T07:37:51Z
Reason: Created
Status: True
Type: ResourceServerReady
Last Transition Time: 2020-08-11T07:37:51Z
Reason: Created
Status: True
Type: ServiceAccountReady
Last Transition Time: 2020-08-11T07:38:01Z
Reason: AllConditionStatusTrue
Status: True
Type: Ready
Events: <none>
status and type parameters for items under Conditions are set to true and ready. This means that the instance neo is created successfully.
In addition, you can use the snctl create pulsarinstance PULSAR_INSTANCE_NAME command to create an instance. For details, see snctl reference.
Check the instance
You can use the following command to list all created instances.
Output
NAME CREATED AT
instance-test 2020-08-13T14:14:43Z
neo 2020-08-11T07:37:49Z
test-orga-a 2020-08-12T05:32:33Z
Check instance details
Before checking details about an instance, you should use the following command to confirm whether the target instance is available.
Then, you can use the following command to check details about a specific instance.
snctl describe pulsarinstance PULSAR_INSTANCE_NAME
neo.
snctl describe pulsarinstance neo
Name: neo
Namespace: matrix
Labels: <none>
Annotations: <none>
API Version: cloud.streamnative.io/v1alpha1
Kind: PulsarInstance
Metadata:
Creation Timestamp: 2020-08-11T07:37:49Z
Finalizers:
pulsarinstance.finalizers.cloud.streamnative.io
Generation: 1
Resource Version: 367947
Self Link: /apis/cloud.streamnative.io/v1alpha1/namespaces/matrix/pulsarinstances/neo
UID: 53f2958d-c7c9-4628-9290-a34e36cdca3b
Spec:
Availability Mode: zonal
Status:
Auth:
oauth2:
Audience: urn:sn:pulsar:test:test
Issuer URL: https://auth.streamnative.cloud
Type: oauth2
Conditions:
Last Transition Time: 2020-08-11T07:38:00Z
Status: True
Type: SubscriptionReady
Last Transition Time: 2020-08-11T07:37:51Z
Reason: Created
Status: True
Type: ResourceServerReady
Last Transition Time: 2020-08-11T07:37:51Z
Reason: Created
Status: True
Type: ServiceAccountReady
Last Transition Time: 2020-08-11T07:38:01Z
Reason: AllConditionStatusTrue
Status: True
Type: Ready
Events: <none>
Delete an instance
You can use the following command to delete a specific instance based on the instance name.
snctl delete pulsarinstance PULSAR_INSTANCE_NAME
snctl delete -f ./instance-neo.yaml
Work with clusters
A cluster is a secure messaging environment within Pulsar. Each Pulsar cluster consists a set of 3 components in a geographical location.
- Pulsar brokers - set of brokers handling all the data going in and out of Pulsar (or client requests)
- Metadata storage - providing coordination and service discovery between services
- Bookie ensemble - set of bookies that retain copies of the messages
A cluster has two layers: a stateless serving layer (made up of brokers) and a stateful storage layer (made up of bookies). See also Pulsar Architecture and Design.
In StreamNative Console, you can create one and only one cluster for an instance.
matrix.
Create a cluster
To create a cluster, follow these steps.
-
Define a cluster named
neo-1 by using a manifest file and save the manifest file clusterneo1.yaml.
apiVersion: cloud.streamnative.io/v1alpha1
kind: PulsarCluster
metadata:
namespace: matrix
name: neo-1
spec:
instanceName: neo
location: us-east4
bookkeeper:
replicas: 3
resourceSpec:
nodeType: tiny-1
broker:
replicas: 1
resourceSpec:
nodeType: tiny-1
config:
custom:
backlogQuotaDefaultLimitBytes: '1000000000'
websocketEnabled: true
| Field | Description |
|---|
| apiVersion | Specify the version of Pulsar API server. |
| kind | Specify the component to be created. |
-
Apply the manifest file to create the cluster.
snctl apply -f /path/to/clusterneo1.yaml
-
Check whether the cluster is created successfully.
snctl describe pulsarcluster neo-1
Name: neo-1
Namespace: matrix
Labels: <none>
Annotations: kubectl.kubernetes.io/last-applied-configuration:
{"apiVersion":"cloud.streamnative.io/v1alpha1","kind":"PulsarCluster","metadata":{"annotations":{},"name":"neo-1","namespace":"matrix"},...
API Version: cloud.streamnative.io/v1alpha1
Kind: PulsarCluster
Metadata:
Creation Timestamp: 2021-10-12T01:49:30Z
Finalizers:
pulsarcluster.finalizers.cloud.streamnative.io
Generation: 1
Managed Fields:
API Version: cloud.streamnative.io/v1alpha1
Fields Type: FieldsV1
fieldsV1:
f:metadata:
f:annotations:
.:
f:kubectl.kubernetes.io/last-applied-configuration:
f:spec:
f:bookkeeper:
.:
f:replicas:
f:resourceSpec:
.:
f:nodeType:
f:broker:
f:replicas:
f:resourceSpec:
.:
f:nodeType:
f:config:
.:
f:custom:
.:
f:backlogQuotaDefaultLimitBytes:
f:websocketEnabled:
f:instanceName:
f:location:
Manager: Go-http-client
Operation: Update
Time: 2021-10-12T01:49:29Z
API Version: cloud.streamnative.io/v1alpha1
Fields Type: FieldsV1
fieldsV1:
f:metadata:
f:finalizers:
.:
v:"pulsarcluster.finalizers.cloud.streamnative.io":
Manager: controller-manager
Operation: Update
Time: 2021-10-12T01:49:30Z
Resource Version: 11761383
Self Link: /apis/cloud.streamnative.io/v1alpha1/namespaces/matrix/pulsarclusters/neo-1
UID: b1409658-e9f5-4056-9dae-0d484b230607
Spec:
Bookkeeper:
Image: gcr.io/affable-ray-226821/pulsar-cloud:2.8.0.9
Replicas: 3
Resource Spec:
Node Type: tiny-1
Broker:
Image: gcr.io/affable-ray-226821/pulsar-cloud:2.8.0.9
Replicas: 1
Resource Spec:
Node Type: tiny-1
Config:
Custom:
Backlog Quota Default Limit Bytes: 1000000000
Websocket Enabled: true
Instance Name: ins-2
Location: us-east4
Pool Member Ref:
Name: us-east4
Namespace: streamnative
Service Endpoints:
Dns Name: neo-1.matrix.sn2.dev
Type: service
Dns Name: neo-1.matrix.us-east4.streamnative.g.sn2.dev
Status:
Events: <none>
Check the cluster
You can use the following command to list all created clusters.
Output
NAME CREATED AT
cluster-test 2020-08-14T01:48:46Z
neo-1 2021-10-12T01:49:29Z
test11 2020-08-12T13:24:19Z
Check cluster details
Before checking the details about a cluster, you should use the following command to confirm whether the target cluster is available.
Then, you can use the following command to check details about a specific cluster.
snctl describe pulsarcluster <cluster_name>
neo-1.
snctl describe pulsarcluster neo-1
Name: neo-1
Namespace: matrix
Labels: <none>
Annotations: kubectl.kubernetes.io/last-applied-configuration:
{"apiVersion":"cloud.streamnative.io/v1alpha1","kind":"PulsarCluster","metadata":{"annotations":{},"name":"neo-1","namespace":"matrix"},...
API Version: cloud.streamnative.io/v1alpha1
Kind: PulsarCluster
Metadata:
Creation Timestamp: 2021-10-12T01:49:30Z
Finalizers:
pulsarcluster.finalizers.cloud.streamnative.io
Generation: 1
Managed Fields:
API Version: cloud.streamnative.io/v1alpha1
Fields Type: FieldsV1
fieldsV1:
f:metadata:
f:annotations:
.:
f:kubectl.kubernetes.io/last-applied-configuration:
f:spec:
f:bookkeeper:
.:
f:replicas:
f:resourceSpec:
.:
f:nodeType:
f:broker:
f:replicas:
f:resourceSpec:
.:
f:nodeType:
f:config:
.:
f:custom:
.:
f:backlogQuotaDefaultLimitBytes:
f:websocketEnabled:
f:instanceName:
f:location:
Manager: Go-http-client
Operation: Update
Time: 2021-10-12T01:49:29Z
API Version: cloud.streamnative.io/v1alpha1
Fields Type: FieldsV1
fieldsV1:
f:metadata:
f:finalizers:
.:
v:"pulsarcluster.finalizers.cloud.streamnative.io":
Manager: controller-manager
Operation: Update
Time: 2021-10-12T01:49:30Z
Resource Version: 11761383
Self Link: /apis/cloud.streamnative.io/v1alpha1/namespaces/matrix/pulsarclusters/neo-1
UID: b1409658-e9f5-4056-9dae-0d484b230607
Spec:
Bookkeeper:
Image: gcr.io/affable-ray-226821/pulsar-cloud:2.8.0.9
Replicas: 3
Resource Spec:
Node Type: tiny-1
Broker:
Image: gcr.io/affable-ray-226821/pulsar-cloud:2.8.0.9
Replicas: 1
Resource Spec:
Node Type: tiny-1
Config:
Custom:
Backlog Quota Default Limit Bytes: 1000000000
Websocket Enabled: true
Instance Name: ins-2
Location: us-east4
Pool Member Ref:
Name: us-east4
Namespace: streamnative
Service Endpoints:
Dns Name: neo-1.matrix.sn2.dev
Type: service
Dns Name: neo-1.matrix.us-east4.streamnative.g.sn2.dev
Status:
Events: <none>
Interact with Clusters using Service Context
Starting from snctl version v1.0.0, the Service Context feature provides a streamlined way to interact directly with your Pulsar clusters (using both Pulsar and Kafka protocols) without needing to manually specify connection details for every command.
A Service Context stores the necessary service URL and authentication information for connecting to a specific cluster. snctl typically automatically discovers your StreamNative Cloud Pulsar clusters after you log in (snctl auth login) and makes them available as contexts.
1. Viewing and Switching Contexts
You usually don’t need to manually create contexts for your cloud clusters. To see which context is currently active and switch between available contexts:
-
Check the current active context:
snctl context current-context
# Assumes 'neo-1' was the last used or default context
neo-1
-
Switch to a different context (e.g., your cluster named
neo-1):
# Replace 'neo-1' with your actual cluster name if different
snctl context use neo-1
Context "neo-1" set as current context.
pulsar and kafka commands will target the neo-1 cluster.
(Note: For managing contexts related to external, non-StreamNative Cloud clusters, see commands like snctl context add-external-context, snctl context list-external-context, etc.)
2. Using pulsar and kafka Commands with the Active Context
Once a context is active, you can run pulsar and kafka commands directly:
-
Produce a message to a topic using the Pulsar protocol:
# Assumes 'neo-1' context is active
# Replace my-tenant/my-namespace/my-topic with your actual topic path
snctl pulsar client produce my-tenant/my-namespace/my-topic --message "Hello from snctl context!"
<organization_name> with your actual organization name if not set as default)
-
List Pulsar tenants using the admin API:
# Assumes 'neo-1' context is active
snctl pulsar admin tenants list
-
Consume messages from a topic using the Kafka protocol (requires KoP enabled on the cluster):
# Assumes 'neo-1' context is active
# Replace my-kafka-topic with your actual topic name
snctl kafka client consume my-kafka-topic --group my-consumer-group --from-beginning
-
List Kafka topics using the admin API (requires KoP):
# Assumes 'neo-1' context is active
snctl kafka admin topics list
3. Running Commands as a Specific Service Account
Sometimes you need to perform actions as a specific service account rather than your logged-in user. snctl allows this using flags, and it will verify your user has permission to impersonate the specified service account.
-
Run a command using a named service account (
--as-service-account):
# List namespaces as 'my-automation-sa', checking user permission first
snctl pulsar admin namespaces list --as-service-account my-automation-sa
-
Interactively choose a service account to run as (
--use-service-account):
This will prompt you to select from service accounts your user is allowed to impersonate.
# Interactively select an authorized SA to list Kafka consumer groups
snctl kafka admin groups list --use-service-account
Using Service Contexts simplifies interactions with your clusters directly through snctl, making it a more powerful and unified tool.
Add clusters to the Pulsar configuration file
This section describes how to add a cluster to the Pulsar client configuration file by defining a context for that cluster. Then, you can access the cluster using the pulsarctl CLI tool.
-
Add a cluster to the Pulsar client configuration file.
This example adds a
neo-1 cluster to the Pulsar client configuration file.
Input
snctl x update-pulsar-config --cluster-name <neo-1>
Updated Pulsar client configuration for context 'neo-1'.
-
Verify that the current context has been changed.
Input
pulsarctl context current
Then, you can use the pulsarctl CLI tool to interact with the target cluster. For details, see Connect to cluster through pulsarctl and perform other operations.
Delete a cluster
You cannot delete a cluster if there are resources associated with the cluster.
snctl delete pulsarcluster <cluster_name>
snctl delete -f ./clusterneo1.yaml
Work with service accounts
In this section, the organization has the name matrix as an example name.
Create a service account
To create a service account through snctl, follow these steps.
-
Define a service account resource named
bot by using a manifest file and save the manifest file sa-bot.yaml.
apiVersion: cloud.streamnative.io/v1alpha1
kind: ServiceAccount
metadata:
namespace: matrix
name: bot
| Field | Description |
|---|
| apiVersion | Specify the version of Pulsar API server. |
| kind | Specify the component to be created. |
-
Apply the manifest file to create the service account.
snctl apply -f /path/to/sa-bot.yaml
serviceaccount.cloud.streamnative.io/bot created
-
Check whether the service account was created successfully.
snctl describe serviceaccount bot
Name: bot
Namespace: matrix
Labels: <none>
Annotations: <none>
API Version: cloud.streamnative.io/v1alpha1
Kind: ServiceAccount
Metadata:
Creation Timestamp: 2020-08-11T16:25:10Z
Finalizers:
serviceaccount.finalizers.cloud.streamnative.io
Generation: 1
Resource Version: 396516
Self Link: /apis/cloud.streamnative.io/v1alpha1/namespaces/matrix/serviceaccounts/bot
UID: 874b226b-ea01-41c2-9a7b-059fdcc0d5c1
Spec:
Status:
Conditions:
Last Transition Time: 2020-08-14T06:25:52Z
Reason: Provisioned
Status: True
Type: Ready
Private Key Data:
Private Key Type: TYPE_SN_CREDENTIALS_FILE
Events: <none>
status and type parameters for items under Conditions are set to true and ready. This means that the service account bot was created successfully.
In addition, you can use the snctl create serviceaccount SERVICE_ACCOUNT_NAME command to create a service account. For details, see snctl reference.
Download service account credentials
To use a service account, you first download its associated credentials to a JSON file. The information is made available through the status block of the ServiceAccount resource.
The following example shows how to download the service account credentials to a file called bot.json.
snctl auth export-service-account bot --key-file bot.json
{
"type": "SN_SERVICE_ACCOUNT",
"client_id": "CLIENT_ID",
"client_secret": "CLIENT_SECRET",
"client_email": "bot@matrix.auth.streamnative.cloud"
}
| Field | Description |
|---|
client_id | It is an Auth0 Application that has been created. |
client_secret | It is used to authenticate to Auth0 for accessing snctl. |
The file contains credentials information and should be well protected.
Download service account tokens
To get a token using the StreamNative CLI snctl, run the following command.
snctl auth get-token [PULSAR_INSTANCE_NAME]
Activate a service account
This example shows how to activate a service account through a key file called bot.json.
snctl auth activate-service-account --key-file bot.json -a https://api.streamnative.cloud -i https://auth.streamnative.cloud/
Logged in as bot@matrix.auth.streamnative.cloud.
Welcome to StreamNative Cloud!
Access the StreamNative Cloud API
This example shows how to access the StreamNative Cloud API through a service account.
-
Log in to snctl.
-
Create a service account.
This example creates a service account named bot.
snctl create serviceaccount bot.
serviceaccount.cloud.streamnative.io/bot created
-
Download the associated credentials of the service account to a JSON file。
snctl auth export-service-account bot -f bot.json
Wrote private key file 'bot.json'.
-
Bind the service account with an “admin” role.
snctl create rolebinding bot-cluster-admin --role admin --serviceaccount bot
rolebinding.cloud.streamnative.io/bot-cluster-admin created
-
Log out from snctl.
-
Log in to snctl with the service account.
snctl auth activate-service-account --key-file bot.json
Logged in as bot@matrix.auth.streamnative.cloud.
Welcome to StreamNative Cloud!
Check service accounts
This example shows how to check the service accounts of an organization.
Output
NAME CREATED AT
bot 2020-08-11T16:25:10Z
Check service account details
Before checking the details about a service account, you should use the following command to confirm whether the service account is available.
Then, you can use the following command to check details about a service account.
snctl describe serviceaccount SERVICE_ACCOUNT_NAME
bot.
snctl describe serviceaccount bot
Name: bot
Namespace: matrix
Labels: <none>
Annotations: <none>
API Version: cloud.streamnative.io/v1alpha1
Kind: ServiceAccount
Metadata:
Creation Timestamp: 2020-08-11T16:25:10Z
Finalizers:
serviceaccount.finalizers.cloud.streamnative.io
Generation: 1
Resource Version: 396516
Self Link: /apis/cloud.streamnative.io/v1alpha1/namespaces/matrix/serviceaccounts/bot
UID: 874b226b-ea01-41c2-9a7b-059fdcc0d5c1
Spec:
Status:
Conditions:
Last Transition Time: 2020-08-14T06:25:52Z
Reason: Provisioned
Status: True
Type: Ready
Private Key Data:
Private Key Type: TYPE_SN_CREDENTIALS_FILE
Events: <none>
Delete a service account
You can use the following command to delete a service account based on the service account name.
snctl delete serviceaccount SERVICE_ACCOUNT_NAME
snctl delete -f ./sa-bot.yaml
Work with API Keys
To work with API keys using snctl, you need to snctl version 0.16.0 or later.
Create an API Key
To create an API key that doesn’t have an expiration date, do the following:
snctl create apikey test-apikey --instance-name test-key --service-account-name test-api-key --expiration-time 0 --description 'this is test' -O sndev
snctl create apikey test-apikey2 --instance-name test-key --service-account-name test-api-key --expiration-time 30d --description 'this is test' -O sndev
snctl create apikey test-apikey3 --instance-name test-key --service-account-name test-api-key --expiration-time "2025-02-08T15:38:40Z" --description 'this is test' -O your-org-name
View API Keys
To view API keys, use the following command:
snctl get apikey -O your-org-name
Revoke an API Key
To revoke an API key, use the following:
snctl revoke apikey test-apikey3 -O your-org-name
Delete an API Key
To delete an API key, use the following:
snctl delete apikey test-apikey-name -O your-org-name
Work with users
In this document, we named the organization matrix for an example
Create a user
To create a user, follow these steps.
-
Define a user named
ironman by using a manifest file and save the manifest file user-ironman.yaml.
apiVersion: cloud.streamnative.io/v1alpha1
kind: User
metadata:
namespace: matrix
name: ironman
spec:
email: ironman@matrix.local
| Field | Description |
|---|
| apiVersion | Specify the version of Pulsar API server. |
| kind | Specify the component to be created. |
| spec | Specify the email address for the user. |
-
Apply the manifest file to create the user.
snctl apply -f /path/to/user-ironman.yaml
-
Check whether the user is created successfully.
snctl describe users ironman@matrix.local
Name: ironman@matrix.local
Namespace: matrix
Labels: <none>
Annotations: <none>
API Version: cloud.streamnative.io/v1alpha1
Kind: User
Metadata:
Creation Timestamp: 2020-08-10T14:31:12Z
Finalizers:
user.finalizers.cloud.streamnative.io
Generation: 1
Resource Version: 104126
Self Link: /apis/cloud.streamnative.io/v1alpha1/namespaces/matrix/users/ironman@matrix.local
UID: 5f6297c6-8e64-4175-b866-bb6362437f29
Spec:
Email: ironman@matrix.local
Status:
Events: <none>
Check users
You can use the following command to check users created for an organization.
Output
NAME CREATED AT
ironman@matrix.local 2020-08-10T14:31:12Z
Check user details
Before checking details about a user, you should use the following command to confirm whether the target user is available.
Then, you can use the following command to check details about a specific user.
snctl describe users USER_NAME
ironman@matrix.local.
snctl describe users ironman@matrix.local
Name: ironman@matrix.local
Namespace: matrix
Labels: <none>
Annotations: <none>
API Version: cloud.streamnative.io/v1alpha1
Kind: User
Metadata:
Creation Timestamp: 2020-08-10T14:31:12Z
Finalizers:
user.finalizers.cloud.streamnative.io
Generation: 1
Resource Version: 104126
Self Link: /apis/cloud.streamnative.io/v1alpha1/namespaces/matrix/users/ironman@matrix.local
UID: 5f6297c6-8e64-4175-b866-bb6362437f29
Spec:
Email: ironman@matrix.local
Status:
Events: <none>
Delete a user
You can use the following command to delete a specific user based on the user name.
snctl delete users USER_NAME
snctl delete -f ./user-ironman.yaml
