From 344f922efb2420c86d9dee671aa94495bd7ca3a8 Mon Sep 17 00:00:00 2001 From: Guangning E Date: Fri, 13 Mar 2026 09:19:38 +0800 Subject: [PATCH 1/6] feat(sn-console): align streamnative-console with sn-platform-slim - Add DB_BASE=sqlite when image tag ends with -all - Add extraEnv for custom environment variables - Add dbPasswordSecret: mount secret as files, read DB_PASSWORD/NEW_PASSWORD in startup script Made-with: Cursor --- .../streamnative-console-statefulset.yaml | 31 ++++++++++++++++++- charts/sn-console/values.yaml | 15 +++++++++ 2 files changed, 45 insertions(+), 1 deletion(-) diff --git a/charts/sn-console/templates/console/streamnative-console-statefulset.yaml b/charts/sn-console/templates/console/streamnative-console-statefulset.yaml index 1880f914b..5e0f7f7c0 100644 --- a/charts/sn-console/templates/console/streamnative-console-statefulset.yaml +++ b/charts/sn-console/templates/console/streamnative-console-statefulset.yaml @@ -151,6 +151,13 @@ spec: {{- end }} - name: CONNECTOR_ENABLED value: "{{ .Values.configData.CONNECTOR_ENABLED | default "true" }}" + {{- if hasSuffix "-all" .Values.image.tag }} + - name: DB_BASE + value: sqlite + {{- end }} + {{- with .Values.extraEnv }} +{{ toYaml . | indent 10 }} + {{- end }} {{- if .Values.login.pulsarJwt.enabled }} - name: AUTHENTICATION_NAME value: "pulsar-jwt" @@ -208,7 +215,18 @@ spec: - secretRef: name: {{ .Values.login.pulsarJwt.config.SERVICE_ACCOUNT_SUPER_TOKEN_SECRET }} {{- end }} - + {{- if .Values.dbPasswordSecret }} + command: ["/bin/sh", "-c"] + args: + - | + if [ -f "/pulsar-manager/secrets/db-password/DB_PASSWORD" ]; then + export DB_PASSWORD=$(cat /pulsar-manager/secrets/db-password/DB_PASSWORD) + fi + if [ -f "/pulsar-manager/secrets/db-password/NEW_PASSWORD" ]; then + export NEW_PASSWORD=$(cat /pulsar-manager/secrets/db-password/NEW_PASSWORD) + fi + exec /pulsar-manager/entrypoint.sh + {{- end }} ports: - name: frontend containerPort: {{ .Values.ports.frontend }} @@ -223,6 +241,11 @@ spec: name: token-keys readOnly: true {{- end }} + {{- if .Values.dbPasswordSecret }} + - name: db-password-secret + mountPath: /pulsar-manager/secrets/db-password + readOnly: true + {{- end }} volumes: {{- if not .Values.volumes.persistence }} @@ -254,6 +277,12 @@ spec: secretName: {{ .Values.login.pulsarJwt.config.JWT_BROKER_SECRET_KEY }} {{- end }} {{- end }} + {{- if .Values.dbPasswordSecret }} + - name: db-password-secret + secret: + secretName: {{ .Values.dbPasswordSecret }} + defaultMode: 0440 + {{- end }} {{- if or .Values.volumes.data.storageClass .Values.volumes.data.storageClassName }} volumeClaimTemplates: diff --git a/charts/sn-console/values.yaml b/charts/sn-console/values.yaml index ecdd089f0..945bbc501 100644 --- a/charts/sn-console/values.yaml +++ b/charts/sn-console/values.yaml @@ -112,6 +112,21 @@ configData: BACKEND_DEFAULT_SUPER_USER_ROLE: "pulsar-manager-admin" CONNECTOR_ENABLED: true +# Extra environment variables for streamnative-console container +extraEnv: [] +# Secret name containing DB_PASSWORD and NEW_PASSWORD keys (mounted as files; read by startup script) +# The secret should have two keys: DB_PASSWORD and NEW_PASSWORD +# Example command to create the secret: +# kubectl create secret generic my-db-password-secret \ +# --from-literal=DB_PASSWORD=your-db-password \ +# --from-literal=NEW_PASSWORD=your-new-password +# Example command to update the secret: +# kubectl create secret generic my-db-password-secret \ +# --from-literal=DB_PASSWORD=your-new-db-password \ +# --from-literal=NEW_PASSWORD=your-new-password \ +# --dry-run=client -o yaml | kubectl apply -f - +dbPasswordSecret: "" + login: vault: enabled: true From 9cfe23029520dbaeb737b6a6ad6fe1a34994643e Mon Sep 17 00:00:00 2001 From: Guangning E Date: Fri, 13 Mar 2026 17:06:44 +0800 Subject: [PATCH 2/6] Fixed deploy --- .../streamnative-console-statefulset.yaml | 181 ++++++++++++++++-- charts/sn-console/values.yaml | 12 +- 2 files changed, 170 insertions(+), 23 deletions(-) diff --git a/charts/sn-console/templates/console/streamnative-console-statefulset.yaml b/charts/sn-console/templates/console/streamnative-console-statefulset.yaml index 5e0f7f7c0..35d9093a4 100644 --- a/charts/sn-console/templates/console/streamnative-console-statefulset.yaml +++ b/charts/sn-console/templates/console/streamnative-console-statefulset.yaml @@ -76,6 +76,41 @@ spec: periodSeconds: {{ .Values.probe.startup.periodSeconds }} failureThreshold: {{ .Values.probe.startup.failureThreshold }} {{- end }} + workingDir: "/pulsar-manager/console" + command: ["/bin/sh", "-c"] + args: + - | + if [ -f "/pulsar-manager/secrets/google-oauth2/GOOGLE_CLIENT_ID" ]; then + export GOOGLE_CLIENT_ID=$(cat /pulsar-manager/secrets/google-oauth2/GOOGLE_CLIENT_ID) + fi + if [ -f "/pulsar-manager/secrets/google-oauth2/GOOGLE_CLIENT_SECRET" ]; then + export GOOGLE_CLIENT_SECRET=$(cat /pulsar-manager/secrets/google-oauth2/GOOGLE_CLIENT_SECRET) + fi + if [ -f "/pulsar-manager/secrets/azure-oauth2/AZURE_CLIENT_ID" ]; then + export AZURE_CLIENT_ID=$(cat /pulsar-manager/secrets/azure-oauth2/AZURE_CLIENT_ID) + fi + if [ -f "/pulsar-manager/secrets/azure-oauth2/AZURE_CLIENT_SECRET" ]; then + export AZURE_CLIENT_SECRET=$(cat /pulsar-manager/secrets/azure-oauth2/AZURE_CLIENT_SECRET) + fi + if [ -f "/pulsar-manager/secrets/azure-oauth2/AZURE_TENANT_ID" ]; then + export AZURE_TENANT_ID=$(cat /pulsar-manager/secrets/azure-oauth2/AZURE_TENANT_ID) + fi + if [ -f "/pulsar-manager/secrets/okta-oauth2/OKTA_CLIENT_ID" ]; then + export OKTA_CLIENT_ID=$(cat /pulsar-manager/secrets/okta-oauth2/OKTA_CLIENT_ID) + fi + if [ -f "/pulsar-manager/secrets/okta-oauth2/OKTA_CLIENT_SECRET" ]; then + export OKTA_CLIENT_SECRET=$(cat /pulsar-manager/secrets/okta-oauth2/OKTA_CLIENT_SECRET) + fi + if [ -f "/pulsar-manager/secrets/pulsar-jwt/TOKEN" ]; then + export TOKEN=$(cat /pulsar-manager/secrets/pulsar-jwt/TOKEN) + fi + if [ -f "/pulsar-manager/secrets/db-password/DB_PASSWORD" ]; then + export DB_PASSWORD=$(cat /pulsar-manager/secrets/db-password/DB_PASSWORD) + fi + if [ -f "/pulsar-manager/secrets/db-password/NEW_PASSWORD" ]; then + export NEW_PASSWORD=$(cat /pulsar-manager/secrets/db-password/NEW_PASSWORD) + fi + /pulsar-manager/entrypoint.sh env: - name: SPRING_CONFIGURATION_FILE value: /pulsar-manager/pulsar-manager/application.properties @@ -215,37 +250,105 @@ spec: - secretRef: name: {{ .Values.login.pulsarJwt.config.SERVICE_ACCOUNT_SUPER_TOKEN_SECRET }} {{- end }} - {{- if .Values.dbPasswordSecret }} - command: ["/bin/sh", "-c"] - args: - - | - if [ -f "/pulsar-manager/secrets/db-password/DB_PASSWORD" ]; then - export DB_PASSWORD=$(cat /pulsar-manager/secrets/db-password/DB_PASSWORD) - fi - if [ -f "/pulsar-manager/secrets/db-password/NEW_PASSWORD" ]; then - export NEW_PASSWORD=$(cat /pulsar-manager/secrets/db-password/NEW_PASSWORD) - fi - exec /pulsar-manager/entrypoint.sh - {{- end }} - ports: - - name: frontend - containerPort: {{ .Values.ports.frontend }} - - name: backend - containerPort: {{ .Values.ports.backend }} volumeMounts: - name: streamnative-console-data mountPath: /data + - name: tmp-storage + mountPath: /tmp + - name: run-postgresql-tmpfs + mountPath: /run/postgresql + - name: pulsar-manager-conf + mountPath: /pulsar-manager/pulsar-manager + - name: psql + mountPath: /pulsar-manager/psql {{- if .Values.login.pulsarJwt.enabled }} - mountPath: /pulsar-manager/keys name: token-keys readOnly: true {{- end }} + {{- if .Values.login.sso.google.enabled }} + - name: google-oauth2-secret + mountPath: /pulsar-manager/secrets/google-oauth2 + readOnly: true + {{- end }} + {{- if .Values.login.sso.azure.enabled }} + - name: azure-oauth2-secret + mountPath: /pulsar-manager/secrets/azure-oauth2 + readOnly: true + {{- end }} + {{- if .Values.login.sso.okta.enabled }} + - name: okta-oauth2-secret + mountPath: /pulsar-manager/secrets/okta-oauth2 + readOnly: true + {{- end }} + {{- if .Values.login.pulsarJwt.enabled }} + - name: pulsar-jwt-secret + mountPath: /pulsar-manager/secrets/pulsar-jwt + readOnly: true + {{- end }} {{- if .Values.dbPasswordSecret }} - name: db-password-secret mountPath: /pulsar-manager/secrets/db-password readOnly: true {{- end }} + - name: "{{ template "sn_console.fullname" . }}-{{ .Values.component }}-gateway" + image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}" + imagePullPolicy: {{ .Values.image.pullPolicy }} + {{- if .Values.resources }} + resources: +{{ toYaml .Values.resources | indent 12 }} + {{- end }} + {{- if .Values.probe.readiness.enabled }} + readinessProbe: + httpGet: + path: /cloud-manager/login/enabled + port: {{ .Values.ports.frontend }} + initialDelaySeconds: {{ .Values.probe.readiness.initialDelaySeconds }} + periodSeconds: {{ .Values.probe.readiness.periodSeconds }} + failureThreshold: {{ .Values.probe.readiness.failureThreshold }} + {{- end }} + {{- if .Values.probe.liveness.enabled }} + livenessProbe: + httpGet: + path: /cloud-manager/login/enabled + port: {{ .Values.ports.frontend }} + initialDelaySeconds: {{ .Values.probe.liveness.initialDelaySeconds }} + periodSeconds: {{ .Values.probe.liveness.periodSeconds }} + failureThreshold: {{ .Values.probe.liveness.failureThreshold }} + {{- end }} + {{- if .Values.probe.startup.enabled }} + startupProbe: + httpGet: + path: /cloud-manager/login/enabled + port: {{ .Values.ports.frontend }} + initialDelaySeconds: {{ .Values.probe.startup.initialDelaySeconds }} + periodSeconds: {{ .Values.probe.startup.periodSeconds }} + failureThreshold: {{ .Values.probe.startup.failureThreshold }} + {{- end }} + workingDir: "/pulsar-manager/gateway" + command: ["/pulsar-manager/gateway/gateway-entrypoint.sh"] + env: + - name: OPENAPI_ENABLED + value: "{{ .Values.configData.OPENAPI_ENABLED | default "false" }}" + ports: + - name: frontend + containerPort: {{ .Values.ports.frontend }} + - name: backend + containerPort: {{ .Values.ports.backend }} + volumeMounts: + - name: nginx-conf + mountPath: /etc/nginx/conf.d + - name: nginx-logs + mountPath: /var/log/nginx + - name: nginx-tmp + mountPath: /var/lib/nginx/tmp + - name: nginx-run + mountPath: /run + - name: nginx-lib-log + mountPath: /var/lib/nginx/logs + - name: tmp-storage + mountPath: /tmp volumes: {{- if not .Values.volumes.persistence }} @@ -277,12 +380,56 @@ spec: secretName: {{ .Values.login.pulsarJwt.config.JWT_BROKER_SECRET_KEY }} {{- end }} {{- end }} + {{- if .Values.login.sso.google.enabled }} + - name: google-oauth2-secret + secret: + secretName: {{ .Values.login.sso.google.clientSecretRef }} + defaultMode: 0440 + {{- end }} + {{- if .Values.login.sso.azure.enabled }} + - name: azure-oauth2-secret + secret: + secretName: {{ .Values.login.sso.azure.clientSecretRef }} + defaultMode: 0440 + {{- end }} + {{- if .Values.login.sso.okta.enabled }} + - name: okta-oauth2-secret + secret: + secretName: {{ .Values.login.sso.okta.clientSecretRef }} + defaultMode: 0440 + {{- end }} + {{- if .Values.login.pulsarJwt.enabled }} + - name: pulsar-jwt-secret + secret: + secretName: {{ .Values.login.pulsarJwt.config.SERVICE_ACCOUNT_SUPER_TOKEN_SECRET }} + defaultMode: 0440 + {{- end }} {{- if .Values.dbPasswordSecret }} - name: db-password-secret secret: secretName: {{ .Values.dbPasswordSecret }} defaultMode: 0440 {{- end }} + - name: tmp-storage + emptyDir: {} + - name: run-postgresql-tmpfs + emptyDir: + medium: Memory + - name: nginx-conf + emptyDir: {} + - name: nginx-logs + emptyDir: {} + - name: nginx-tmp + emptyDir: {} + - name: nginx-run + emptyDir: + medium: Memory + - name: pulsar-manager-conf + emptyDir: {} + - name: nginx-lib-log + emptyDir: {} + - name: psql + emptyDir: {} {{- if or .Values.volumes.data.storageClass .Values.volumes.data.storageClassName }} volumeClaimTemplates: diff --git a/charts/sn-console/values.yaml b/charts/sn-console/values.yaml index 945bbc501..52f745c75 100644 --- a/charts/sn-console/values.yaml +++ b/charts/sn-console/values.yaml @@ -2,11 +2,11 @@ # Copyright (c) 2019 - 2024 StreamNative, Inc.. All Rights Reserved. # -initialize: true +initialize: false image: - repository: streamnative/sn-platform-console - tag: "v1.14.2" + repository: streamnative/private-cloud-console + tag: "v2.3.26-all" pullPolicy: IfNotPresent hasCommand: false @@ -47,7 +47,7 @@ resources: cpu: 0.1 volumes: # use a persistent volume or emptyDir - persistence: true + persistence: false data: name: data size: 10Gi @@ -129,7 +129,7 @@ dbPasswordSecret: "" login: vault: - enabled: true + enabled: false pulsarJwt: enabled: false config: @@ -169,7 +169,7 @@ login: # broker related settings. configure how streamnative console should access Pulsar brokers. broker: - webServiceUrl: http://localhost:8080 + webServiceUrl: http://private-cloud-proxy:8080 # kopServiceUrl: localhost:9093 auth: authentication: From 632377119b735cca75803ea6dd1257546a59e490 Mon Sep 17 00:00:00 2001 From: Guangning E Date: Fri, 13 Mar 2026 17:37:57 +0800 Subject: [PATCH 3/6] feat(sn-console): add CLUSTER_NAME config and default env service url Expose CLUSTER_NAME env var in the console StatefulSet and add a values.yaml knob. Set DEFAULT_ENVIRONMENT_SERVICE_URL default for private-cloud-proxy. Made-with: Cursor --- .../templates/console/streamnative-console-statefulset.yaml | 2 ++ charts/sn-console/values.yaml | 4 +++- 2 files changed, 5 insertions(+), 1 deletion(-) diff --git a/charts/sn-console/templates/console/streamnative-console-statefulset.yaml b/charts/sn-console/templates/console/streamnative-console-statefulset.yaml index 35d9093a4..110fdcf54 100644 --- a/charts/sn-console/templates/console/streamnative-console-statefulset.yaml +++ b/charts/sn-console/templates/console/streamnative-console-statefulset.yaml @@ -120,6 +120,8 @@ spec: value: {{ .Values.configData.DEFAULT_NAME }} - name: INSTANCE_NAME value: {{ .Values.configData.INSTANCE_NAME }} + - name: CLUSTER_NAME + value: {{ .Values.configData.CLUSTER_NAME | quote }} - name: WEB_SERVICE_URL value: {{ .Values.broker.webServiceUrl }} - name: KOP_SERVICE_URL diff --git a/charts/sn-console/values.yaml b/charts/sn-console/values.yaml index 52f745c75..70da36c64 100644 --- a/charts/sn-console/values.yaml +++ b/charts/sn-console/values.yaml @@ -94,6 +94,8 @@ configData: DEFAULT_ORGANIZATION: "streamnative" # *required*: the instance name to display for the Pulsar clusters in SN console INSTANCE_NAME: "pulsar" + # Optional: customize the cluster name shown in Console + CLUSTER_NAME: "" GLOBAL_RESOURCE_READ_ONLY: false REDIRECT_SCHEME: "" REDIRECT_HOST: "" @@ -108,7 +110,7 @@ configData: GRAFANA_AUTH_PROXY: false GRAFANA_AUTH_PROXY_USER: "" DEFAULT_ENVIRONMENT_NAME: "pulsar" - DEFAULT_ENVIRONMENT_SERVICE_URL: "" + DEFAULT_ENVIRONMENT_SERVICE_URL: "http://private-cloud-proxy:8080" BACKEND_DEFAULT_SUPER_USER_ROLE: "pulsar-manager-admin" CONNECTOR_ENABLED: true From c1e400ab87ef64f788bfc5900d2df4e85d57c73b Mon Sep 17 00:00:00 2001 From: Guangning E Date: Fri, 13 Mar 2026 17:46:22 +0800 Subject: [PATCH 4/6] chore(sn-console): set default CLUSTER_NAME value Made-with: Cursor --- charts/sn-console/values.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/charts/sn-console/values.yaml b/charts/sn-console/values.yaml index 70da36c64..b01fdf52a 100644 --- a/charts/sn-console/values.yaml +++ b/charts/sn-console/values.yaml @@ -113,6 +113,7 @@ configData: DEFAULT_ENVIRONMENT_SERVICE_URL: "http://private-cloud-proxy:8080" BACKEND_DEFAULT_SUPER_USER_ROLE: "pulsar-manager-admin" CONNECTOR_ENABLED: true + CLUSTER_NAME: "private-cloud" # Extra environment variables for streamnative-console container extraEnv: [] From 6ed41d249e0bbacd0fc206d4402a368fd6c6782a Mon Sep 17 00:00:00 2001 From: Guangning E Date: Mon, 16 Mar 2026 09:11:26 +0800 Subject: [PATCH 5/6] Fixed --- .../templates/console/streamnative-console-statefulset.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/charts/sn-console/templates/console/streamnative-console-statefulset.yaml b/charts/sn-console/templates/console/streamnative-console-statefulset.yaml index 110fdcf54..1a0523f6e 100644 --- a/charts/sn-console/templates/console/streamnative-console-statefulset.yaml +++ b/charts/sn-console/templates/console/streamnative-console-statefulset.yaml @@ -188,7 +188,7 @@ spec: {{- end }} - name: CONNECTOR_ENABLED value: "{{ .Values.configData.CONNECTOR_ENABLED | default "true" }}" - {{- if hasSuffix "-all" .Values.image.tag }} + {{- if hasSuffix "-all" (toString .Values.image.tag) }} - name: DB_BASE value: sqlite {{- end }} From 1bd387e632162268424fcdd15912db817beda367 Mon Sep 17 00:00:00 2001 From: Guangning E Date: Mon, 16 Mar 2026 09:14:08 +0800 Subject: [PATCH 6/6] Fixed image version --- charts/sn-console/values.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/charts/sn-console/values.yaml b/charts/sn-console/values.yaml index b01fdf52a..f0241f354 100644 --- a/charts/sn-console/values.yaml +++ b/charts/sn-console/values.yaml @@ -6,7 +6,7 @@ initialize: false image: repository: streamnative/private-cloud-console - tag: "v2.3.26-all" + tag: "v2.3.27-all" pullPolicy: IfNotPresent hasCommand: false