Skip to content

feat(sn-console): align streamnative-console with sn-platform-slim #1267

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
tuteng merged 6 commits into from
Mar 16, 2026
Merged

feat(sn-console): align streamnative-console with sn-platform-slim #1267

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
6 commits
Select commit Hold shift + click to select a range
344f922
feat(sn-console): align streamnative-console with sn-platform-slim
tuteng Mar 13, 2026
9cfe230
Fixed deploy
tuteng Mar 13, 2026
6323771
feat(sn-console): add CLUSTER_NAME config and default env service url
tuteng Mar 13, 2026
c1e400a
chore(sn-console): set default CLUSTER_NAME value
tuteng Mar 13, 2026
6ed41d2
Fixed
tuteng Mar 16, 2026
1bd387e
Fixed image version
tuteng Mar 16, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
190 changes: 184 additions & 6 deletions charts/sn-console/templates/console/streamnative-console-statefulset.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -76,6 +76,41 @@ spec:
periodSeconds: {{ .Values.probe.startup.periodSeconds }}
failureThreshold: {{ .Values.probe.startup.failureThreshold }}
{{- end }}
workingDir: "/pulsar-manager/console"
command: ["/bin/sh", "-c"]
args:
- |
if [ -f "/pulsar-manager/secrets/google-oauth2/GOOGLE_CLIENT_ID" ]; then
export GOOGLE_CLIENT_ID=$(cat /pulsar-manager/secrets/google-oauth2/GOOGLE_CLIENT_ID)
fi
if [ -f "/pulsar-manager/secrets/google-oauth2/GOOGLE_CLIENT_SECRET" ]; then
export GOOGLE_CLIENT_SECRET=$(cat /pulsar-manager/secrets/google-oauth2/GOOGLE_CLIENT_SECRET)
fi
if [ -f "/pulsar-manager/secrets/azure-oauth2/AZURE_CLIENT_ID" ]; then
export AZURE_CLIENT_ID=$(cat /pulsar-manager/secrets/azure-oauth2/AZURE_CLIENT_ID)
fi
if [ -f "/pulsar-manager/secrets/azure-oauth2/AZURE_CLIENT_SECRET" ]; then
export AZURE_CLIENT_SECRET=$(cat /pulsar-manager/secrets/azure-oauth2/AZURE_CLIENT_SECRET)
fi
if [ -f "/pulsar-manager/secrets/azure-oauth2/AZURE_TENANT_ID" ]; then
export AZURE_TENANT_ID=$(cat /pulsar-manager/secrets/azure-oauth2/AZURE_TENANT_ID)
fi
if [ -f "/pulsar-manager/secrets/okta-oauth2/OKTA_CLIENT_ID" ]; then
export OKTA_CLIENT_ID=$(cat /pulsar-manager/secrets/okta-oauth2/OKTA_CLIENT_ID)
fi
if [ -f "/pulsar-manager/secrets/okta-oauth2/OKTA_CLIENT_SECRET" ]; then
export OKTA_CLIENT_SECRET=$(cat /pulsar-manager/secrets/okta-oauth2/OKTA_CLIENT_SECRET)
fi
if [ -f "/pulsar-manager/secrets/pulsar-jwt/TOKEN" ]; then
export TOKEN=$(cat /pulsar-manager/secrets/pulsar-jwt/TOKEN)
fi
if [ -f "/pulsar-manager/secrets/db-password/DB_PASSWORD" ]; then
export DB_PASSWORD=$(cat /pulsar-manager/secrets/db-password/DB_PASSWORD)
fi
if [ -f "/pulsar-manager/secrets/db-password/NEW_PASSWORD" ]; then
export NEW_PASSWORD=$(cat /pulsar-manager/secrets/db-password/NEW_PASSWORD)
fi
/pulsar-manager/entrypoint.sh
env:
- name: SPRING_CONFIGURATION_FILE
value: /pulsar-manager/pulsar-manager/application.properties
Expand All @@ -85,6 +120,8 @@ spec:
value: {{ .Values.configData.DEFAULT_NAME }}
- name: INSTANCE_NAME
value: {{ .Values.configData.INSTANCE_NAME }}
- name: CLUSTER_NAME
value: {{ .Values.configData.CLUSTER_NAME | quote }}
- name: WEB_SERVICE_URL
value: {{ .Values.broker.webServiceUrl }}
- name: KOP_SERVICE_URL
Expand Down Expand Up @@ -151,6 +188,13 @@ spec:
{{- end }}
- name: CONNECTOR_ENABLED
value: "{{ .Values.configData.CONNECTOR_ENABLED | default "true" }}"
{{- if hasSuffix "-all" (toString .Values.image.tag) }}
- name: DB_BASE
value: sqlite
{{- end }}
{{- with .Values.extraEnv }}
{{ toYaml . | indent 10 }}
{{- end }}
{{- if .Values.login.pulsarJwt.enabled }}
- name: AUTHENTICATION_NAME
value: "pulsar-jwt"
Expand Down Expand Up @@ -208,21 +252,105 @@ spec:
- secretRef:
name: {{ .Values.login.pulsarJwt.config.SERVICE_ACCOUNT_SUPER_TOKEN_SECRET }}
{{- end }}

ports:
- name: frontend
containerPort: {{ .Values.ports.frontend }}
- name: backend
containerPort: {{ .Values.ports.backend }}

volumeMounts:
- name: streamnative-console-data
mountPath: /data
- name: tmp-storage
mountPath: /tmp
- name: run-postgresql-tmpfs
mountPath: /run/postgresql
- name: pulsar-manager-conf
mountPath: /pulsar-manager/pulsar-manager
- name: psql
mountPath: /pulsar-manager/psql
{{- if .Values.login.pulsarJwt.enabled }}
- mountPath: /pulsar-manager/keys
name: token-keys
readOnly: true
{{- end }}
{{- if .Values.login.sso.google.enabled }}
- name: google-oauth2-secret
mountPath: /pulsar-manager/secrets/google-oauth2
readOnly: true
{{- end }}
{{- if .Values.login.sso.azure.enabled }}
- name: azure-oauth2-secret
mountPath: /pulsar-manager/secrets/azure-oauth2
readOnly: true
{{- end }}
{{- if .Values.login.sso.okta.enabled }}
- name: okta-oauth2-secret
mountPath: /pulsar-manager/secrets/okta-oauth2
readOnly: true
{{- end }}
{{- if .Values.login.pulsarJwt.enabled }}
- name: pulsar-jwt-secret
mountPath: /pulsar-manager/secrets/pulsar-jwt
readOnly: true
{{- end }}
{{- if .Values.dbPasswordSecret }}
- name: db-password-secret
mountPath: /pulsar-manager/secrets/db-password
readOnly: true
{{- end }}
- name: "{{ template "sn_console.fullname" . }}-{{ .Values.component }}-gateway"
image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}"
imagePullPolicy: {{ .Values.image.pullPolicy }}
{{- if .Values.resources }}
resources:
{{ toYaml .Values.resources | indent 12 }}
{{- end }}
{{- if .Values.probe.readiness.enabled }}
readinessProbe:
httpGet:
path: /cloud-manager/login/enabled
port: {{ .Values.ports.frontend }}
initialDelaySeconds: {{ .Values.probe.readiness.initialDelaySeconds }}
periodSeconds: {{ .Values.probe.readiness.periodSeconds }}
failureThreshold: {{ .Values.probe.readiness.failureThreshold }}
{{- end }}
{{- if .Values.probe.liveness.enabled }}
livenessProbe:
httpGet:
path: /cloud-manager/login/enabled
port: {{ .Values.ports.frontend }}
initialDelaySeconds: {{ .Values.probe.liveness.initialDelaySeconds }}
periodSeconds: {{ .Values.probe.liveness.periodSeconds }}
failureThreshold: {{ .Values.probe.liveness.failureThreshold }}
{{- end }}
{{- if .Values.probe.startup.enabled }}
startupProbe:
httpGet:
path: /cloud-manager/login/enabled
port: {{ .Values.ports.frontend }}
initialDelaySeconds: {{ .Values.probe.startup.initialDelaySeconds }}
periodSeconds: {{ .Values.probe.startup.periodSeconds }}
failureThreshold: {{ .Values.probe.startup.failureThreshold }}
{{- end }}
workingDir: "/pulsar-manager/gateway"
command: ["/pulsar-manager/gateway/gateway-entrypoint.sh"]
env:
- name: OPENAPI_ENABLED
value: "{{ .Values.configData.OPENAPI_ENABLED | default "false" }}"
ports:
- name: frontend
containerPort: {{ .Values.ports.frontend }}
- name: backend
containerPort: {{ .Values.ports.backend }}
volumeMounts:
- name: nginx-conf
mountPath: /etc/nginx/conf.d
- name: nginx-logs
mountPath: /var/log/nginx
- name: nginx-tmp
mountPath: /var/lib/nginx/tmp
- name: nginx-run
mountPath: /run
- name: nginx-lib-log
mountPath: /var/lib/nginx/logs
- name: tmp-storage
mountPath: /tmp

volumes:
{{- if not .Values.volumes.persistence }}
Expand Down Expand Up @@ -254,6 +382,56 @@ spec:
secretName: {{ .Values.login.pulsarJwt.config.JWT_BROKER_SECRET_KEY }}
{{- end }}
{{- end }}
{{- if .Values.login.sso.google.enabled }}
- name: google-oauth2-secret
secret:
secretName: {{ .Values.login.sso.google.clientSecretRef }}
defaultMode: 0440
{{- end }}
{{- if .Values.login.sso.azure.enabled }}
- name: azure-oauth2-secret
secret:
secretName: {{ .Values.login.sso.azure.clientSecretRef }}
defaultMode: 0440
{{- end }}
{{- if .Values.login.sso.okta.enabled }}
- name: okta-oauth2-secret
secret:
secretName: {{ .Values.login.sso.okta.clientSecretRef }}
defaultMode: 0440
{{- end }}
{{- if .Values.login.pulsarJwt.enabled }}
- name: pulsar-jwt-secret
secret:
secretName: {{ .Values.login.pulsarJwt.config.SERVICE_ACCOUNT_SUPER_TOKEN_SECRET }}
defaultMode: 0440
{{- end }}
{{- if .Values.dbPasswordSecret }}
- name: db-password-secret
secret:
secretName: {{ .Values.dbPasswordSecret }}
defaultMode: 0440
{{- end }}
- name: tmp-storage
emptyDir: {}
- name: run-postgresql-tmpfs
emptyDir:
medium: Memory
- name: nginx-conf
emptyDir: {}
- name: nginx-logs
emptyDir: {}
- name: nginx-tmp
emptyDir: {}
- name: nginx-run
emptyDir:
medium: Memory
- name: pulsar-manager-conf
emptyDir: {}
- name: nginx-lib-log
emptyDir: {}
- name: psql
emptyDir: {}

{{- if or .Values.volumes.data.storageClass .Values.volumes.data.storageClassName }}
volumeClaimTemplates:
Expand Down
32 changes: 25 additions & 7 deletions charts/sn-console/values.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2,11 +2,11 @@
# Copyright (c) 2019 - 2024 StreamNative, Inc.. All Rights Reserved.
#

initialize: true
initialize: false

image:
repository: streamnative/sn-platform-console
tag: "v1.14.2"
repository: streamnative/private-cloud-console
tag: "v2.3.27-all"
pullPolicy: IfNotPresent
hasCommand: false

Expand Down Expand Up @@ -47,7 +47,7 @@ resources:
cpu: 0.1
volumes:
# use a persistent volume or emptyDir
persistence: true
persistence: false
data:
name: data
size: 10Gi
Expand Down Expand Up @@ -94,6 +94,8 @@ configData:
DEFAULT_ORGANIZATION: "streamnative"
# *required*: the instance name to display for the Pulsar clusters in SN console
INSTANCE_NAME: "pulsar"
# Optional: customize the cluster name shown in Console
CLUSTER_NAME: ""
GLOBAL_RESOURCE_READ_ONLY: false
REDIRECT_SCHEME: ""
REDIRECT_HOST: ""
Expand All @@ -108,13 +110,29 @@ configData:
GRAFANA_AUTH_PROXY: false
GRAFANA_AUTH_PROXY_USER: ""
DEFAULT_ENVIRONMENT_NAME: "pulsar"
DEFAULT_ENVIRONMENT_SERVICE_URL: ""
DEFAULT_ENVIRONMENT_SERVICE_URL: "http://private-cloud-proxy:8080"
BACKEND_DEFAULT_SUPER_USER_ROLE: "pulsar-manager-admin"
CONNECTOR_ENABLED: true
CLUSTER_NAME: "private-cloud"

# Extra environment variables for streamnative-console container
extraEnv: []
# Secret name containing DB_PASSWORD and NEW_PASSWORD keys (mounted as files; read by startup script)
# The secret should have two keys: DB_PASSWORD and NEW_PASSWORD
# Example command to create the secret:
# kubectl create secret generic my-db-password-secret \
# --from-literal=DB_PASSWORD=your-db-password \
# --from-literal=NEW_PASSWORD=your-new-password
# Example command to update the secret:
# kubectl create secret generic my-db-password-secret \
# --from-literal=DB_PASSWORD=your-new-db-password \
# --from-literal=NEW_PASSWORD=your-new-password \
# --dry-run=client -o yaml | kubectl apply -f -
dbPasswordSecret: ""

login:
vault:
enabled: true
enabled: false
pulsarJwt:
enabled: false
config:
Expand Down Expand Up @@ -154,7 +172,7 @@ login:

# broker related settings. configure how streamnative console should access Pulsar brokers.
broker:
webServiceUrl: http://localhost:8080
webServiceUrl: http://private-cloud-proxy:8080
# kopServiceUrl: localhost:9093
auth:
authentication:
Expand Down
Loading