{"id":19704836,"url":"https://github.com/datastax/pulsar-admin-console","last_synced_at":"2025-02-27T13:46:27.978Z","repository":{"id":37793070,"uuid":"323942157","full_name":"datastax/pulsar-admin-console","owner":"datastax","description":"Pulsar Admin Console is a web based UI that administrates topics, namespaces, sources, sinks and various aspects of Apache Pulsar features.","archived":false,"fork":false,"pushed_at":"2025-02-24T08:18:21.000Z","size":2951,"stargazers_count":35,"open_issues_count":16,"forks_count":18,"subscribers_count":14,"default_branch":"master","last_synced_at":"2025-02-24T09:26:54.919Z","etag":null,"topics":["admin","admin-console","pulsar","pulsar-admin"],"latest_commit_sha":null,"homepage":"","language":"Vue","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/datastax.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2020-12-23T15:49:56.000Z","updated_at":"2025-01-20T05:30:43.000Z","dependencies_parsed_at":"2024-11-11T21:25:51.026Z","dependency_job_id":"5c81c17f-79b5-46dc-8594-f92cd8e86ab0","html_url":"https://github.com/datastax/pulsar-admin-console","commit_stats":null,"previous_names":[],"tags_count":39,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/datastax%2Fpulsar-admin-console","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/datastax%2Fpulsar-admin-console/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/datastax%2Fpulsar-admin-console/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/datastax%2Fpulsar-admin-console/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/datastax","download_url":"https://codeload.github.com/datastax/pulsar-admin-console/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":241020207,"owners_count":19895390,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["admin","admin-console","pulsar","pulsar-admin"],"created_at":"2024-11-11T21:24:42.751Z","updated_at":"2025-02-27T13:46:27.957Z","avatar_url":"https://github.com/datastax.png","language":"Vue","readme":"# DataStax Admin Console for Apache Pulsar\n\nDataStax Admin Console for Apache Pulsar, referred to as *Pulsar Admin Console* in short here after, is a web based UI that administrates topics, namespaces, sources, sinks and various aspects of [Apache Pulsar](https://pulsar.apache.org/) features.\n\nThe admin console is a VueJS application that runs in a browser. It also includes a web server that serves up the files for the admin console as well as providing configuration and authentication services.\n\n## Installation\n\nTo install the Pulsar Admin Console:\n\n1. Ensure [node](https://nodejs.org/en/download/) version 16.15 or higher is installed.\n\n2. Download the latest release tarball from the [release page](https://github.com/datastax/pulsar-admin-console/releases).\n\n3. Extract the tarball. \n```\ntar xfvz pulsar-admin-console-\u003cversion\u003e.tar.gz\n```\n4. Update the configuration in the `./pulsar-admin-console-\u003cversion\u003e/config` directory. You can update the `default.json` or add an override file named `local.json`. See \"Configuration\" section below.\n\n## Starting\n\n\n1. Change to the `server` subdirectory of the install directory.\n```\ncd ./pulsar-admin-console-\u003cversion\u003e/server\n```\n2. Start the process.\n```\nnpm start\n```\n3. Open the port (default 6454) in a browser.\n```\ngoogle-chrome-stable http://localhost:6454\n``` \n\n## Configuration\nThe configuration file for the Pulsar admin console is named `default.json` and is in the `./config` directory. Additional\nconfiguration files (for example, `local.json`) can be placed in this directory to override parameters, as described [here](https://github.com/node-config/node-config/wiki/Configuration-Files).\n\nThe `default.json` configuration file contains a set of general configs for the admin console plus a server-specific set under `server_config`.\nThe admin console server proxies all requests from the admin console to the Pulsar broker (or Pulsar proxy). You need to configure `pulsar_url`\nto point to one of your brokers or a proxy/loadbalancer in front of the brokers (can be Pulsar proxy). \n\nFor the Brokers section of the \nadmin console to work, the admin console server must be able to directly reach each broker by the IP/hostname that is returned by\nthe Pulsar CLI command `pulsar-admin brokers list \u003cclustername\u003e`. The cluster name can be retrieved with the CLI command `pulsar-admin clusters list`.\nIn a geo-replication configuration, you will want to use the cluster name for the local cluster. You must set the cluster name in the \n`cluster_name` setting of the configuration file.\n\n### TLS for upstream targets using self-signed certificates\n\nIf you are using self-signed certificates, it is essential to configure the trusted root CA certificate(s) so that the\nPulsar Admin Console server can securely proxy requests to upstream servers. This can be done by setting this\nenvironment variable, `NODE_EXTRA_CA_CERTS`, to the path to the trust ca.crt file. Please see [this](https://nodejs.org/api/cli.html#node_extra_ca_certsfile)\nofficial Node.js documentation for additional details.\n\n### Configuration reference\n\n| Setting | Default | Description |\n|----------------------------------------------|--------------------------------------------------------------------------------------------------|-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|\n| auth_mode | none | Authentication mode. One of `none`, `user`, `k8s`, or `openidconnect`. See \"Auth Modes for details | \n| cluster_name | standalone | Name of Pulsar cluster connecting to. The cluster name can be retrieved with the CLI command `pulsar-admin clusters list`. |\n| tenant | public | The default Pulsar tenant to view when starting the console. |\n| oauth_client_id || This is the client ID that the console will use when authenticating with authentication provider | |\n| server_config.port | 6454 | The listen port for the console server |\n| server_config.pulsar_url | http://localhost:8080 | URL for connecting to the Pulsar cluster. Should point to either a broker or Pulsar proxy. The console server must be able to reach this URL. |\n| server_config.websocket_url | https://websocket.example.com:8500 | URL for WebSocket proxy. Used by Test Clients to connect to Pulsar. The console server must be able to reach this URL. |\n| server_config.function_worker_url | `\"\"` | URL for function worker. The default value of `\"\"` means that the server will proxy all function/sink/source calls to the `pulsar_url`. This only needs to be set when the `pulsar_url` cannot handle function/sink/source requests. The console server must be able to reach this URL. |\n| server_config.log_level | info | Log level for the console server |\n| server_config.token_path | | When using `user` or `k8s` auth mode, a Pulsar token is used to connect to the Pulsar cluster. This specifies the path to a file that contains the token to use. For full access, a superuser token is recommended. Alternatively, use `admin_token`. |\n| server_config.admin_token | | When using `user` or `k8s` auth mode, a Pulsar token is used to connect to the Pulsar cluster. This specifies the token as a string. For full access, a superuser token is recommended. The `token_path` setting will override this value if present. |\n| server_config.token_secret | | Secret used when signing access token for logging into the console. If not specified, a default secret is used |\n| server_config.token_options.algorithm | `HS256` | Algorithm to use when signing the JWT (access token). Usually you want to set `RS256` for asymmetric authentication (using the private key) and `HS256` for the symmetric one (using the secret). |\n| server_config.token_options.expires_in | `12h` | TTL for the access token. |\n| server_config.token_options.claim | `sub` | Claim field for the JWT access token. |\n| server_config.token_options.private_key_path | | Private key path relative to the container to find the private key for signing the token. If not set, the `server_config.token_secret` will be used. The private key must be in PEM (.pem) or DER (.key) format. Only PKCS8 key type is supported. |\n| server_config.ssl.verify_certs | `true` | Verify TLS certificate is trusted |\n| server_config.ssl.hostname_validation | `true` | Verify hostname matches the TLS certificate |\n| server_config.ssl.ca_path | | Path to the CA certificate. To enable HTTPS, `ca_path`, `cert_path`, and `key_path` must all be set |\n| server_config.ssl.cert_path | | Path to the server certificate. To enable HTTPS, `ca_path`, `cert_path`, and `key_path` must all be set |\n| server_config.ssl.key_path | | Path to the TLS key. To enable HTTPS, `ca_path`, `cert_path`, and `key_path` must all be set |\n| server_config.kubernetes.k8s_namespace | pulsar | When using `k8s` auth_mode, Kubernetes namespace that contains the username/password secrets |\n| server_config.kubernetes.service_host | | When using `k8s` auth_mode, specify a custom Kubernetes host name. |\n| server_config.kubernetes.service_port | | When using `k8s` auth_mode, specify a custom Kubernetes port. |\n| server_config.user_auth.username | | When using `user` auth_mode, the login user name. |\n| server_config.user_auth.password | | When using `user` auth_mode, the login password. |\n| server_config.oauth2.identity_provider_url | `\"\"` | When using `auth_mode: openidconnect` set to your hostname and port. ex: `https://keycloak:8443` |\n| server_config.oauth2.token_endpoint | `\"\"` | When using `auth_mode: openidconnect` set to the path you need to forward to to get the token. ex: `/token` |\n| server_config.oauth2.grant_type | `password` | When using `auth_mode: openidconnect` set to the grant type. Only `password` is support at this time. |\n| polling_interval | 10000 | How often the console polls Pulsar for updated values. In milliseconds. |\n| ca_certificate | | String of CA certificate to display in the console under Credentials. |\n| api_version | 2.8.3 | Version of the Pulsar client API to recommend under Samples. |\n| notice_text | | Custom notice to appear at top of console. |\n| functions_disabled | false | If functions are not enabled in the cluster, disable the function sections (Functions, Sinks, Sources) |\n| render_monitoring_tab | false | Enable tab that includes links to Grafana dashboards. |\n| grafana_url | | If `render_monitoring_tab` is enabled, URL for Grafana. |\n| clients_disabled | false | Disable test clients. Test clients depend on WebSocket proxy, so if this is not running in Pulsar cluster you may want to disable them. |\n| host_overrides.pulsar | http://localhost:6650\" | URL to display in console to connect to Pulsar. |\n| host_overrides.ws | //localhost:8080\" | URL to display in console to connect to WebSocket proxy. |\n| host_overrides.http | http://localhost:8964\" | URL to display in console to connect to Pulsar Beam HTTP proxy. |\n\n\n## Auth Modes\nThere are four available configurations for `auth_mode`: `none`, `user`, `k8s`, and `openidconnect`.\n\nThe `user` and `k8s` mode support token based authentication to Pulsar. For this to work, you need to configure a token either using `token_path` (a file containing the token)\nor `admin_token` (the token itself). This token will be used to authenticate with Pulsar. For all features of the admin console to work, a superuser token is recommended.\n\nThe `openidconnect` mode works with an OpenID Connect 1.0 compatible authentication provider (ex Okta) to authentication both the admin console and Pulsar. \n\n### Auth Mode: none\n\nIn this mode, no login screen is presented. Authentication must be disabled on Pulsar since the admin console will not attempt to authenticate.\n\n### Auth Mode: user\n\nThe admin console is protected by a login screen. The credentials are configured using the `username` and `password` settings in the config file. Once authenticated with these credentials, the token for connecting to Pulsar is retrieved from the server (configured using `token_path` or `admin_token`) and used to authenticate with the Pulsar cluster.\n\n### Auth Mode: k8\nThe admin console is protected by a login screen. The credentials are retrieved from a Kubernetes secret. For this to work, the admin console server must have access to a Kubernetes API, either user a kubeconfig file in the environment or by having local access (for example, by running as a pod in a Kubernetes cluster).\n\nThe namespace for the secret is set using `k8s_namespace`. The secret name must have a prefix of `dashboard-user-` followed by the username. For example, the admin user would have a secret name of `dashboard-user-admin`. The password must be stored in the secret with a key of `password` and a value of the password itself. Multiple secrets with the prefix can be configured to set up multiple users for the admin console. A password can be reset by patching the corresponding Kubernetes secret.\n\nOnce the user is authenticated using one of the Kubernetes secrets, the token for connecting to Pulsar is retrieved from the server (configured using `token_path` or `admin_token`) and used to authenticate with the Pulsar cluster.\n\n### Auth Mode: OpenID Connect\nIn this auth mode, the dashboard will use your login credentials to attempt to retrieve a JWT from an authentication\nprovider by following the `password` grant type. In the [DataStax Pulsar Helm Chart](https://github.com/datastax/pulsar-helm-chart), this is implemented by\nintegrating the Pulsar Admin Console with an identity provider, like Keycloak. Upon successful retrieval of the JWT, the Pulsar Admin Console will\nuse the retrieved JWT as the bearer token when making calls to Pulsar.\n\nIn addition to configuring the `auth_mode`, you also need to configure the `oauth_client_id`. This is the client id that\nthe Console will use when authenticating with Keycloak. Note that in Keycloak, it is important that this client exists\nand that it has the `sub` claim properly mapped to your desired Pulsar subject. Otherwise, the JWT won't work as desired.\n\n#### Connecting to an OpenID Connect Auth/Identity Provider\nWhen opening the Console, the first page is the login page. When using the `openidconnect` auth mode, the auth call\nneeds to go to the Provider's server. In the current design, nginx must be configured to route the call to the provider.\nThe [DataStax Pulsar Helm Chart](https://github.com/datastax/pulsar-helm-chart) does this automatically.\n\n### Development\n\n#### Node and NPM version\nUse these versions of node and npm:\n```\n$ npm -v\n6.14.15\n$ node -v\nv14.18.3\n```\n\nIn order to easily manage your node and npm versions across developer machines, we use [nvm](https://github.com/nvm-sh/nvm). We set the node version in the [.nvmrc](./.nvmrc) file. In order to set up your environment, open a shell, change to the project directory, and run the following:\n\n```shell\nnvm use\nnvm install\n```\n\nWhen upgrading versions of node, we should make sure to use LTS versions. You can find LTS versions on the node website or by using `nvm`.\n\n```shell\nnvm list\n```\n\nThen, pick which `lts/` version to use. Currently, we use `fermium`, so you can run the following:\n\n```shell\nnvm install lts/fermium\n```\n\nWhen upgrading node versions, make sure to update the [Dockerfile](./Dockerfile), the [.nvmrc](./.nvmrc) file, and the CI scripts (i.e. [.github/](./github/)).\n\n#### Install application dependencies\n\n```\ncd dashboard\nnpm install\ncd ..\ncd server\nnpm install\n```\n\n#### Run Pulsar Standalone\n\nUpdate the version to your desired version of Pulsar\n\n```\ndocker run -it -p 6650:6650 -p 8080:8080 --mount source=pulsardata,target=/pulsar/data --mount source=pulsarconf,target=/pulsar/conf apachepulsar/pulsar:2.8. bin/pulsar standalone\n```\n\n#### Run Admin Console in development\n\n1. Configure the Admin Console dashboard. By default the settings expect a Pulsar running standalone mode reachable on localhost. Configuration is controlled by these files:\n\n* config/default.json. This specifies the dashboard global configuration, including the Pulsar URL, cluster name and various other settings.\n* config/local.json. A override file that can be used for development specific settings.\n\n2. Start server.\n\n```\ncd server\nnpm run serve\n```\n\n3. Start the development dashboard server.\n\n```\ncd dashboard\nnpm run serve\n```\n\n4. Connect to the Admin Console dashboard on port 9080. The dashboard server will proxy Pulsar API calls to server which then forwards to the actual Pulsar cluster (local or remote, depending on configuration)\n\n#### Run the standalone console \n```\ncd dashboard\nnpm install\nnpm run serve\n```\n\n#### Run the server\n```\ncd server\nnpm install\nnpm run serve\n```\n\n### Build the standalone console\n```\ncd dashboard\nnpm install\nnpm install -g @vue/cli\nnpm run build-standalone\n```\n","funding_links":[],"categories":["🛠️ Web UIs"],"sub_categories":[],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fdatastax%2Fpulsar-admin-console","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fdatastax%2Fpulsar-admin-console","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fdatastax%2Fpulsar-admin-console/lists"}