From 261e3db227b79fe847160d7623c24a65cc5a1394 Mon Sep 17 00:00:00 2001 From: Guangning E Date: Wed, 6 May 2026 09:02:02 +0800 Subject: [PATCH 1/4] fix: Resolve mountPath conflict when OIDC and JWT auth are both enabled Co-Authored-By: Claude Opus 4.7 --- charts/sn-platform-slim/templates/_helpers.tpl | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/charts/sn-platform-slim/templates/_helpers.tpl b/charts/sn-platform-slim/templates/_helpers.tpl index eb2696d82..3ea577c0e 100644 --- a/charts/sn-platform-slim/templates/_helpers.tpl +++ b/charts/sn-platform-slim/templates/_helpers.tpl @@ -345,7 +345,7 @@ Define function for get authenticaiton secret {{- define "pulsar.authSecret" }} {{- if .Values.auth.authentication.enabled }} {{- if and .Values.auth.oauth.enabled .Values.auth.oauth.brokerClientCredentialSecret }} -- mountPath: /mnt/secrets +- mountPath: /mnt/secrets/oauth secretName: "{{ .Values.auth.oauth.brokerClientCredentialSecret }}" {{- end }} {{- if .Values.auth.authentication.jwt.enabled }} From 00c8590262e508afde99744dd0e9c7552351dc41 Mon Sep 17 00:00:00 2001 From: Guangning E Date: Wed, 6 May 2026 09:45:52 +0800 Subject: [PATCH 2/4] fix: Resolve mountPath conflict when OIDC and JWT auth are both enabled Only use /mnt/secrets/oauth for OIDC when JWT is also enabled, so existing deployments that reference file:///mnt/secrets/... in their brokerClientAuthenticationParameters continue to work when JWT is not in use. Co-Authored-By: Claude Opus 4.7 --- charts/sn-platform-slim/templates/_helpers.tpl | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/charts/sn-platform-slim/templates/_helpers.tpl b/charts/sn-platform-slim/templates/_helpers.tpl index 3ea577c0e..9d8d0eb95 100644 --- a/charts/sn-platform-slim/templates/_helpers.tpl +++ b/charts/sn-platform-slim/templates/_helpers.tpl @@ -345,7 +345,11 @@ Define function for get authenticaiton secret {{- define "pulsar.authSecret" }} {{- if .Values.auth.authentication.enabled }} {{- if and .Values.auth.oauth.enabled .Values.auth.oauth.brokerClientCredentialSecret }} +{{- if .Values.auth.authentication.jwt.enabled }} - mountPath: /mnt/secrets/oauth +{{- else }} +- mountPath: /mnt/secrets +{{- end }} secretName: "{{ .Values.auth.oauth.brokerClientCredentialSecret }}" {{- end }} {{- if .Values.auth.authentication.jwt.enabled }} From ae1c55e68f5ca4990062ee999a6609b9646eb6c9 Mon Sep 17 00:00:00 2001 From: Guangning E Date: Wed, 6 May 2026 09:51:14 +0800 Subject: [PATCH 3/4] Fixed value yaml file --- charts/sn-platform-slim/values.yaml | 2 +- charts/sn-platform/values.yaml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/charts/sn-platform-slim/values.yaml b/charts/sn-platform-slim/values.yaml index 588604a22..ce31d7fd1 100644 --- a/charts/sn-platform-slim/values.yaml +++ b/charts/sn-platform-slim/values.yaml @@ -338,7 +338,7 @@ auth: # --from-literal=broker_client_credential.json=$(echo -n '{"client_id":"your-client-id","client_secret":"your-client-secret","issuer_url":"http://your-issuer-url/"}') \ # -n your-namespace # brokerClientCredentialSecret: "my-secret" - # brokerClientAuthenticationParameters: {"privateKey":"file:///mnt/secrets/broker_client_credential.json", "issuerUrl":"https://login.microsoftonline.com/your-tenant-id/v2.0", "audience":"your-audience", "scope":"your-scope"} + # brokerClientAuthenticationParameters: {"privateKey":"file:///mnt/secrets/oauth/broker_client_credential.json", "issuerUrl":"https://login.microsoftonline.com/your-tenant-id/v2.0", "audience":"your-audience", "scope":"your-scope"} authenticationProvider: "io.streamnative.pulsar.broker.authentication.AuthenticationProviderOAuth" authorizationProvider: "io.streamnative.pulsar.broker.authorization.AuthorizationProviderOAuth" diff --git a/charts/sn-platform/values.yaml b/charts/sn-platform/values.yaml index 30dce512b..a550f6ab5 100644 --- a/charts/sn-platform/values.yaml +++ b/charts/sn-platform/values.yaml @@ -398,7 +398,7 @@ auth: # --from-literal=broker_client_credential.json=$(echo -n '{"client_id":"your-client-id","client_secret":"your-client-secret","issuer_url":"http://your-issuer-url/"}') \ # -n your-namespace # brokerClientCredentialSecret: "my-secret" - # brokerClientAuthenticationParameters: {"privateKey":"file:///mnt/secrets/broker_client_credential.json", "issuerUrl":"https://login.microsoftonline.com/your-tenant-id/v2.0", "audience":"your-audience", "scope":"your-scope"} + # brokerClientAuthenticationParameters: {"privateKey":"file:///mnt/secrets/oauth/broker_client_credential.json", "issuerUrl":"https://login.microsoftonline.com/your-tenant-id/v2.0", "audience":"your-audience", "scope":"your-scope"} authenticationProvider: "io.streamnative.pulsar.broker.authentication.AuthenticationProviderOAuth" authorizationProvider: "io.streamnative.pulsar.broker.authorization.AuthorizationProviderOAuth" From 148a90b857da9b16afe399c8ecfef377c86bf8d6 Mon Sep 17 00:00:00 2001 From: Guangning E Date: Wed, 6 May 2026 22:52:50 +0800 Subject: [PATCH 4/4] Fixed --- charts/sn-platform-slim/templates/_helpers.tpl | 4 ---- 1 file changed, 4 deletions(-) diff --git a/charts/sn-platform-slim/templates/_helpers.tpl b/charts/sn-platform-slim/templates/_helpers.tpl index 9d8d0eb95..3ea577c0e 100644 --- a/charts/sn-platform-slim/templates/_helpers.tpl +++ b/charts/sn-platform-slim/templates/_helpers.tpl @@ -345,11 +345,7 @@ Define function for get authenticaiton secret {{- define "pulsar.authSecret" }} {{- if .Values.auth.authentication.enabled }} {{- if and .Values.auth.oauth.enabled .Values.auth.oauth.brokerClientCredentialSecret }} -{{- if .Values.auth.authentication.jwt.enabled }} - mountPath: /mnt/secrets/oauth -{{- else }} -- mountPath: /mnt/secrets -{{- end }} secretName: "{{ .Values.auth.oauth.brokerClientCredentialSecret }}" {{- end }} {{- if .Values.auth.authentication.jwt.enabled }}