Streamvisor Docs
Toggle Dark/Light/Auto mode Toggle Dark/Light/Auto mode Toggle Dark/Light/Auto mode Back to homepage
  1. Streamvisor Docs
  2. /
  3. Installation
  4. /
  5. Configuration

Configuration

For a complete list of configuration properties, please refer to the Configuration Reference.

Configuration properties are parsed when Streamvisor is started.

Upon changing configuration, a restart of Streamvisor is required to apply the changes.

Bootstrapping an admin user

By default, Streamvisor will boostrap an admin user with admin@example.com/streamvisor credentials. You can configure this behavior with the following properties:

STREAMVISOR_BOOTSTRAPADMIN_ENABLE=true
STREAMVISOR_BOOTSTRAPADMIN_EMAIL=admin@example.com
STREAMVISOR_BOOTSTRAPADMIN_PASSWORD=streamvisor

Bootstrapping a Pulsar environment

If you want Streamvisor to bootstrap one or multiple Pulsar environments on startup, you need to add these configuration properties:

STREAMVISOR_ENVIRONMENTS_0_NAME=playground
STREAMVISOR_ENVIRONMENTS_0_SERVICEURL=http://localhost:8080
STREAMVISOR_ENVIRONMENTS_0_BROKERURL=pulsar://localhost:6650

Passing through Pulsar client configuration

The streamvisor.environments[].configuration map accepts the same properties as a regular Apache Pulsar client configuration. Streamvisor passes these values through to the underlying Pulsar client, so this mechanism can be used for timeouts, TLS, authentication, proxy settings and other supported client options.

For the full list of supported properties, refer to the Apache Pulsar client configuration reference.

The TLS and authentication sections below show common examples, but they use this same generic configuration mechanism.

For example, you can further customize the connection configuration by supplying client properties such as:

STREAMVISOR_ENVIRONMENTS_0_CONFIGURATION_CONNECTION_TIMEOUT_MS=11111

TLS Encryption

Because of a bug in Pulsar when TLS is enabled, you will need to set the following property:

# Port must match `webServicePortTls` in Pulsar proxy.conf/broker.conf
STREAMVISOR_PULSAR_CONNECTION_LOOKUPSERVICEPORT_OVERRIDE=8081

If you have TLS encryption enabled on your Pulsar cluster, you will need to configure Streamvisor using the respective properties:

TLS Encryption with PEM 

STREAMVISOR_ENVIRONMENTS_0_CONFIGURATION_TLS_KEY_FILE_PATH=/path/to/tls-certs/client.key-pk8.pem
STREAMVISOR_ENVIRONMENTS_0_CONFIGURATION_TLS_CERTIFICATE_FILE_PATH=/path/to/tls-certs/client.cert.pem
STREAMVISOR_ENVIRONMENTS_0_CONFIGURATION_TLS_TRUST_CERTS_FILE_PATH=/path/to/tls-certs/ca.cert.pem
STREAMVISOR_ENVIRONMENTS_0_CONFIGURATION_TLS_HOSTNAME_VERIFICATION_ENABLE=false
STREAMVISOR_ENVIRONMENTS_0_CONFIGURATION_TLS_ALLOW_INSECURE_CONNECTION=false

TLS Encryption with Keystore 

STREAMVISOR_ENVIRONMENTS_0_CONFIGURATION_USE_KEY_STORE_TLS=true
STREAMVISOR_ENVIRONMENTS_0_CONFIGURATION_TLS_TRUST_STORE_TYPE=JKS
STREAMVISOR_ENVIRONMENTS_0_CONFIGURATION_TLS_TRUST_STORE_PATH=/path/to/keystore/client.truststore.jks
STREAMVISOR_ENVIRONMENTS_0_CONFIGURATION_TLS_TRUST_STORE_PASSWORD=clientpw
STREAMVISOR_ENVIRONMENTS_0_CONFIGURATION_TLS_KEY_STORE_TYPE=JKS
STREAMVISOR_ENVIRONMENTS_0_CONFIGURATION_TLS_KEY_STORE_PATH=/path/to/keystore/client.keystore.jks
STREAMVISOR_ENVIRONMENTS_0_CONFIGURATION_TLS_KEY_STORE_PASSWORD=clientpw
STREAMVISOR_ENVIRONMENTS_0_CONFIGURATION_TLS_HOSTNAME_VERIFICATION_ENABLE=false
STREAMVISOR_ENVIRONMENTS_0_CONFIGURATION_TLS_ALLOW_INSECURE_CONNECTION=false

Authentication

If you have authentication enabled on your Pulsar cluster, you will need to configure Streamvisor using the respective properties:

Token Authentication with JWT 

STREAMVISOR_ENVIRONMENTS_0_CONFIGURATION_AUTH_PLUGIN_CLASS_NAME=org.apache.pulsar.client.impl.auth.AuthenticationToken
STREAMVISOR_ENVIRONMENTS_0_CONFIGURATION_AUTH_PARAMS=token:eyJhbGciOiJIUzI1NiJ9.eyJzdWIiOiJKb2UifQ.ipevRNuRP6HflG8cFKnmUPtypruRC4fb1DWtoLL62SY

mTLS Authentication with PEM 

STREAMVISOR_ENVIRONMENTS_0_CONFIGURATION_AUTH_PLUGIN_CLASS_NAME=org.apache.pulsar.client.impl.auth.AuthenticationTls
STREAMVISOR_ENVIRONMENTS_0_CONFIGURATION_AUTH_PARAMS=tlsCertFile:/path/to/tls-certs/client.cert.pem,tlsKeyFile:/path/to/tls-certs/client.key-pk8.pem

mTLS Authentication with Keystore 

STREAMVISOR_ENVIRONMENTS_0_CONFIGURATION_AUTH_PLUGIN_CLASS_NAME=org.apache.pulsar.client.impl.auth.AuthenticationKeyStoreTls
STREAMVISOR_ENVIRONMENTS_0_CONFIGURATION_AUTH_PARAMS={"keyStoreType":"JKS","keyStorePath":"/path/to/keystore/client.keystore.jks","keyStorePassword":"clientpw"}

Enabling RBAC

If you want to enforce permissions on your Pulsar resources and Streamvisor configurations, you can enable RBAC with the following property:

STREAMVISOR_RBAC_ENABLE=true

Configuring SSO with an OAuth provider

To allow your users to sign in with an SSO provider, you need to add your provider information using the following properties:

STREAMVISOR_SSO_OAUTH_PROVIDERS_KEYCLOAK_CLIENTID=<client ID>
STREAMVISOR_SSO_OAUTH_PROVIDERS_KEYCLOAK_ISSUERURI=http://localhost:7777/realms/master
STREAMVISOR_SSO_OAUTH_PROVIDERS_KEYCLOAK_SCOPES=openid,profile,email

If you also want to activate group mapping, you need to set the following property:

STREAMVISOR_SSO_OAUTH_PROVIDERS_KEYCLOAK_GROUPSCLAIM=roles

Using PostgreSQL for persistence

Streamvisor supports using PostgreSQL instead of the default filesystem storage for persistence. Before configuring Streamvisor, you will have to create a database for it in PostgreSQL:

psql -U postgres -d postgres <<EOF
CREATE DATABASE streamvisor;
EOF

Then configure the connection to PostgreSQL by setting the following properties:

STREAMVISOR_PERSISTENCE_URL=jdbc:postgresql://127.0.0.1:5432/streamvisor
STREAMVISOR_PERSISTENCE_DRIVERCLASSNAME=org.postgresql.Driver
STREAMVISOR_PERSISTENCE_USERNAME=postgres
STREAMVISOR_PERSISTENCE_PASSWORD=postgres

Problems

If you encounter any problems or are unsure how to configure Streamvisor in your specific case, please ask for help in the Streamvisor slack community.