From 76ac74402d6836c1ba63d8d3198f03010ce00684 Mon Sep 17 00:00:00 2001
From: Guangning E <guangning@streamnative.io>
Date: Mon, 11 May 2026 15:09:47 +0800
Subject: [PATCH 1/3] fix: Rename OAuth secret mountPath from
 /mnt/secrets/oauth to /mnt/secret-oauth

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
---
 charts/sn-platform-slim/templates/_helpers.tpl | 2 +-
 charts/sn-platform-slim/values.yaml            | 4 ++--
 charts/sn-platform/templates/_helpers.tpl      | 2 +-
 charts/sn-platform/values.yaml                 | 2 +-
 4 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/charts/sn-platform-slim/templates/_helpers.tpl b/charts/sn-platform-slim/templates/_helpers.tpl
index 3ea577c0e..79ffa9357 100644
--- a/charts/sn-platform-slim/templates/_helpers.tpl
+++ b/charts/sn-platform-slim/templates/_helpers.tpl
@@ -345,7 +345,7 @@ Define function for get authenticaiton secret
 {{- define "pulsar.authSecret" }}
 {{- if .Values.auth.authentication.enabled }}
 {{- if and .Values.auth.oauth.enabled .Values.auth.oauth.brokerClientCredentialSecret }}
-- mountPath: /mnt/secrets/oauth
+- mountPath: /mnt/secret-oauth
   secretName: "{{ .Values.auth.oauth.brokerClientCredentialSecret }}"
 {{- end }}
 {{- if .Values.auth.authentication.jwt.enabled }}
diff --git a/charts/sn-platform-slim/values.yaml b/charts/sn-platform-slim/values.yaml
index ce31d7fd1..f49be6d53 100644
--- a/charts/sn-platform-slim/values.yaml
+++ b/charts/sn-platform-slim/values.yaml
@@ -338,7 +338,7 @@ auth:
     # --from-literal=broker_client_credential.json=$(echo -n '{"client_id":"your-client-id","client_secret":"your-client-secret","issuer_url":"http://your-issuer-url/"}') \
     # -n your-namespace
     # brokerClientCredentialSecret: "my-secret"
-    # brokerClientAuthenticationParameters: {"privateKey":"file:///mnt/secrets/oauth/broker_client_credential.json", "issuerUrl":"https://login.microsoftonline.com/your-tenant-id/v2.0", "audience":"your-audience", "scope":"your-scope"}
+    # brokerClientAuthenticationParameters: {"privateKey":"file:///mnt/secret-oauth/broker_client_credential.json", "issuerUrl":"https://login.microsoftonline.com/your-tenant-id/v2.0", "audience":"your-audience", "scope":"your-scope"}
     authenticationProvider: "io.streamnative.pulsar.broker.authentication.AuthenticationProviderOAuth"
     authorizationProvider: "io.streamnative.pulsar.broker.authorization.AuthorizationProviderOAuth"
 
@@ -1249,7 +1249,7 @@ broker:
   # When enabled (true), the sn-operator will auto-create PDBs with default constraints.
   # Disable (false) if you need to manually manage PDBs for fine-grained control.
   pdb:
-    autoCreate: true
+    autoCreate: false
   labels: {}
   annotations: {}
   tolerations: []
diff --git a/charts/sn-platform/templates/_helpers.tpl b/charts/sn-platform/templates/_helpers.tpl
index b75497501..302f441b2 100644
--- a/charts/sn-platform/templates/_helpers.tpl
+++ b/charts/sn-platform/templates/_helpers.tpl
@@ -369,7 +369,7 @@ Define function for get authenticaiton secret
 {{- define "pulsar.authSecret" }}
 {{- if .Values.auth.authentication.enabled }}
 {{- if and .Values.auth.oauth.enabled .Values.auth.oauth.brokerClientCredentialSecret }}
-- mountPath: /mnt/secrets/oauth
+- mountPath: /mnt/secret-oauth
   secretName: "{{ .Values.auth.oauth.brokerClientCredentialSecret }}"
 {{- end }}
 {{- if and .Values.auth.vault.enabled (or .Values.broker.readPublicKeyFromFile .Values.proxy.readPublicKeyFromFile) }}
diff --git a/charts/sn-platform/values.yaml b/charts/sn-platform/values.yaml
index a550f6ab5..0cf607acf 100644
--- a/charts/sn-platform/values.yaml
+++ b/charts/sn-platform/values.yaml
@@ -398,7 +398,7 @@ auth:
     # --from-literal=broker_client_credential.json=$(echo -n '{"client_id":"your-client-id","client_secret":"your-client-secret","issuer_url":"http://your-issuer-url/"}') \
     # -n your-namespace
     # brokerClientCredentialSecret: "my-secret"
-    # brokerClientAuthenticationParameters: {"privateKey":"file:///mnt/secrets/oauth/broker_client_credential.json", "issuerUrl":"https://login.microsoftonline.com/your-tenant-id/v2.0", "audience":"your-audience", "scope":"your-scope"}
+    # brokerClientAuthenticationParameters: {"privateKey":"file:///mnt/secret-oauth/broker_client_credential.json", "issuerUrl":"https://login.microsoftonline.com/your-tenant-id/v2.0", "audience":"your-audience", "scope":"your-scope"}
     authenticationProvider: "io.streamnative.pulsar.broker.authentication.AuthenticationProviderOAuth"
     authorizationProvider: "io.streamnative.pulsar.broker.authorization.AuthorizationProviderOAuth"
 

From 4739fc802dc9ba971a8e7dc0df8fa822a6e35237 Mon Sep 17 00:00:00 2001
From: Guangning E <guangning@streamnative.io>
Date: Mon, 11 May 2026 15:13:46 +0800
Subject: [PATCH 2/3] fix: Rename OAuth secret mountPath from /mnt/secret-oauth
 to /mnt/secrets-oauth

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
---
 charts/sn-platform-slim/templates/_helpers.tpl | 2 +-
 charts/sn-platform-slim/values.yaml            | 2 +-
 charts/sn-platform/templates/_helpers.tpl      | 2 +-
 charts/sn-platform/values.yaml                 | 2 +-
 4 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/charts/sn-platform-slim/templates/_helpers.tpl b/charts/sn-platform-slim/templates/_helpers.tpl
index 79ffa9357..b537d8374 100644
--- a/charts/sn-platform-slim/templates/_helpers.tpl
+++ b/charts/sn-platform-slim/templates/_helpers.tpl
@@ -345,7 +345,7 @@ Define function for get authenticaiton secret
 {{- define "pulsar.authSecret" }}
 {{- if .Values.auth.authentication.enabled }}
 {{- if and .Values.auth.oauth.enabled .Values.auth.oauth.brokerClientCredentialSecret }}
-- mountPath: /mnt/secret-oauth
+- mountPath: /mnt/secrets-oauth
   secretName: "{{ .Values.auth.oauth.brokerClientCredentialSecret }}"
 {{- end }}
 {{- if .Values.auth.authentication.jwt.enabled }}
diff --git a/charts/sn-platform-slim/values.yaml b/charts/sn-platform-slim/values.yaml
index f49be6d53..51706c2b9 100644
--- a/charts/sn-platform-slim/values.yaml
+++ b/charts/sn-platform-slim/values.yaml
@@ -338,7 +338,7 @@ auth:
     # --from-literal=broker_client_credential.json=$(echo -n '{"client_id":"your-client-id","client_secret":"your-client-secret","issuer_url":"http://your-issuer-url/"}') \
     # -n your-namespace
     # brokerClientCredentialSecret: "my-secret"
-    # brokerClientAuthenticationParameters: {"privateKey":"file:///mnt/secret-oauth/broker_client_credential.json", "issuerUrl":"https://login.microsoftonline.com/your-tenant-id/v2.0", "audience":"your-audience", "scope":"your-scope"}
+    # brokerClientAuthenticationParameters: {"privateKey":"file:///mnt/secrets-oauth/broker_client_credential.json", "issuerUrl":"https://login.microsoftonline.com/your-tenant-id/v2.0", "audience":"your-audience", "scope":"your-scope"}
     authenticationProvider: "io.streamnative.pulsar.broker.authentication.AuthenticationProviderOAuth"
     authorizationProvider: "io.streamnative.pulsar.broker.authorization.AuthorizationProviderOAuth"
 
diff --git a/charts/sn-platform/templates/_helpers.tpl b/charts/sn-platform/templates/_helpers.tpl
index 302f441b2..85552cb19 100644
--- a/charts/sn-platform/templates/_helpers.tpl
+++ b/charts/sn-platform/templates/_helpers.tpl
@@ -369,7 +369,7 @@ Define function for get authenticaiton secret
 {{- define "pulsar.authSecret" }}
 {{- if .Values.auth.authentication.enabled }}
 {{- if and .Values.auth.oauth.enabled .Values.auth.oauth.brokerClientCredentialSecret }}
-- mountPath: /mnt/secret-oauth
+- mountPath: /mnt/secrets-oauth
   secretName: "{{ .Values.auth.oauth.brokerClientCredentialSecret }}"
 {{- end }}
 {{- if and .Values.auth.vault.enabled (or .Values.broker.readPublicKeyFromFile .Values.proxy.readPublicKeyFromFile) }}
diff --git a/charts/sn-platform/values.yaml b/charts/sn-platform/values.yaml
index 0cf607acf..c5976a101 100644
--- a/charts/sn-platform/values.yaml
+++ b/charts/sn-platform/values.yaml
@@ -398,7 +398,7 @@ auth:
     # --from-literal=broker_client_credential.json=$(echo -n '{"client_id":"your-client-id","client_secret":"your-client-secret","issuer_url":"http://your-issuer-url/"}') \
     # -n your-namespace
     # brokerClientCredentialSecret: "my-secret"
-    # brokerClientAuthenticationParameters: {"privateKey":"file:///mnt/secret-oauth/broker_client_credential.json", "issuerUrl":"https://login.microsoftonline.com/your-tenant-id/v2.0", "audience":"your-audience", "scope":"your-scope"}
+    # brokerClientAuthenticationParameters: {"privateKey":"file:///mnt/secrets-oauth/broker_client_credential.json", "issuerUrl":"https://login.microsoftonline.com/your-tenant-id/v2.0", "audience":"your-audience", "scope":"your-scope"}
     authenticationProvider: "io.streamnative.pulsar.broker.authentication.AuthenticationProviderOAuth"
     authorizationProvider: "io.streamnative.pulsar.broker.authorization.AuthorizationProviderOAuth"
 

From 16e03d09b4423acd4782b8a3c51d32b0e74734b1 Mon Sep 17 00:00:00 2001
From: Guangning E <guangning@streamnative.io>
Date: Mon, 11 May 2026 15:18:31 +0800
Subject: [PATCH 3/3] Revert default value

---
 charts/sn-platform-slim/values.yaml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/charts/sn-platform-slim/values.yaml b/charts/sn-platform-slim/values.yaml
index 51706c2b9..1f1464dae 100644
--- a/charts/sn-platform-slim/values.yaml
+++ b/charts/sn-platform-slim/values.yaml
@@ -1249,7 +1249,7 @@ broker:
   # When enabled (true), the sn-operator will auto-create PDBs with default constraints.
   # Disable (false) if you need to manually manage PDBs for fine-grained control.
   pdb:
-    autoCreate: false
+    autoCreate: true
   labels: {}
   annotations: {}
   tolerations: []