Instances

Create the Instance

These steps are used to create an Instance in the Axual Self-Service.

We are writing the steps to create a dta instance using the local cluster created in the previous step.

  1. Open the instances menu and press the Add instance button

    Self-Service Instances Menu

  2. Provide the Instance Details and press the Continue button

    1. Put Dev Test Acceptance as the Name

    2. Put dta as the ShortName

    3. Put DTA Instance as the Description

  3. Press the Select cluster button

    Self-Service Add Instance Details page
    Do not fill the Instance Manager URL field, this field is for older installation. It will be removed in future releases.

  4. Select the local cluster

  5. (Optional) Provide the Confluent Schema Registry Details for this Instance/Cluster

    1. Put http://axual-axual-schema-registry-master:20000/ as the Schema Registry URL

    2. Select Confluent as the Schema Registry Type

    3. Select No Authentication as the Authentication Method

    Self-Service Add Confluent Schema Registry Details page

  6. Verify the Schema Registry details and connectivity by pressing the Verify button

    Self-Service Verify Confluent Schema Registry Details
    If you need to have Apicurio Keycloak support for an Instance/Cluster, first you need to navigate to the Apicurio Keycloak configuration steps before proceeding with the instance configurations here.

  7. Once verified, you can press Add listeners button to add Schema Registry Listeners. This step is optional.

    1. Input TLS as the Protocol

    2. Input http://platform.local:24000 as the URL

    Self-Service Add Schema Registry Listeners
    Schema Registry Listeners is a set of protocol:URL pair for setting various Schema Registry Listeners. They are used by the Kafka Clients to connect to the Schema Registry. You can add more listeners and there are no validation on our side.

  8. You can close the Instance/Cluster modal by pressing the Select Cluster button

  9. You can click on Show full configuration to validate the selected cluster details

    Self-Service View Selected Cluster

  10. You can close the full configuration modal

    Self-Service View Cluster Full Configuration

  11. Enable the Authentication Method for this Instance

    1. Toggle the SSL (MUTUAL TLS)

    2. Upload the Signing CA used to sign your application certificate

  12. Press the Add Instance button

    Self-Service Add Instance Security

Now you have successfully created an Instance in the Self-Service

Self-Service Instance Create

Environment Mapping

This setting allows Tenant Admin to enable or disable mapping environments under an Instance regardless of whether the user is an Environment Author.

When enabled (which is the default), Environment Author can create an environment under that Instance.

When disabled, creation of an environment under that Instance is not allowed regardless of whether the user is an Environment Author.

If Environment Mapping is disabled for Instance 1 then:

  • No user can create a new Environment using Instance 1

  • No user can update an Environment to use Instance 1

  • No user can update an Environment using Instance 1 to use a different Instance

To enable environment mapping for an Instance

  1. Log in as a Tenant Admin

  2. Move to the Instance page

  3. Select the Instance

  4. Click Edit Instance button

  5. Under Governance Settings, click on the Environment Mapping toggle

  6. Click Update Instance button

    Governance Setting Section
You can also enable environment mapping when creating an instance from the Create Instance page.

Granular Stream Browse Permissions For An Instance

Granular stream browse permissions allows Tenant Admin to have an instance level access control over topics configured on all environments mapped to it.

When enabled, all environments in the instance will support granular authorization.

When disabled (which is the default), all environments in the instance have the same authorization for both stream configuration and browse, which means there is no granular browse permission applied over a topic.

To enable granular stream browse permissions for an instance

  1. Log in as a Tenant Admin

  2. Move to the Instance page

  3. Select the Instance

  4. Click Edit Instance button

  5. Under Governance Settings, click on the Enable granular stream browse permissions toggle

  6. Click Update Instance button

    Governance Setting Section
Disabling granular stream browse permissions on an instance that had it enabled leads to deletion of all existing Permission Groups.
You can also enable granular stream browse permissions when creating an instance from the create instance page.

KSML support for an Instance

When KSML is enabled for an Instance, KSML applications can be created in the Instance.

If KSML is enabled, KSML Provisioner URL must be provided. KSML Provisioner URL is the URL of the REST application used to provision KSML applications.

To enable KSML for an instance

  1. Log in as a Tenant Admin

  2. Move to the Instance page

  3. Select the Instance

  4. Click Edit Instance button

  5. Under KSML Support, click on the Enable KSML toggle

  6. Provide KSML Provisioner URL

  7. Click Update Instance button

    Enable Granular Stream Browse Permission

Connect support for an Instance

When Connect is enabled for an Instance, Connect applications can be created in the Instance.

If Connect is enabled, Connect URL must be provided. Connect URL is HTTP URL of the Axual Connect REST API for managing Kafka Connectors. The URL is used to interact with the Axual Connect cluster.

To enable Connect for an instance

  1. Log in as a Tenant Admin

  2. Move to the Instance page

  3. Select the Instance

  4. Click Edit Instance button

  5. Under Connect Support, click on the Enable Connect toggle

  6. Provide Connect URL

  7. Click Update Instance button

    Enable Granular Stream Browse Permission
Please read more about installing connect plugins here: Installing Connect Plugins

Connect logging support for an Instance

When Connect logging is enabled for an Instance, Connect logging can be viewed for an Instance.

If Connect logging is enabled, Connect Certificates must be provided.

To enable Connect logging for an instance

  1. Log in as a Tenant Admin

  2. Move to the Instance page

  3. Select the Instance

  4. Click Edit Instance button

  5. Under Connect Support, click on the Enable Connect toggle

  6. Provide Connect URL

  7. Under Connect Logging, click on the Enable Connect logging toggle

  8. Upload Connect Certificates

  9. Click Update Instance button

    Enable Granular Stream Browse Permission
Please read more about connector logging here: Enabling Connector logging into Kafka

Apicurio’s Keycloak support for an Instance

Apicurio’s Keycloak support is an optional configuration that allows storing Keycloak authentication details for an Instance Cluster. This configuration can only be performed by a Tenant Admin.

To use this feature, ensure the following prerequisites are met:

  1. The Instance Cluster is already configured with an Apicurio Schema Registry.

  2. The authentication method for the Apicurio Schema Registry is not set to No Authentication (i.e., any other authentication option must be selected).

Configure Apicurio Schema Registry for an Instance/Cluster

To configure your Instance with an Apicurio Schema Registry

  1. Log in as a Tenant Admin

  2. Move to the Instance page

  3. Select the Instance

  4. Click the Configure Cluster button to configure the Apicurio Schema Registry Details for this Instance/Cluster

    1. Put https://apicurio.axual.dta.local/apis/registry/v2 as the Schema Registry URL

    2. Select Apicurio as the Schema Registry Type

    3. Select Basic Authentication as the Authentication Method

      1. Put the username used by Platform Manager to authenticate against Apicurio

      2. Put the password used by Platform Manager to authenticate against Apicurio

    4. Verify the Schema Registry details and connectivity by pressing the Verify button

      Self-Service Add Apicurio Schema Registry Details page

  5. You can now press the Save button to update the Instance Cluster

You can follow the steps in Instance Creation to configure additional instance settings before continue with Keycloak configuration.

Configure Apicurio’s Keycloak Details for an Instance/Cluster

  1. Log in as a Tenant Admin

  2. Move to the Instance page

  3. Select the Instance

  4. Click the Configure Cluster button to configure the Apicurio’s Keycloak Details for this Instance/Cluster

  5. At the bottom of the Schema Registry section, there is the Apicurio Keycloak form

    Self-Service Apicurio Keycloak Form

  6. Enter Apicurio Keycloak details

    1. Keycloak URL: Enter the base URL of the Apicurio’s Keycloak server with the /auth prefix (e.g. https://apicurio-keycloak/auth)

    2. Keycloak Master Realm: Specify the name of the master realm. Default value is master

    3. Keycloak Admin Username: Provide the Keycloak administrator username

    4. Keycloak Admin Password: Provide the Keycloak administrator password

    5. Keycloak Admin Client ID: Enter the admin client ID. Default value is admin-cli

    6. Keycloak Apicurio Realm: Specify the name of the Apicurio realm. Default value is apicurio

      Self-Service Configure Apicurio Keycloak
      Currently, to save the Apicurio’s Keycloak details, you will need to provide again the Apicurio Details credentials (username and password)

  7. Click the Save button to apply the Keycloak settings to the selected Instance/Cluster

If you have a Multi-Cluster Instance, you can configure Keycloak details independently for each cluster and choose not to configure Keycloak details for specific clusters.