Schema Registry

About the Schema Registry

The Schema Registry provides client applications with the Avro schemas available in a specific tenant.

The Schema Registry is always connected to a single Kafka Broker in the same cluster to allow for clusters to have different tenant/instance isolation patterns.

Enabling required authentication with a client certificate

The Schema Registry has support for authentication with Mutual TLS. In this approach each connection to the SSL endpoint must provide a client certificate signed by a certificate authority trusted in the instance. This is disabled by default, but can be activated per cluster.

See the Deployment page for more information about the different service types, like cluster and instance services.

Using Axual CLI

Add or modify the following configuration in the Schema Registry config file for the tenant instance. The configuration is usually located in platform-config/tenants/{tenant-name}/instances/{instance-name}/schema-registry.sh.

# Disables mTLS for clusters cluster1 and enables it for the cluster2 cluster. These clusters are defined in this config as well
SR_SLAVE_SSL_CLIENT_AUTH=cluster1:false,cluster2:true

Using Axual Helm Charts

Open the values.yaml for your instance and add the following configuration and update

instance:
  schemaregistry:
    tls:
      slave:
        clientAuth: true