Available Configurations
Contents
Rest Proxy Docker Environment Variables
The table below provides a comprehensive overview of the Docker environment variables available for configuring the Rest Proxy container. You can customize the environment variables to match your specific Rest Proxy instance configuration.
| Configuration | Required | Description | Default Value |
|---|---|---|---|
|
No |
Spring additional config location |
|
|
Yes |
Server key store location |
|
|
Yes |
Server trust store location |
|
|
Yes |
Client keystore location |
|
|
Yes |
Client trust store location |
|
|
Yes |
Server key store password |
|
|
Yes |
Server key password |
|
|
Yes |
Server trust store password |
|
|
Yes |
Client key password |
|
|
Yes |
Client key store password |
|
|
Yes |
Client trust store password |
|
|
No |
Root logging level |
|
|
No |
Logging configuration file location |
|
|
Yes |
Port to be used to connect to Rest-Proxy |
|
|
Yes |
Server SSL Protocol. TLSv1.2 is suggested |
|
|
No |
Sets the allowed SSL/TLS ciphers for the server |
|
|
No |
Client authentication |
|
|
Yes |
Enables or disables security features |
|
|
No |
Prometheus open endpoints |
|
|
No |
Impersonators are allowed to call the Proxy on behalf of another application. The certificate DN or chain of DNs must be provided using the X-SSL-Client-DN header |
|
|
No |
Superusers are always allowed to impersonate |
|
|
Yes |
Management server port |
|
|
No |
Management server SSL enable |
|
|
No |
Management security enable |
|
|
No |
Management open endpoints |
|
|
No |
Static tenant name configuration |
|
|
No |
Static instance name configuration |
|
|
No |
Static cluster name configuration |
|
|
No |
Static bootstrap servers configuration |
|
|
No |
Static Schema Registry URL configuration |
|
|
No |
Static Group ID Resolver configuration |
|
|
No |
Static Group ID Pattern configuration |
|
|
No |
Static Topic Resolver configuration |
|
|
No |
Static Topic Pattern configuration |
|
|
No |
Static Transactional ID Resolver configuration |
|
|
No |
Static Transactional ID Pattern configuration |
|
|
No |
Static Principal Builder Class configuration |
|
|
Yes |
The security protocol used by Rest proxy |
|
|
No |
Enables or disables hostname verification for SSL |
|
|
No |
Maximum number of retries an AdminClient will attempt |
|
|
No |
Provided to AdminClient on creation as |
|
|
No |
Interval (in ms) between AdminClient method call retries |
|
|
No |
The number of threads that the server spawns to process messages per consume request |
|
|
No |
Serde config: Maximum number of schemas to create or cache locally |
|
|
No |
The source of basic authentication credentials for Avro |
|
|
No |
Consumer cleanup interval (in ms) |
|
|
No |
Active Consumers will call poll() every such interval (in ms) so that they are not marked dead |
|
|
No |
JMX enabled |
|
|
No |
Prometheus enabled |
|
|
No |
Prometheus scrapes the metrics from this port |
|
|
No |
Metrics are exposed on this port |
|
Prerequisites
Before running the Axual REST Proxy container, make sure you have the following prerequisites in place:
|
Rest Proxy server currently only supports SSL authentication. |
-
Docker installed on your system.
-
Necessary SSL keystore and truststore files available in the specified directory.
Docker Run Command
The following Docker run command starts the REST Proxy container with minimum essential environment variables and volume mounts. Replace [SERVER_KEY_STORE_FILE_NAME], [LOCAL_DIRECTORY_PATH] and other placeholders with your actual information when using this command.
Example:
docker run --rm --name example-rp-container \
-e SERVER_SSL_KEY_STORE="/etc/keystores/[SERVER_KEY_STORE_FILE_NAME]" \
-e SERVER_SSL_TRUST_STORE="/etc/keystores/[SERVER_TRUST_STORE_FILE_NAME]" \
-e SERVER_SSL_KEY_STORE_PASSWORD='[SERVER_KEY_STORE_PASSWORD]' \
-e SERVER_SSL_KEY_PASSWORD='[SERVER_KEY_PASSWORD]' \
-e SERVER_SSL_TRUST_STORE_PASSWORD='[SERVER_TRUST_STORE_PASSWORD]' \
-e AXUAL_SSL_KEYSTORE_LOCATION="/etc/keystores/[CLIENT_KEY_STORE_FILE_NAME]" \
-e AXUAL_SSL_TRUSTSTORE_LOCATION="/etc/keystores/[CLIENT_TRUST_STORE_FILE_NAME]" \
-e AXUAL_SSL_KEY_PASSWORD='[CLIENT_KEY_PASSWORD]' \
-e AXUAL_SSL_KEYSTORE_PASSWORD='[CLIENT_KEYSTORE_PASSWORD]' \
-e AXUAL_SSL_TRUSTSTORE_PASSWORD='[CLIENT_TRUST_STORE_PASSWORD]' \
-e AXUAL_STATIC_CONFIGURATION_GROUP_ID_PATTERN="{tenant}-{instance}-{environment}-{group}" \
-e AXUAL_STATIC_CONFIGURATION_BOOTSTRAP_SERVERS='platform.local:31757' \
-e AXUAL_STATIC_CONFIGURATION_SCHEMA_REGISTRY_URL='https://platform.local:25000' \
-e AXUAL_STATIC_CONFIGURATION_PRINCIPAL_BUILDER_CLASS='io.axual.security.principal.AdvancedAclPrincipalBuilder' \
-e AXUAL_STATIC_CONFIGURATION_TOPIC_PATTERN="{tenant}-{instance}-{environment}-{topic}" \
-v [LOCAL_DIRECTORY_PATH]:/etc/keystores \
[IMAGE_REGISTRY]/axual/rest-proxy:[IMAGE_TAG]|
-v [LOCAL_DIRECTORY_PATH]:/etc/keystores: Mounts the local directory containing SSL keystore and truststore files into the container’s /etc/keystores directory. axual/rest-proxy:[IMAGE_TAG]: Specifies the Docker image to run. |
Custom Producer/Consumer Configurations
In some cases the Producers/Consumers require specific configurations that work best on your cluster. It is possible to configure those for all such instantiated objects in one place so that their performance is fine-tuned to for your needs.
To override such configuration, you have to pass the environment variable in the format <prefix><kafka_configuration>=value.
Where <prefix> is replaced by either AXUAL_PRODUCER_CONFIG_ or AXUAL_CONSUMER_CONFIG_ and kafka_configuration is one of Producer or Consumer configuration with the words capitalized and . are replaced by -.
Example:
# Rest-Proxy Dynamic Producer Config
-e AXUAL_PRODUCER_CONFIG_ACKS='all' \
-e AXUAL_PRODUCER_CONFIG_BATCH-SIZE='16384' \
-e AXUAL_PRODUCER_CONFIG_METADATA-MAX-AGE-MS='180000' \
-e AXUAL_PRODUCER_CONFIG_METADATA-MAX-IDLE-MS='180000' \
-e AXUAL_PRODUCER_CONFIG_REQUEST-TIMEOUT-MS='15000' \
-e AXUAL_PRODUCER_CONFIG_RETRIES='1' \
-e AXUAL_PRODUCER_CONFIG_MAX-BLOCK-MS='15000' \
-e AXUAL_PRODUCER_CONFIG_LINGER-MS='50' \
-e AXUAL_PRODUCER_CONFIG_MAX-IN-FLIGHT-REQUESTS-PER-CONNECTION='10' \
-e AXUAL_PRODUCER_CONFIG_RECEIVE-BUFFER-BYTES='131072' \
-e AXUAL_PRODUCER_CONFIG_SEND-BUFFER-BYTES='32768' \
....
# Rest-Proxy Dynamic Consumer Config
-e AXUAL_CONSUMER_CONFIG_METADATA-MAX-AGE-MS='180000' \
-e AXUAL_CONSUMER_CONFIG_MAX-PARTITION-FETCH-BYTES='15000' \Static Kafka and Schema Registry Configuration
Rest Proxy can only be configured with static configuration mode.
| Configuration | Required / Optional | Description | Default Value |
|---|---|---|---|
|
Required |
Configuration via |
|
|
Required if |
Static configuration for the Rest Proxy |
|
When running the Rest Proxy container in static configuration mode, the static environment variables are required to define the static configuration:
Below an example of a static configuration:
# ... Static configuration variables
-e AXUAL_STATIC_CONFIGURATION_TENANT='axual' \
-e AXUAL_STATIC_CONFIGURATION_INSTANCE='local' \
-e AXUAL_STATIC_CONFIGURATION_CLUSTER='local' \
-e AXUAL_STATIC_CONFIGURATION_BOOTSTRAP_SERVERS='platform.local:31757' \
-e AXUAL_STATIC_CONFIGURATION_SCHEMA_REGISTRY_URL='https://platform.local:25000' \
-e AXUAL_STATIC_CONFIGURATION_GROUP_ID_RESOLVER='io.axual.common.resolver.GroupPatternResolver' \
-e AXUAL_STATIC_CONFIGURATION_GROUP_ID_PATTERN="{tenant}-{instance}-{environment}-{group}" \
-e AXUAL_STATIC_CONFIGURATION_TOPIC_RESOLVER='io.axual.common.resolver.TopicPatternResolver' \
-e AXUAL_STATIC_CONFIGURATION_TOPIC_PATTERN="{tenant}-{instance}-{environment}-{topic}" \
-e AXUAL_STATIC_CONFIGURATION_TRANSACTIONAL_ID_RESOLVER='io.axual.common.resolver.TransactionalIdPatternResolver' \
-e AXUAL_STATIC_CONFIGURATION_TRANSACTIONAL_ID_PATTERN="{tenant}-{instance}-{environment}-{transactional.id}" \
-e AXUAL_STATIC_CONFIGURATION_PRINCIPAL_BUILDER_CLASS='io.axual.security.principal.AdvancedAclPrincipalBuilder' \Monitoring Configuration
These environment variables allow you to configure monitoring and metrics-related settings for the Rest Proxy container:
# Monitoring configuration
-e JMX_ENABLED=true \
-e PROMETHEUS_ENABLED=true \
-e PROMETHEUS_PORT=5555 \ # You can specify your desired port
-e JMX_PORT=5556 \ # You can specify your desired port