Available Configurations

Contents

Rest Proxy Docker Environment Variables

The table below provides a comprehensive overview of the Docker environment variables available for configuring the Rest Proxy container. You can customize the environment variables to match your specific Rest Proxy instance configuration.

Configuration Required Description Default Value

SPRING_CONFIG_ADDITIONALLOCATION

No

Spring additional config location

<no default>

SERVER_SSL_KEY_STORE

Yes

Server key store location

<no default>

SERVER_SSL_TRUST_STORE

Yes

Server trust store location

<no default>

AXUAL_SSL_KEYSTORE_LOCATION

Yes

Client keystore location

<no default>

AXUAL_SSL_TRUSTSTORE_LOCATION

Yes

Client trust store location

<no default>

SERVER_SSL_KEY_STORE_PASSWORD

Yes

Server key store password

<no default>

SERVER_SSL_KEY_PASSWORD

Yes

Server key password

<no default>

SERVER_SSL_TRUST_STORE_PASSWORD

Yes

Server trust store password

<no default>

AXUAL_SSL_KEY_PASSWORD

Yes

Client key password

<no default>

AXUAL_SSL_KEYSTORE_PASSWORD

Yes

Client key store password

<no default>

AXUAL_SSL_TRUSTSTORE_PASSWORD

Yes

Client trust store password

<no default>

LOGGING_LEVEL_ROOT

No

Root logging level

WARN

LOGGING_CONFIG

No

Logging configuration file location

/home/kafka/logback.xml

SERVER_PORT

Yes

Port to be used to connect to Rest-Proxy

18111

SERVER_SSL_ENABLED_PROTOCOLS

Yes

Server SSL Protocol. TLSv1.2 is suggested

TLSv1.2

SERVER_SSL_CIPHERS

No

Sets the allowed SSL/TLS ciphers for the server

<no default>

SERVER_SSL_CLIENT_AUTH

No

Client authentication

want

SECURITY_ENABLED

Yes

Enables or disables security features

true

SECURITY_OPEN_ENDPOINTS

No

Prometheus open endpoints

/actuator/*, /spec/

SECURITY_IMPERSONATORS

No

Impersonators are allowed to call the Proxy on behalf of another application. The certificate DN or chain of DNs must be provided using the X-SSL-Client-DN header

<no default>

SECURITY_SUPERUSERS

No

Superusers are always allowed to impersonate

<no default>

MANAGEMENT_SERVER_PORT

Yes

Management server port

8081

MANAGEMENT_SERVER_SSL_ENABLED

No

Management server SSL enable

false

MANAGEMENT_SECURITY_ENABLED

No

Management security enable

false

MANAGEMENT_ENDPOINTS_WEB_EXPOSURE_INCLUDE

No

Management open endpoints

info,health,prometheus

AXUAL_STATIC_CONFIGURATION_TENANT

No

Static tenant name configuration

<no default>

AXUAL_STATIC_CONFIGURATION_INSTANCE

No

Static instance name configuration

<no default>

AXUAL_STATIC_CONFIGURATION_CLUSTER

No

Static cluster name configuration

<no default>

AXUAL_STATIC_CONFIGURATION_BOOTSTRAP_SERVERS

No

Static bootstrap servers configuration

<no default>

AXUAL_STATIC_CONFIGURATION_SCHEMA_REGISTRY_URL

No

Static Schema Registry URL configuration

<no default>

AXUAL_STATIC_CONFIGURATION_GROUP_ID_RESOLVER

No

Static Group ID Resolver configuration

<no default>

AXUAL_STATIC_CONFIGURATION_GROUP_ID_PATTERN

No

Static Group ID Pattern configuration

<no default>

AXUAL_STATIC_CONFIGURATION_TOPIC_RESOLVER

No

Static Topic Resolver configuration

<no default>

AXUAL_STATIC_CONFIGURATION_TOPIC_PATTERN

No

Static Topic Pattern configuration

<no default>

AXUAL_STATIC_CONFIGURATION_TRANSACTIONAL_ID_RESOLVER

No

Static Transactional ID Resolver configuration

<no default>

AXUAL_STATIC_CONFIGURATION_TRANSACTIONAL_ID_PATTERN

No

Static Transactional ID Pattern configuration

<no default>

AXUAL_STATIC_CONFIGURATION_PRINCIPAL_BUILDER_CLASS

No

Static Principal Builder Class configuration

<no default>

AXUAL_SSL_PROTOCOL

Yes

The security protocol used by Rest proxy

TLSv1.2

AXUAL_SSL_ENABLE_HOSTNAME_VERIFICATION

No

Enables or disables hostname verification for SSL

true

MAX_ADMIN_CLIENT_RETRIES

No

Maximum number of retries an AdminClient will attempt

5`

ADMIN_CLIENT_REQUEST_TIMEOUT_MS

No

Provided to AdminClient on creation as AdminClientConfig.REQUEST_TIMEOUT_MS_CONFIG

2000`

AXUAL_ACL_RETRY_SLEEP

No

Interval (in ms) between AdminClient method call retries

100

AXUAL_CONSUMER_NUMBER_OF_THREADS

No

The number of threads that the server spawns to process messages per consume request

10

AXUAL_AVRO_MAX_SCHEMAS_PER_SUBJECT

No

Serde config: Maximum number of schemas to create or cache locally

100

AXUAL_AVRO_BASIC_AUTH_CREDENTIALS_SOURCE

No

The source of basic authentication credentials for Avro

<no default>

REGISTRY_CLEANUP_INTERVAL

No

Consumer cleanup interval (in ms)

60000

REGISTRY_KEEPALIVE_INTERVAL

No

Active Consumers will call poll() every such interval (in ms) so that they are not marked dead

3000

JMX_ENABLED

No

JMX enabled

false

PROMETHEUS_ENABLED

No

Prometheus enabled

false

PROMETHEUS_PORT

No

Prometheus scrapes the metrics from this port

5555

JMX_PORT

No

Metrics are exposed on this port

5556

Running Axual REST Proxy Docker Container

Prerequisites

Before running the Axual REST Proxy container, make sure you have the following prerequisites in place:

Rest Proxy server currently only supports SSL authentication.

  • Docker installed on your system.

  • Necessary SSL keystore and truststore files available in the specified directory.

Docker Run Command

The following Docker run command starts the REST Proxy container with minimum essential environment variables and volume mounts. Replace [SERVER_KEY_STORE_FILE_NAME], [LOCAL_DIRECTORY_PATH] and other placeholders with your actual information when using this command.

Example:

docker run --rm --name example-rp-container  \
-e SERVER_SSL_KEY_STORE="/etc/keystores/[SERVER_KEY_STORE_FILE_NAME]" \
-e SERVER_SSL_TRUST_STORE="/etc/keystores/[SERVER_TRUST_STORE_FILE_NAME]" \
-e SERVER_SSL_KEY_STORE_PASSWORD='[SERVER_KEY_STORE_PASSWORD]' \
-e SERVER_SSL_KEY_PASSWORD='[SERVER_KEY_PASSWORD]' \
-e SERVER_SSL_TRUST_STORE_PASSWORD='[SERVER_TRUST_STORE_PASSWORD]' \
-e AXUAL_SSL_KEYSTORE_LOCATION="/etc/keystores/[CLIENT_KEY_STORE_FILE_NAME]" \
-e AXUAL_SSL_TRUSTSTORE_LOCATION="/etc/keystores/[CLIENT_TRUST_STORE_FILE_NAME]" \
-e AXUAL_SSL_KEY_PASSWORD='[CLIENT_KEY_PASSWORD]' \
-e AXUAL_SSL_KEYSTORE_PASSWORD='[CLIENT_KEYSTORE_PASSWORD]' \
-e AXUAL_SSL_TRUSTSTORE_PASSWORD='[CLIENT_TRUST_STORE_PASSWORD]' \
-e AXUAL_STATIC_CONFIGURATION_GROUP_ID_PATTERN="{tenant}-{instance}-{environment}-{group}" \
-e AXUAL_STATIC_CONFIGURATION_BOOTSTRAP_SERVERS='platform.local:31757' \
-e AXUAL_STATIC_CONFIGURATION_SCHEMA_REGISTRY_URL='https://platform.local:25000' \
-e AXUAL_STATIC_CONFIGURATION_PRINCIPAL_BUILDER_CLASS='io.axual.security.principal.AdvancedAclPrincipalBuilder' \
-e AXUAL_STATIC_CONFIGURATION_TOPIC_PATTERN="{tenant}-{instance}-{environment}-{topic}" \
-v [LOCAL_DIRECTORY_PATH]:/etc/keystores \
[IMAGE_REGISTRY]/axual/rest-proxy:[IMAGE_TAG]

-v [LOCAL_DIRECTORY_PATH]:/etc/keystores: Mounts the local directory containing SSL keystore and truststore files into the container’s /etc/keystores directory.

axual/rest-proxy:[IMAGE_TAG]: Specifies the Docker image to run.

Custom Producer/Consumer Configurations

In some cases the Producers/Consumers require specific configurations that work best on your cluster. It is possible to configure those for all such instantiated objects in one place so that their performance is fine-tuned to for your needs.

To override such configuration, you have to pass the environment variable in the format <prefix><kafka_configuration>=value. Where <prefix> is replaced by either AXUAL_PRODUCER_CONFIG_ or AXUAL_CONSUMER_CONFIG_ and kafka_configuration is one of Producer or Consumer configuration with the words capitalized and . are replaced by -.

Example:

# Rest-Proxy Dynamic Producer Config
-e AXUAL_PRODUCER_CONFIG_ACKS='all' \
-e AXUAL_PRODUCER_CONFIG_BATCH-SIZE='16384' \
-e AXUAL_PRODUCER_CONFIG_METADATA-MAX-AGE-MS='180000' \
-e AXUAL_PRODUCER_CONFIG_METADATA-MAX-IDLE-MS='180000' \
-e AXUAL_PRODUCER_CONFIG_REQUEST-TIMEOUT-MS='15000' \
-e AXUAL_PRODUCER_CONFIG_RETRIES='1' \
-e AXUAL_PRODUCER_CONFIG_MAX-BLOCK-MS='15000' \
-e AXUAL_PRODUCER_CONFIG_LINGER-MS='50' \
-e AXUAL_PRODUCER_CONFIG_MAX-IN-FLIGHT-REQUESTS-PER-CONNECTION='10' \
-e AXUAL_PRODUCER_CONFIG_RECEIVE-BUFFER-BYTES='131072' \
-e AXUAL_PRODUCER_CONFIG_SEND-BUFFER-BYTES='32768' \
....

# Rest-Proxy Dynamic Consumer Config
-e AXUAL_CONSUMER_CONFIG_METADATA-MAX-AGE-MS='180000' \
-e AXUAL_CONSUMER_CONFIG_MAX-PARTITION-FETCH-BYTES='15000' \

Static Kafka and Schema Registry Configuration

Rest Proxy can only be configured with static configuration mode.

Configuration Required / Optional Description Default Value

config-mode

Required

Configuration via static

static

staticConfig:

Required if config-mode is static

Static configuration for the Rest Proxy

<no default>

When running the Rest Proxy container in static configuration mode, the static environment variables are required to define the static configuration:

Below an example of a static configuration:

# ... Static configuration variables
-e AXUAL_STATIC_CONFIGURATION_TENANT='axual' \
-e AXUAL_STATIC_CONFIGURATION_INSTANCE='local' \
-e AXUAL_STATIC_CONFIGURATION_CLUSTER='local' \
-e AXUAL_STATIC_CONFIGURATION_BOOTSTRAP_SERVERS='platform.local:31757' \
-e AXUAL_STATIC_CONFIGURATION_SCHEMA_REGISTRY_URL='https://platform.local:25000' \
-e AXUAL_STATIC_CONFIGURATION_GROUP_ID_RESOLVER='io.axual.common.resolver.GroupPatternResolver' \
-e AXUAL_STATIC_CONFIGURATION_GROUP_ID_PATTERN="{tenant}-{instance}-{environment}-{group}" \
-e AXUAL_STATIC_CONFIGURATION_TOPIC_RESOLVER='io.axual.common.resolver.TopicPatternResolver' \
-e AXUAL_STATIC_CONFIGURATION_TOPIC_PATTERN="{tenant}-{instance}-{environment}-{topic}" \
-e AXUAL_STATIC_CONFIGURATION_TRANSACTIONAL_ID_RESOLVER='io.axual.common.resolver.TransactionalIdPatternResolver' \
-e AXUAL_STATIC_CONFIGURATION_TRANSACTIONAL_ID_PATTERN="{tenant}-{instance}-{environment}-{transactional.id}" \
-e AXUAL_STATIC_CONFIGURATION_PRINCIPAL_BUILDER_CLASS='io.axual.security.principal.AdvancedAclPrincipalBuilder' \

Monitoring Configuration

These environment variables allow you to configure monitoring and metrics-related settings for the Rest Proxy container:

# Monitoring configuration
-e JMX_ENABLED=true \
-e PROMETHEUS_ENABLED=true \
-e PROMETHEUS_PORT=5555 \ # You can specify your desired port
-e JMX_PORT=5556 \ # You can specify your desired port