Installing Apicurio Registry storage on OpenShift

Installing Strimzi from the OpenShift OperatorHub

If you do not already have Strimzi installed, you can install the Strimzi Operator on your OpenShift cluster from the OperatorHub. The OperatorHub is available from the OpenShift Container Platform web console and provides an interface for cluster administrators to discover and install Operators. For more details, see Understanding OperatorHub.

Prerequisites
  • You must have cluster administrator access to an OpenShift cluster

Procedure
  1. In the OpenShift Container Platform web console, log in using an account with cluster administrator privileges.

  2. Change to the OpenShift project in which you want to install Strimzi. For example, from the Project drop-down, select my-project.

  3. In the left navigation menu, click Operators and then OperatorHub.

  4. In the Filter by keyword text box, enter Strimzi to find the Strimzi Operator.

  5. Read the information about the Operator, and click Install to display the Operator subscription page.

  6. Select your subscription settings, for example:

    • Update Channel and then stable

    • Installation Mode: Select one of the following:

      • All namespaces on the cluster (default)

      • A specific namespace on the cluster > my-project

    • Approval Strategy: Select Automatic or Manual

  7. Click Install, and wait a few moments until the Operator is ready for use.

Configuring Apicurio Registry with Kafka storage on OpenShift

This section explains how to configure Kafka-based storage for Apicurio Registry using Strimzi on OpenShift. The kafkasql storage option uses Kafka storage with an in-memory H2 database for caching. This storage option is suitable for production environments when persistent storage is configured for the Kafka cluster on OpenShift.

You can install Apicurio Registry in an existing Kafka cluster or create a new Kafka cluster, depending on your environment.

Prerequisites
Procedure
  1. In the OpenShift Container Platform web console, log in using an account with cluster administrator privileges.

  2. If you do not already have a Kafka cluster configured, create a new Kafka cluster using Strimzi. For example, in the OpenShift OperatorHub:

    1. Click Installed Operators and then Strimzi.

    2. Under Provided APIs and then Kafka, click Create Instance to create a new Kafka cluster.

    3. Edit the custom resource definition as appropriate, and click Create.

      The default example creates a cluster with 3 Zookeeper nodes and 3 Kafka nodes with ephemeral storage. This temporary storage is suitable for development and testing only, and not for production. For more details, see Deploying and Managing AMQ Streams on OpenShift.
  3. After the cluster is ready, click Provided APIs > Kafka > my-cluster > YAML.

  4. In the status block, make a copy of the bootstrapServers value, which you will use later to deploy Apicurio Registry. For example:

    status:
      ...
      conditions:
      ...
      listeners:
        - addresses:
            - host: my-cluster-kafka-bootstrap.my-project.svc
              port: 9092
          bootstrapServers: 'my-cluster-kafka-bootstrap.my-project.svc:9092'
          type: plain
      ...
  5. Click Installed Operators > Service Registry > ApicurioRegistry > Create ApicurioRegistry.

  6. Paste in the following custom resource definition, but use your bootstrapServers value that you copied earlier:

    apiVersion: registry.apicur.io/v1
    kind: ApicurioRegistry
    metadata:
      name: example-apicurioregistry-kafkasql
    spec:
      configuration:
        persistence: 'kafkasql'
        kafkasql:
          bootstrapServers: 'my-cluster-kafka-bootstrap.my-project.svc:9092'
  7. Click Create and wait for the Apicurio Registry route to be created on OpenShift.

  8. Click Networking > Route to access the new route for the Apicurio Registry web console. For example:

    http://example-apicurioregistry-kafkasql.my-project.my-domain-name.com/
  9. To configure the Kafka topic that Apicurio Registry uses to store data, click Installed Operators > Strimzi > Provided APIs > Kafka Topic > kafkasql-journal > YAML. For example:

    apiVersion: kafka.strimzi.io/v1beta2
    kind: KafkaTopic
    metadata:
      name: kafkasql-journal
      labels:
        strimzi.io/cluster: my-cluster
      namespace: ...
    spec:
      partitions: 3
      replicas: 3
      config:
        cleanup.policy: compact
    You must configure the Kafka topic used by Apicurio Registry (named kafkasql-journal by default) with a compaction cleanup policy, otherwise a data loss might occur.
Additional resources

Kafka topic name configuration

The default Kafka topic name that Apicurio Registry uses to store data is kafkasql-journal. This topic is created automatically by Apicurio Registry. However, you can override this behavior or the default topic name by setting the appropriate environment variable or Java system property:

Table 1. Kafka topic name configuration
Environment variable Java system property Default value

APICURIO_KAFKASQL_TOPIC

apicurio.kafkasql.topic

kafkasql-journal

APICURIO_KAFKASQL_TOPIC_AUTO_CREATE

apicurio.kafkasql.topic.auto-create

true

Configuring OAuth authentication for Kafka storage

When using Kafka-based storage in Strimzi, Apicurio Registry supports accessing a Kafka cluster that requires OAuth authentication. To enable this support, you must to set some environment variables in your Apicurio Registry deployment.

When you set these environment variables, the Kafka producer and consumer applications in Apicurio Registry will use this configuration to authenticate to the Kafka cluster over OAuth.

Prerequisites
Procedure
  • Set the following environment variables in your Apicurio Registry deployment:

    Environment variable Description Default value

    APICURIO_KAFKASQL_SECURITY_SASL_ENABLED

    Enables SASL OAuth authentication for Apicurio Registry storage in Kafka. You must set this variable to true for the other variables to have effect.

    false

    APICURIO_KAFKASQL_SECURITY_SASL_CLIENT_IDapicurio.kafkasql.security.sasl.client-id

    The client ID used to authenticate to Kafka.

    -

    APICURIO_KAFKASQL_SECURITY_SASL_CLIENT_SECRET

    The client secret used to authenticate to Kafka.

    -

    APICURIO_KAFKASQL_SECURITY_SASL_TOKEN_ENDPOINT

    The URL of the OAuth identity server.

    http://localhost:8090

Additional resources

Installing a PostgreSQL database from the OpenShift OperatorHub

If you do not already have a PostgreSQL database Operator installed, you can install a PostgreSQL Operator on your OpenShift cluster from the OperatorHub. The OperatorHub is available from the OpenShift Container Platform web console and provides an interface for cluster administrators to discover and install Operators. For more details, see Understanding OperatorHub.

Prerequisites
  • You must have cluster administrator access to an OpenShift cluster.

Procedure
  1. In the OpenShift Container Platform web console, log in using an account with cluster administrator privileges.

  2. Change to the OpenShift project in which you want to install the PostgreSQL Operator. For example, from the Project drop-down, select my-project.

  3. In the left navigation menu, click Operators and then OperatorHub.

  4. In the Filter by keyword text box, enter PostgreSQL to find an Operator suitable for your environment, for example, Crunchy PostgreSQL for OpenShift.

  5. Read the information about the Operator, and click Install to display the Operator subscription page.

  6. Select your subscription settings, for example:

    • Update Channel: stable

    • Installation Mode: A specific namespace on the cluster and then my-project

    • Approval Strategy: Select Automatic or Manual

  7. Click Install, and wait a few moments until the Operator is ready for use.

    You must read the documentation from your chosen PostgreSQL Operator for details on how to create and manage your database.

Configuring Apicurio Registry with PostgreSQL database storage on OpenShift

This section explains how to configure storage for Apicurio Registry on OpenShift using a PostgreSQL database Operator. You can install Apicurio Registry in an existing database or create a new database, depending on your environment. This section shows a simple example using the PostgreSQL Operator by Dev4Ddevs.com.

Prerequisites
Procedure
  1. In the OpenShift Container Platform web console, log in using an account with cluster administrator privileges.

  2. Change to the OpenShift project in which Apicurio Registry and your PostgreSQL Operator are installed. For example, from the Project drop-down, select my-project.

  3. Create a PostgreSQL database for your Apicurio Registry storage. For example, click Installed Operators, PostgreSQL Operator by Dev4Ddevs.com, and then Create database.

  4. Click YAML and edit the database settings as follows:

    • name: Change the value to registry

    • image: Change the value to centos/postgresql-12-centos7

  5. Edit any other database settings as needed depending on your environment, for example:

    apiVersion: postgresql.dev4devs.com/v1alpha1
    kind: Database
    metadata:
      name: registry
      namespace: my-project
    spec:
      databaseCpu: 30m
      databaseCpuLimit: 60m
      databaseMemoryLimit: 512Mi
      databaseMemoryRequest: 128Mi
      databaseName: example
      databaseNameKeyEnvVar: POSTGRESQL_DATABASE
      databasePassword: postgres
      databasePasswordKeyEnvVar: POSTGRESQL_PASSWORD
      databaseStorageRequest: 1Gi
      databaseUser: postgres
      databaseUserKeyEnvVar: POSTGRESQL_USER
      image: centos/postgresql-12-centos7
      size: 1
  6. Click Create, and wait until the database is created.

  7. Click Installed Operators > Apicurio Registry > ApicurioRegistry > Create ApicurioRegistry.

  8. Paste in the following custom resource definition, and edit the values for the database url and credentials to match your environment:

    apiVersion: registry.apicur.io/v1
    kind: ApicurioRegistry
    metadata:
      name: example-apicurioregistry-sql
    spec:
      configuration:
        persistence: 'sql'
        sql:
          dataSource:
            url: 'jdbc:postgresql://<service name>.<namespace>.svc:5432/<database name>'
            # e.g. url: 'jdbc:postgresql://acid-minimal-cluster.my-project.svc:5432/registry'
            userName: 'postgres'
            password: '<password>' # Optional
  9. Click Create and wait for the Apicurio Registry route to be created on OpenShift.

  10. Click Networking > Route to access the new route for the Apicurio Registry web console. For example:

    http://example-apicurioregistry-sql.my-project.my-domain-name.com/