Database configuration for Schema Registry
Schema Registry requires a storage backend to persist schema metadata, versions, and compatibility settings. You can choose between PostgreSQL for production deployments or an in-memory database for testing and development environments.
Configuring a PostgreSQL database for Schema Registry
Configure persistent database storage for production Schema Registry deployments using PostgreSQL.
PostgreSQL is the recommended database backend for production deployments of Schema
Registry. It provides persistent storage, high availability, and scalability for
schema metadata. Configuration is done using database properties.
You must specify the database type, JDBC connection URL, username, as well as a
database password. You also specify a TLS Secret to mount
certificate files for encrypted connections.
-
You have access to a PostgreSQL server with TLS and have provisioned a database for Schema Registry.
-
Get the JDBC URL for the PostgreSQL server. Referred to as [***POSTGRESQL JDBC URL***] in the following steps.
- Get a username that Schema Registry can use to connect to the PostgreSQL server. Referred to as [***POSTGRESQL USERNAME***].
PostgreSQL TLS configuration
Reference a Kubernetes Secret containing certificate files to enable and configure TLS encryption for PostgreSQL connections.
The database.tls.secretRef property specifies a Secret
containing certificate files for TLS connections to PostgreSQL. When configured, all keys from
the Secret are mounted to
/etc/schema-registry/postgres/tls inside the Schema Registry
Pods. You then reference mounted files in your JDBC URL
(database.jdbcUrl) to enable TLS.
The Secret you specify in the database.tls.secretRef
property can contain various types of TLS-related files that are needed to establish an encrypted
connection. The exact files the Secret must contain depends on the security
requirements of your PostgreSQL server. Typically the Secret must contain a
Certificate Authority (CA) certificate, which is used to verify the PostgreSQL server's
identity.
jdbc:postgresql://my-postgres-host:5432/schema_registry?sslmode=verify-full&sslrootcert=/etc/schema-registry/postgres/tls/ca.crtNotice
how the sslrootcert parameter points to
/etc/schema-registry/postgres/tls/ca.crt. This ensures the JDBC driver can
find the certificate provided by your Secret at its designated mount point
within the filesystem of the Pod.Configuring an in-memory database for Schema Registry
Configure and ephemeral in-memory database for development and testing environments.
The in-memory database is designed for testing, development, and demonstration
purposes. It stores all schema metadata in memory, which means data is lost when
Schema Registry Pods restart. Configuration is done by setting
the database.type property to in-memory.
Schema Registry is configured to use an in-memory database for schema storage.
