Skip to main content

Documentation Index

Fetch the complete documentation index at: https://docs.conduktor.io/llms.txt

Use this file to discover all available pages before exploring further.

The Schema Registry Proxy (SRP) sits between your Kafka clients and Confluent Schema Registry, adding authentication, authorization and observability. It integrates with Console for Self-service permission management, and automatically synchronizes and enforces access rights for schemas.
Schema Registry Proxy is in early access. Only Confluent-compatible schema registries are supported.

Prerequisites

RequirementDetails
Apache KafkaVersion 3.8+. Used for permission distribution and heartbeat discovery.
Confluent Schema RegistryVersion 7.0+. The backend SRP proxies requests to.
Authentication providerOIDC-compliant provider with a JWKS endpoint (for example, Keycloak, Auth0, Okta).
Conduktor ConsoleFor Self-service permission management.

Enable SRP discovery in Console

Set the following environment variable on your Console deployment: 
environment:
  CDK_SCHEMAREGISTRYPROXY_ENABLED: "true"
Once SRP is running, the proxy instance appears in Console:
  1. Go to the Kafka cluster configured as the SRP backing cluster.
  2. Open the Schema Registry tab for a Schema Registry with ConfluentLike flavor.
  3. Select the discovered SRP instance from the dropdown.

Deploy with Docker Compose

services:
  schema-registry-proxy:
    image: conduktor/conduktor-schema-registry-proxy:0.1.0-rc1
    hostname: schema-registry-proxy
    depends_on:
      kafka:
        condition: service_healthy
      schema-registry:
        condition: service_healthy
    environment:
      PORT: "7070"
      KAFKA_BOOTSTRAP_SERVERS: <YOUR_KAFKA_BOOTSTRAP>
      CONFLUENT_SCHEMA_REGISTRY_URL: <YOUR_SCHEMA_REGISTRY_URL>
      AUTH_PROVIDER: jwt
      JWT_JWKS_URL: <YOUR_JWKS_ENDPOINT>
      SCHEMA_REGISTRY_PROXY_APP_ID: srp-cluster-1
    ports:
      - "7070:7070"
      - "9464:9464"
    healthcheck:
      test: ["CMD", "curl", "-f", "http://localhost:7070/health"]
      interval: 30s
      timeout: 10s
      retries: 3
      start_period: 40s

Verify deployment

Check that SRP is healthy: 
curl http://host:PORT/health
Confirm Prometheus metrics are available: 
curl http://host:PORT/metrics
In Console, verify the SRP instance appears in the Schema Registry tab dropdown for the relevant cluster.

Next steps