此内容没有您所选择的语言版本。

Installing and deploying Apicurio Registry on OpenShift

Red Hat build of Apicurio Registry 3.0

Install, deploy, and configure Apicurio Registry 3.0

Red Hat Integration Documentation Team

Abstract

This guide explains how to install and deploy Apicurio Registry on OpenShift with data storage options in AMQ Streams or a PostgreSQL database. This guide also shows how to secure, configure, and manage your Apicurio Registry deployment, and provides configuration reference for Apicurio Registry and the Apicurio Registry Operator.

Preface

Providing feedback on Red Hat documentation

We appreciate your feedback on our documentation.

To propose improvements, open a Jira issue and describe your suggested changes. Provide as much detail as possible to enable us to address your request quickly.

Prerequisite

You have a Red Hat Customer Portal account. This account enables you to log in to the Red Hat Jira Software instance.
If you do not have an account, you will be prompted to create one.

Procedure

Click the following link: Create issue.
In the Summary text box, enter a brief description of the issue.
In the Description text box, provide the following information:
- The URL of the page where you found the issue.
- A detailed description of the issue.
  You can leave the information in any other fields at their default values.
Click Create to submit the Jira issue to the documentation team.

Thank you for taking the time to provide feedback.

Chapter 1. Service Registry Operator quickstart

You can quickly install the Service Registry Operator on the command line by using Custom Resource Definitions (CRDs).

The quickstart example deploys your Service Registry instance with storage in an SQL database:

Section 1.1, “Quickstart Service Registry Operator installation”
Section 1.2, “Quickstart Service Registry instance deployment”

Note

The recommended installation option for production environments is the OpenShift OperatorHub. The recommended storage option is an SQL database for performance, stability, and data management.

1.1. Quickstart Service Registry Operator installation

You can quickly install and deploy the Service Registry Operator on the command line, without the Operator Lifecycle Manager, by using a downloaded set of installation files and example CRDs.

Prerequisites

You are logged in to an OpenShift cluster with administrator access.
You have the OpenShift oc command-line client installed. For more details, see the OpenShift CLI documentation.

Procedure

Browse to Red Hat Software Downloads, select the product version, and download the examples in the Service Registry CRDs .zip file.
Extract the downloaded CRDs .zip file and change to the apicurio-registry-install-examples directory.
Create an OpenShift project for the Service Registry Operator installation, for example:
Copy to Clipboard Copied! Toggle word wrap Toggle overflow
```
export NAMESPACE="apicurio-registry"
oc new-project "$NAMESPACE"
```
```
export NAMESPACE="apicurio-registry"
oc new-project "$NAMESPACE"
```

Enter the following command to apply the example CRD in the install/install.yaml file:

Copy to Clipboard Toggle word wrap

cat install/install.yaml | sed "s/apicurio-registry-operator-namespace/$NAMESPACE/g" | oc apply -f -

cat install/install.yaml | sed "s/apicurio-registry-operator-namespace/$NAMESPACE/g" | oc apply -f -

Enter oc get deployment to check the readiness of the Service Registry Operator. For example, the output should be as follows:

Copy to Clipboard Toggle word wrap

NAME                     	READY   UP-TO-DATE  AVAILABLE   AGE
apicurio-registry-operator  1/1 	1        	1       	XmYs

NAME                     	READY   UP-TO-DATE  AVAILABLE   AGE
apicurio-registry-operator  1/1 	1        	1       	XmYs

1.2. Quickstart Service Registry instance deployment

To create your Service Registry instance deployment, use the example CRs.

Prerequisites

Ensure that the Service Registry Operator is installed.
You have a PostgreSQL database that is reachable from your OpenShift cluster.

Procedure

Browse to Red Hat Software Downloads, select the product version, and download the examples in the Service Registry CRDs .zip file.
Choose an example deployment.
Enter the following commands to apply the updated ApicurioRegistry3 CR in the namespace with the Service Registry Operator, and wait for the Service Registry instance to deploy:
Copy to Clipboard Copied! Toggle word wrap Toggle overflow
```
oc project "$NAMESPACE"
oc apply -f <example-yaml>
```
```
oc project "$NAMESPACE"
oc apply -f <example-yaml>
```

Enter oc get deployment to check the readiness of the Service Registry instance. For example, the output should be as follows:

Copy to Clipboard Toggle word wrap

NAME                     	        READY UP-TO-DATE AVAILABLE AGE
example-apicurioregistry-sql-deployment 1/1   1          1         XmYs

NAME                     	        READY UP-TO-DATE AVAILABLE AGE
example-apicurioregistry-sql-deployment 1/1   1          1         XmYs

Enter oc get routes to get the HOST/PORT URL to launch the Service Registry web console in your browser. For example:

Copy to Clipboard Toggle word wrap

example-apicurioregistry-sql.apicurio-registry.router-default.apps.mycluster.myorg.mycompany.com

example-apicurioregistry-sql.apicurio-registry.router-default.apps.mycluster.myorg.mycompany.com

Chapter 2. Installing Service Registry on OpenShift

This chapter explains how to install Service Registry on OpenShift Container Platform:

Section 2.1, “Installing Service Registry from the OpenShift OperatorHub”

Prerequisites

Read the introduction in the Service Registry User Guide.

2.1. Installing Service Registry from the OpenShift OperatorHub

You can install the Service Registry Operator on your OpenShift cluster from the OperatorHub. The OperatorHub is available from the OpenShift Container Platform web console and provides an interface for cluster administrators to discover and install Operators. For more details, see Understanding OperatorHub.

Note

You can install more than one replica of Service Registry depending on your environment. The number of replicas depends on the number and type of artifacts stored in Service Registry and on your chosen storage option.

Prerequisites

You must have cluster administrator access to an OpenShift cluster.

Procedure

In the OpenShift Container Platform web console, log in using an account with cluster administrator privileges.
Create a new OpenShift project:
1. In the left navigation menu, click Home, Project, and then Create Project.
2. Enter a project name, for example, my-project, and click Create.
In the left navigation menu, click Operators and then OperatorHub.
In the Filter by keyword text box, enter registry to find the Red Hat build of Apicurio Registry 3 operator.
Read the information about the Operator, and click Install to display the Operator subscription page.
Select your subscription settings, for example:
Select your subscription settings, for example:
- Update Channel: Select 3.x.
- Installation Mode: Select one of the following:
  - All namespaces on the cluster (default)
  - A specific namespace on the cluster and then my-project
- Approval Strategy: Select Automatic or Manual
Click Install, and wait a few moments until the Operator is ready for use.

Additional resources

Chapter 3. Service Registry configuration reference

This chapter provides reference information on the configuration options that are available for Service Registry.

Section 3.1, “Service Registry configuration options”

Additional resources

For details on migrating a 2.x Apicurio Registry deployment to 3.x see Section 3.2, “Service Registry version 2 to version 3 configuration changes”
For details on setting configuration options by using the Core Registry API, see the /admin/config/properties endpoint in the Apicurio Registry REST API documentation.
For details on client configuration options for Kafka serializers and deserializers, see the Service Registry User Guide.

3.1. Service Registry configuration options

The following Service Registry configuration options are available for each component category:

== . configuration options

Name	Type	Available from
`apicurio.app.date`	`string`	`3.0.4`
`apicurio.app.description`	`string`	`3.0.4`
`apicurio.app.name`	`string`	`3.0.4`
`apicurio.app.version`	`string`	`3.0.4`

3.1.1. api

Table 3.1. api configuration options
Name	Type	Default	Available from	Description
`apicurio.api.errors.include-stack-in-response`	`boolean`	`false`	`2.1.4.Final`	Include stack trace in errors responses
`apicurio.apis.v3.base-href`	`string`	`_`	`2.5.0.Final`	API base href (URI)
`apicurio.disable.apis`	`optional<list<string>>`		`2.0.0.Final`	Disable APIs

3.1.2. auth

Table 3.2. auth configuration options
Name	Type	Default	Available from	Description
`apicurio.auth.admin-override.claim`	`string`	`org-admin`	`2.1.0.Final`	Auth admin override claim
`apicurio.auth.admin-override.claim-value`	`string`	`true`	`2.1.0.Final`	Auth admin override claim value
`apicurio.auth.admin-override.enabled`	`boolean`	`false`	`2.1.0.Final`	Auth admin override enabled
`apicurio.auth.admin-override.from`	`string`	`token`	`2.1.0.Final`	Auth admin override from
`apicurio.auth.admin-override.role`	`string`	`sr-admin`	`2.1.0.Final`	Auth admin override role
`apicurio.auth.admin-override.type`	`string`	`role`	`2.1.0.Final`	Auth admin override type
`apicurio.auth.admin-override.user`	`string`	`admin`	`3.0.0`	Auth admin override user name
`apicurio.auth.anonymous-read-access.enabled`	`boolean [dynamic]`	`false`	`2.1.0.Final`	Anonymous read access
`apicurio.auth.authenticated-read-access.enabled`	`boolean [dynamic]`	`false`	`2.1.4.Final`	Authenticated read access
`apicurio.auth.owner-only-authorization`	`boolean [dynamic]`	`false`	`2.0.0.Final`	Artifact owner-only authorization
`apicurio.auth.owner-only-authorization.limit-group-access`	`boolean [dynamic]`	`false`	`2.1.0.Final`	Artifact group owner-only authorization
`apicurio.auth.role-based-authorization`	`boolean`	`false`	`2.1.0.Final`	Enable role based authorization
`apicurio.auth.role-source`	`string`	`token`	`2.1.0.Final`	Auth roles source
`apicurio.auth.role-source.header.name`	`string`		`2.4.3.Final`	Header authorization name
`apicurio.auth.roles.admin`	`string`	`sr-admin`	`2.0.0.Final`	Auth roles admin
`apicurio.auth.roles.developer`	`string`	`sr-developer`	`2.1.0.Final`	Auth roles developer
`apicurio.auth.roles.readonly`	`string`	`sr-readonly`	`2.1.0.Final`	Auth roles readonly
`apicurio.authn.audit.log.prefix`	`string`	`audit`	`2.2.6`	Prefix used for application audit logging.
`apicurio.authn.basic-client-credentials.cache-expiration`	`integer`	`10`	`2.2.6.Final`	Default client credentials token expiration time in minutes.
`apicurio.authn.basic-client-credentials.cache-expiration-offset`	`integer`	`10`	`2.5.9.Final`	Client credentials token expiration offset from JWT expiration, in seconds.
`apicurio.authn.basic-client-credentials.enabled`	`boolean [dynamic]`	`false`	`2.1.0.Final`	Enable basic auth client credentials
`apicurio.authn.basic.scope`	`optional<string>`		`2.5.0.Final`	Client credentials scope.
`quarkus.http.auth.basic`	`boolean`	`false`	`3.0.0`	Enable basic auth
`quarkus.oidc.client-id`	`string`		`2.0.0.Final`	Client identifier used by the server for authentication.
`quarkus.oidc.client-secret`	`optional<string>`		`2.1.0.Final`	Client secret used by the server for authentication.
`quarkus.oidc.tenant-enabled`	`boolean`	`false`	`2.0.0.Final`	Enable auth
`quarkus.oidc.token-path`	`string`		`2.1.0.Final`	Authentication server token endpoint.

3.1.3. cache

Table 3.3. cache configuration options
Name	Type	Default	Available from	Description
`apicurio.config.cache.enabled`	`boolean`	`true`	`2.2.2.Final`	Registry cache enabled

3.1.4. ccompat

Table 3.4. ccompat configuration options
Name	Type	Default	Available from	Description
`apicurio.ccompat.group-concat.enabled`	`boolean`	`false`	`2.6.2.Final`	Enable group support via concatenation in subject (compatibility API)
`apicurio.ccompat.group-concat.separator`	`string`	`:`	`2.6.2.Final`	Separator to use when group concatenation is enabled (compatibility API)
`apicurio.ccompat.legacy-id-mode.enabled`	`boolean [dynamic]`	`false`	`2.0.2.Final`	Legacy ID mode (compatibility API)
`apicurio.ccompat.max-subjects`	`integer [dynamic]`	`1000`	`2.4.2.Final`	Maximum number of Subjects returned (compatibility API)
`apicurio.ccompat.use-canonical-hash`	`boolean [dynamic]`	`false`	`2.3.0.Final`	Canonical hash mode (compatibility API)

3.1.5. download

Table 3.5. download configuration options
Name	Type	Default	Available from	Description
`apicurio.download.href.ttl.seconds`	`long [dynamic]`	`30`	`2.1.2.Final`	Download link expiry

3.1.6. gitops

Table 3.6. gitops configuration options
Name	Type	Default	Available from	Description
`apicurio.gitops.id`	`string`		`3.0.0`	Identifier of this Registry instance. Only data that references this identifier will be loaded.
`apicurio.gitops.repo.origin.branch`	`string`	`main`	`3.0.0`	Name of the branch in the remote git repository containing data to be loaded.
`apicurio.gitops.repo.origin.uri`	`string`		`3.0.0`	URI of the remote git repository containing data to be loaded.
`apicurio.gitops.workdir`	`string`	`/tmp/apicurio-registry-gitops`	`3.0.0`	Path to GitOps working directory, which is used to store the local git repository.

3.1.7. health

Table 3.7. health configuration options
Name	Type	Default	Available from	Description
`apicurio.liveness.errors.ignored`	`optional<list<string>>`		`1.2.3.Final`	Ignored liveness errors
`apicurio.metrics.persistence-exception-liveness-check.counter-reset-window-duration.seconds`	`integer`	`60`	`1.0.2.Final`	Counter reset window duration of persistence liveness check
`apicurio.metrics.persistence-exception-liveness-check.error-threshold`	`integer`	`1`	`1.0.2.Final`	Error threshold of persistence liveness check
`apicurio.metrics.persistence-exception-liveness-check.logging.disabled`	`boolean`	`false`	`2.0.0.Final`	Disable logging of persistence liveness check
`apicurio.metrics.persistence-exception-liveness-check.status-reset-window-duration.seconds`	`integer`	`300`	`1.0.2.Final`	Status reset window duration of persistence liveness check
`apicurio.metrics.persistence-timeout-readiness-check.error-threshold`	`integer`	`5`	`1.0.2.Final`	Error threshold of persistence readiness check
`apicurio.metrics.persistence-timeout-readiness-check.timeout.seconds`	`integer`	`15`	`1.0.2.Final`	Timeout of persistence readiness check
`apicurio.metrics.persitence-timeout-readiness-check.status-reset-window-duration.seconds`	`integer`	`300`	`1.0.2.Final`	Status reset window duration of persistence readiness check
`apicurio.metrics.resonse-error-liveness-check.counter-reset-window-duration.seconds`	`integer`	`60`	`1.0.2.Final`	Counter reset window duration of response liveness check
`apicurio.metrics.response-error-liveness-check.counter-reset-window-duration.seconds`	`integer`	`60`	`1.0.2.Final`	Counter reset window duration of persistence readiness check
`apicurio.metrics.response-error-liveness-check.disabled`	`boolean`	`false`	`2.0.0.Final`	Disable logging of response liveness check
`apicurio.metrics.response-error-liveness-check.error-threshold`	`integer`	`1`	`1.0.2.Final`	Error threshold of response liveness check
`apicurio.metrics.response-error-liveness-check.status-reset-window-duration.seconds`	`integer`	`300`	`1.0.2.Final`	Status reset window duration of response liveness check
`apicurio.metrics.response-timeout-readiness-check.counter-reset-window-duration.seconds`	`instance<integer>`	`60`	`1.0.2.Final`	Counter reset window duration of response readiness check
`apicurio.metrics.response-timeout-readiness-check.error-threshold`	`instance<integer>`	`1`	`1.0.2.Final`	Error threshold of response readiness check
`apicurio.metrics.response-timeout-readiness-check.timeout.seconds`	`instance<integer>`	`10`	`1.0.2.Final`	Timeout of response readiness check
`apicurio.metrics.response-timeout-rediness-check.status-reset-window-duration.seconds`	`instance<integer>`	`300`	`1.0.2.Final`	Status reset window duration of response readiness check
`apicurio.storage.metrics.cache.check-period.ms`	`long`	`30000`	`2.1.0.Final`	Storage metrics cache check period

3.1.8. import

Table 3.8. import configuration options
Name	Type	Default	Available from	Description
`apicurio.import.preserveContentId`	`boolean`	`true`	`3.0.0`	When set to true, content IDs from the import file will be used (otherwise new IDs will be generated). Defaults to 'true'.
`apicurio.import.preserveGlobalId`	`boolean`	`true`	`3.0.0`	When set to true, global IDs from the import file will be used (otherwise new IDs will be generated). Defaults to 'true'.
`apicurio.import.requireEmptyRegistry`	`boolean`	`true`	`3.0.0`	When set to true, importing data will only work when the registry is empty. Defaults to 'true'.
`apicurio.import.url`	`optional<url>`		`2.1.0.Final`	The import URL
`apicurio.import.work-dir`	`string`		`3.0.0`	Temporary work directory to use when importing data.

3.1.9. limits

Table 3.9. limits configuration options
Name	Type	Default	Available from	Description
`apicurio.limits.config.max-artifact-labels`	`long`	`-1`	`2.2.3.Final`	Max artifact labels
`apicurio.limits.config.max-artifact-properties`	`long`	`-1`	`2.1.0.Final`	Max artifact properties
`apicurio.limits.config.max-artifacts`	`long`	`-1`	`2.1.0.Final`	Max artifacts
`apicurio.limits.config.max-description-length`	`long`	`-1`	`2.1.0.Final`	Max artifact description length
`apicurio.limits.config.max-label-size.bytes`	`long`	`-1`	`2.1.0.Final`	Max artifact label size
`apicurio.limits.config.max-name-length`	`long`	`-1`	`2.1.0.Final`	Max artifact name length
`apicurio.limits.config.max-property-key-size.bytes`	`long`	`-1`	`2.1.0.Final`	Max artifact property key size
`apicurio.limits.config.max-property-value-size.bytes`	`long`	`-1`	`2.1.0.Final`	Max artifact property value size
`apicurio.limits.config.max-requests-per-second`	`long`	`-1`	`2.2.3.Final`	Max artifact requests per second
`apicurio.limits.config.max-schema-size.bytes`	`long`	`-1`	`2.2.3.Final`	Max schema size (bytes)
`apicurio.limits.config.max-total-schemas`	`long`	`-1`	`2.1.0.Final`	Max total schemas
`apicurio.limits.config.max-versions-per-artifact`	`long`	`-1`	`2.1.0.Final`	Max versions per artifacts
`apicurio.storage.metrics.cache.max-size`	`long`	`1000`	`2.4.1.Final`	Storage metrics cache max size.

3.1.10. redirects

Table 3.10. redirects configuration options
Name	Type	Available from	Description
`apicurio.redirects`	`map<string, string>`	`2.1.2.Final`	Registry redirects
`apicurio.redirects.enabled`	`boolean`	`2.1.2.Final`	Enable redirects
`apicurio.url.override.host`	`optional<string>`	`2.5.0.Final`	Override the hostname used for generating externally-accessible URLs. The host and port overrides are useful when deploying Registry with HTTPS passthrough Ingress or Route. In cases like these, the request URL (and port) that is then re-used for redirection does not belong to actual external URL used by the client, because the request is proxied. The redirection then fails because the target URL is not reachable.
`apicurio.url.override.port`	`optional<integer>`	`2.5.0.Final`	Override the port used for generating externally-accessible URLs.

3.1.11. rest

Table 3.11. rest configuration options
Name	Type	Default	Available from	Description
`apicurio.rest.artifact.download.max-size.bytes`	`int`	`1000000`	`2.2.6`	Max size of the artifact allowed to be downloaded from URL
`apicurio.rest.artifact.download.ssl-validation.disabled`	`boolean`	`false`	`2.2.6`	Skip SSL validation when downloading artifacts from URL
`apicurio.rest.deletion.artifact-version.enabled`	`boolean [dynamic]`	`false`	`2.4.2`	Enables artifact version deletion
`apicurio.rest.deletion.artifact.enabled`	`boolean [dynamic]`	`false`	`3.0.0`	Enables artifact deletion
`apicurio.rest.deletion.group.enabled`	`boolean [dynamic]`	`false`	`3.0.0`	Enables group deletion
`apicurio.rest.mutability.artifact-version-content.enabled`	`boolean [dynamic]`	`false`	`3.0.2`	Enables artifact version mutability
`apicurio.rest.search-results.labels.max-size.bytes`	`int`	`512`	`3.0.3`	Max size of the labels (in bytes) per item from within search results

3.1.12. semver

Table 3.12. semver configuration options
Name	Type	Default	Available from	Description
`apicurio.semver.branching.coerce`	`boolean [dynamic]`	`false`	`3.0.0`	If true, invalid versions will be coerced to Semantic Versioning 2 format (https://semver.org) if possible.
`apicurio.semver.branching.enabled`	`boolean [dynamic]`	`false`	`3.0.0`	Automatically create or update branches for major ('A.x') and minor ('A.B.x') artifact versions.
`apicurio.semver.validation.enabled`	`boolean [dynamic]`	`false`	`3.0.0`	Validate that all artifact versions conform to Semantic Versioning 2 format (https://semver.org).

3.1.13. storage

Table 3.13. storage configuration options
Name	Type	Default	Available from	Description
`apicurio.datasource.blue.db-kind`	`string`	`h2`	`3.0.0`	Gitops blue datasource db kind
`apicurio.datasource.blue.jdbc.initial-size`	`string`	`20`	`3.0.0`	Gitops blue datasource pool initial size
`apicurio.datasource.blue.jdbc.max-size`	`string`	`100`	`3.0.0`	Gitops blue datasource pool max size
`apicurio.datasource.blue.jdbc.min-size`	`string`	`20`	`3.0.0`	Gitops blue datasource pool minimum size
`apicurio.datasource.blue.jdbc.url`	`string`	`jdbc:h2:mem:registry_db`	`3.0.0`	Gitops blue datasource jdbc url
`apicurio.datasource.blue.password`	`string`	`sa`	`3.0.0`	Gitops blue datasource password
`apicurio.datasource.blue.username`	`string`	`sa`	`3.0.0`	Gitops blue datasource username
`apicurio.datasource.green.db-kind`	`string`	`h2`	`3.0.0`	Gitops green datasource db kind
`apicurio.datasource.green.jdbc.initial-size`	`string`	`20`	`3.0.0`	Gitops green datasource pool initial size
`apicurio.datasource.green.jdbc.max-size`	`string`	`100`	`3.0.0`	Gitops green datasource pool max size
`apicurio.datasource.green.jdbc.min-size`	`string`	`20`	`3.0.0`	Gitops green datasource pool minimum size
`apicurio.datasource.green.jdbc.url`	`string`	`jdbc:h2:mem:registry_db`	`3.0.0`	Gitops green datasource jdbc url
`apicurio.datasource.green.password`	`string`	`sa`	`3.0.0`	Gitops green datasource password
`apicurio.datasource.green.username`	`string`	`sa`	`3.0.0`	Gitops green datasource username
`apicurio.events.kafka.topic`	`string`	`registry-events`		Storage event topic
`apicurio.kafkasql.bootstrap.servers`	`string`			Kafka sql storage bootstrap servers
`apicurio.kafkasql.consumer.group-prefix`	`string`	`apicurio-`		Kafka sql storage prefix for consumer group name
`apicurio.kafkasql.consumer.poll.timeout`	`integer`	`5000`		Kafka sql storage consumer poll timeout
`apicurio.kafkasql.coordinator.response-timeout`	`integer`	`30000`		Kafka sql storage coordinator response timeout
`apicurio.kafkasql.security.protocol`	`optional<string>`			Kafka sql storage security protocol
`apicurio.kafkasql.security.sasl.client-id`	`string`			Kafka sql storage sasl client identifier
`apicurio.kafkasql.security.sasl.client-secret`	`string`			Kafka sql storage sasl client secret
`apicurio.kafkasql.security.sasl.enabled`	`boolean`	`false`		Kafka sql storage sasl enabled
`apicurio.kafkasql.security.sasl.login.callback.handler.class`	`string`			Kafka sql storage sasl login callback handler
`apicurio.kafkasql.security.sasl.mechanism`	`string`			Kafka sql storage sasl mechanism
`apicurio.kafkasql.security.sasl.token.endpoint`	`string`			Kafka sql storage sasl token endpoint
`apicurio.kafkasql.security.ssl.truststore.location`	`optional<string>`			Kafka sql storage ssl truststore location
`apicurio.kafkasql.security.ssl.truststore.type`	`optional<string>`			Kafka sql storage ssl truststore type
`apicurio.kafkasql.snapshot.every.seconds`	`string`	`86400s`	`3.0.0`	Kafka sql journal topic snapshot every
`apicurio.kafkasql.snapshots.topic`	`string`	`kafkasql-snapshots`	`3.0.0`	Kafka sql storage topic name
`apicurio.kafkasql.ssl.key.password`	`optional<string>`			Kafka sql storage ssl key password
`apicurio.kafkasql.ssl.keystore.location`	`optional<string>`			Kafka sql storage ssl keystore location
`apicurio.kafkasql.ssl.keystore.password`	`optional<string>`			Kafka sql storage ssl keystore password
`apicurio.kafkasql.ssl.keystore.type`	`optional<string>`			Kafka sql storage ssl keystore type
`apicurio.kafkasql.ssl.truststore.password`	`optional<string>`			Kafka sql storage ssl truststore password
`apicurio.kafkasql.topic`	`string`	`kafkasql-journal`		Kafka sql storage topic name
`apicurio.kafkasql.topic.auto-create`	`boolean`	`true`		Kafka sql storage topic auto create
`apicurio.sql.db-schema`	`string`	`*`	`3.0.6`	Database schema name (only needed when running two instances of Registry against the same database, in multiple schemas)
`apicurio.sql.init`	`boolean`	`true`	`2.0.0.Final`	SQL init
`apicurio.storage.kind`	`string`		`3.0.0`	Application storage variant, for example, sql, kafkasql, or gitops
`apicurio.storage.read-only.enabled`	`boolean [dynamic]`	`false`	`2.5.0.Final`	Enable Registry storage read-only mode
`apicurio.storage.snapshot.location`	`string`	`./`	`3.0.0`	Kafka sql snapshots store location
`apicurio.storage.sql.kind`	`string`	`h2`	`3.0.0`	Application datasource database type
`artifacts.skip.disabled.latest`	`boolean`	`true`	`2.4.2`	Skip artifact versions with DISABLED state when retrieving latest artifact version

3.1.14. ui

Table 3.14. ui configuration options
Name	Type	Default	Available from	Description
`apicurio.ui.auth.oidc.client-id`	`string`	`apicurio-registry-ui`	`3.0.0`	The OIDC clientId
`apicurio.ui.auth.oidc.logout-url`	`string`	`f5`	`3.0.0`	The OIDC logout URL
`apicurio.ui.auth.oidc.redirect-uri`	`string`	`/`	`3.0.0`	The OIDC redirectUri
`apicurio.ui.auth.oidc.scope`	`string`	`openid profile email`	`3.0.8`	UI auth OIDC scope value
`apicurio.ui.contextPath`	`string`	`/`	`3.0.0`	Context path of the UI
`apicurio.ui.docsUrl`	`string`	`/docs/`	`3.0.0`	URL of the Documentation component
`apicurio.ui.features.breadcrumbs`	`string`	`true`	`3.0.0`	Enabled to show breadcrumbs in the UI
`apicurio.ui.features.read-only.enabled`	`string`	`false`	`3.0.0`	Enabled to set the UI to read-only mode
`apicurio.ui.features.settings`	`string`	`true`	`3.0.0`	Enabled to show the Settings tab in the UI
`apicurio.ui.navPrefixPath`	`string`	`/`	`3.0.0`	Navigation prefix for all UI paths

3.2. Service Registry version 2 to version 3 configuration changes

Service Registry v3 has simplified the configuration options, removing duplicates and improving consistency. For most options, the only change is ssrenaming of the prefix from registry to apicurio, for example, changing registry.kafkasql.bootstrap.servers to apicurio.kafkasql.bootstrap.servers.

Note

For each configuration property you can override the value by using the corresponding environment variable, for example, APICURIO_KAFKASQL_BOOTSTRAP_SERVERS.s

3.2.1. api

Table 3.15. api configuration options
Name	New Option
`registry.api.errors.include-stack-in-response`	`apicurio.api.errors.include-stack-in-response`
`registry.disable.apis`	`apicurio.disable.apis`

3.2.2. auth

Table 3.16. auth configuration options
Name	New Option
`registry.auth.admin-override.claim`	`apicurio.auth.admin-override.claim`
`registry.auth.admin-override.claim-value`	`apicurio.auth.admin-override.claim-value`
`registry.auth.admin-override.enabled`	`apicurio.auth.admin-override.enabled`
`registry.auth.admin-override.from`	`apicurio.auth.admin-override.from`
`registry.auth.admin-override.role`	`apicurio.auth.admin-override.role`
`registry.auth.admin-override.type`	`apicurio.auth.admin-override.type`
`registry.auth.anonymous-read-access.enabled`	`apicurio.auth.anonymous-read-access.enabled`
`registry.auth.audit.log.prefix`	`apicurio.authn.audit.log.prefix`
`registry.auth.authenticated-read-access.enabled`	`apicurio.auth.authenticated-read-access.enabled`
`registry.auth.basic-auth-client-credentials.cache-expiration`	`apicurio.authn.basic-client-credentials.cache-expiration`
`registry.auth.basic-auth-client-credentials.cache-expiration-offset`	`apicurio.authn.basic-client-credentials.cache-expiration-offset`
`registry.auth.basic-auth-client-credentials.enabled`	`apicurio.authn.basic-client-credentials.enabled`
`registry.auth.basic-auth.scope`	`apicurio.authn.basic.scope`
`registry.auth.client-id`	`quarkus.oidc.client-id`
`registry.auth.client-secret`	`quarkus.oidc.client-secret`
`registry.auth.enabled`	`quarkus.oidc.tenant-enabled`
`registry.auth.owner-only-authorization`	`apicurio.auth.owner-only-authorization`
`registry.auth.owner-only-authorization.limit-group-access`	`apicurio.auth.owner-only-authorization.limit-group-access`
`registry.auth.role-based-authorization`	`apicurio.auth.role-based-authorization`
`registry.auth.role-source`	`apicurio.auth.role-source`
`registry.auth.role-source.header.name`	`apicurio.auth.role-source.header.name`
`registry.auth.roles.admin`	`apicurio.auth.roles.admin`
`registry.auth.roles.developer`	`apicurio.auth.roles.developer`
`registry.auth.roles.readonly`	`apicurio.auth.roles.readonly`
`registry.auth.tenant-owner-is-admin.enabled`	`Removed`
`registry.auth.token.endpoint`	`quarkus.oidc.token-path`

3.2.3. cache

Table 3.17. cache configuration options
Name	New Option
`registry.config.cache.enabled`	`apicurio.config.cache.enabled`

3.2.4. ccompat

Table 3.18. ccompat configuration options
Name	New Option
`registry.ccompat.legacy-id-mode.enabled`	`apicurio.ccompat.legacy-id-mode.enabled`
`registry.ccompat.max-subjects`	`apicurio.ccompat.max-subjects`
`registry.ccompat.use-canonical-hash`	`apicurio.ccompat.use-canonical-hash`

3.2.5. download

Table 3.19. download configuration options
Name	New Option
`registry.download.href.ttl`	`apicurio.download.href.ttl.seconds`

3.2.6. events

Table 3.20. events configuration options
Name	New Option
`registry.events.ksink`	`removed`

3.2.7. health

Table 3.21. health configuration options
Name	New Option
`registry.liveness.errors.ignored`	`apicurio.liveness.errors.ignored`
`registry.metrics.PersistenceExceptionLivenessCheck.counterResetWindowDurationSec`	`apicurio.metrics.response-timeout-readiness-check.counter-reset-window-duration.seconds`
`registry.metrics.PersistenceExceptionLivenessCheck.disableLogging`	`apicurio.metrics.persistence-exception-liveness-check.logging.disabled`
`registry.metrics.PersistenceExceptionLivenessCheck.errorThreshold`	`apicurio.metrics.persistence-exception-liveness-check.error-threshold`
`registry.metrics.PersistenceExceptionLivenessCheck.statusResetWindowDurationSec`	`apicurio.metrics.persistence-exception-liveness-check.status-reset-window-duration.seconds`
`registry.metrics.PersistenceTimeoutReadinessCheck.counterResetWindowDurationSec`	`apicurio.metrics.response-error-liveness-check.counter-reset-window-duration.seconds`
`registry.metrics.PersistenceTimeoutReadinessCheck.errorThreshold`	`apicurio.metrics.persistence-timeout-readiness-check.error-threshold`
`registry.metrics.PersistenceTimeoutReadinessCheck.statusResetWindowDurationSec`	`apicurio.metrics.persitence-timeout-readiness-check.status-reset-window-duration.seconds`
`registry.metrics.PersistenceTimeoutReadinessCheck.timeoutSec`	`apicurio.metrics.persistence-timeout-readiness-check.timeout.seconds`
`registry.metrics.ResponseErrorLivenessCheck.counterResetWindowDurationSec`	`apicurio.metrics.resonse-error-liveness-check.counter-reset-window-duration.seconds`
`registry.metrics.ResponseErrorLivenessCheck.disableLogging`	`apicurio.metrics.response-error-liveness-check.disabled`
`registry.metrics.ResponseErrorLivenessCheck.errorThreshold`	`apicurio.metrics.response-error-liveness-check.error-threshold`
`registry.metrics.ResponseErrorLivenessCheck.statusResetWindowDurationSec`	`apicurio.metrics.response-error-liveness-check.status-reset-window-duration.seconds`
`registry.metrics.ResponseTimeoutReadinessCheck.counterResetWindowDurationSec`	`apicurio.metrics.response-timeout-readiness-check.counter-reset-window-duration.seconds`
`registry.metrics.ResponseTimeoutReadinessCheck.errorThreshold`	`apicurio.metrics.response-timeout-readiness-check.error-threshold`
`registry.metrics.ResponseTimeoutReadinessCheck.statusResetWindowDurationSec`	`apicurio.metrics.response-timeout-rediness-check.status-reset-window-duration.seconds`
`registry.metrics.ResponseTimeoutReadinessCheck.timeoutSec`	`apicurio.metrics.response-timeout-readiness-check.timeout.seconds`
`registry.storage.metrics.cache.check-period`	`apicurio.storage.metrics.cache.check-period.ms`

3.2.8. import

Table 3.22. import configuration options
Name	New Option
`registry.import.url`	`apicurio.import.url`

3.2.9. kafka

Table 3.23. kafka configuration options
Name	New Option
`registry.events.kafka.topic`	`apicurio.events.kafka.topic`
`registry.events.kafka.topic-partition`	`Removed`

3.2.10. limits

Table 3.24. limits configuration options
Name	New Option
`registry.limits.config.max-artifact-labels`	`apicurio.limits.config.max-artifact-labels`
`registry.limits.config.max-artifact-properties`	`apicurio.limits.config.max-artifact-properties`
`registry.limits.config.max-artifacts`	`apicurio.limits.config.max-artifact`
`registry.limits.config.max-description-length`	`apicurio.limits.config.max-description-length`
`registry.limits.config.max-label-size`	`apicurio.limits.config.max-label-size`
`registry.limits.config.max-name-length`	`apicurio.limits.config.max-name-length`
`registry.limits.config.max-property-key-size`	`apicurio.limits.config.max-property-key-size`
`registry.limits.config.max-property-value-size`	`apicurio.limits.config.max-property-value-size`
`registry.limits.config.max-requests-per-second`	`apicurio.limits.config.max-requests-per-second`
`registry.limits.config.max-schema-size-bytes`	`apicurio.limits.config.max-schema-size-bytes`
`registry.limits.config.max-total-schemas`	`apicurio.limits.config.max-total-schemas`
`registry.limits.config.max-versions-per-artifact`	`apicurio.limits.config.max-versions-per-artifact`
`registry.storage.metrics.cache.max-size`	`apicurio.storage.metrics.cache.max-size`

3.2.11. redirects

Table 3.25. redirects configuration options
Name	New Option
`registry.enable-redirects`	`apicurio.redirects.enabled`
`registry.redirects`	`apicurio.redirects`
`registry.url.override.host`	`apicurio.url.override.host`
`registry.url.override.port`	`apicurio.url.override.port`

3.2.12. rest

Table 3.26. rest configuration options
Name	New Option
`registry.rest.artifact.deletion.enabled`	`apicurio.rest.artifact.deletion.enabled`
`registry.rest.artifact.download.maxSize`	`apicurio.rest.artifact.download.max-size.bytes`
`registry.rest.artifact.download.skipSSLValidation`	`apicurio.rest.artifact.download.ssl-validation.disabled`

3.2.13. store

Table 3.27. store configuration options
Name	New Option
`artifacts.skip.disabled.latest`	`artifacts.skip.disabled.latest`
`registry.sql.init`	`apicurio.sql.init`

3.2.14. ui

Table 3.28. ui configuration options
Name	New Option
`registry.ui.config.auth.oidc.client-id`	`apicurio.ui.auth.oidc.client-id`
`registry.ui.config.auth.oidc.redirect-url`	`apicurio.ui.auth.oidc.redirect-uri`
`registry.ui.config.auth.oidc.url`	`quarkus.oidc.auth-server-url`
`registry.ui.config.uiContextPath`	`apicurio.ui.contextPath`
`registry.ui.features.readOnly`	`apicurio.ui.features.read-only.enabled`
`registry.ui.features.settings`	`apicurio.ui.features.settings`

Appendix A. Using your subscription

Service Registry is provided through a software subscription. To manage your subscriptions, access your account at the Red Hat Customer Portal.

Accessing your account

Go to access.redhat.com.
If you do not already have an account, create one.
Log in to your account.

Activating a subscription

Go to access.redhat.com.
Navigate to My Subscriptions.
Navigate to Activate a subscription and enter your 16-digit activation number.

Downloading ZIP and TAR files

To access ZIP or TAR files, use the customer portal to find the relevant files for download. If you are using RPM packages, this step is not required.

Open a browser and log in to the Red Hat Customer Portal Product Downloads page at access.redhat.com/downloads.
Locate the Red Hat Integration entries in the Integration and Automation category.
Select the desired Service Registry product. The Software Downloads page opens.
Click the Download link for your component.

Revised on 2025-05-07 14:37:43 UTC

Legal Notice

The text of and illustrations in this document are licensed by Red Hat under a Creative Commons Attribution–Share Alike 3.0 Unported license ("CC-BY-SA"). An explanation of CC-BY-SA is available at http://creativecommons.org/licenses/by-sa/3.0/. In accordance with CC-BY-SA, if you distribute this document or an adaptation of it, you must provide the URL for the original version.

Red Hat, as the licensor of this document, waives the right to enforce, and agrees not to assert, Section 4d of CC-BY-SA to the fullest extent permitted by applicable law.

Red Hat, Red Hat Enterprise Linux, the Shadowman logo, the Red Hat logo, JBoss, OpenShift, Fedora, the Infinity logo, and RHCE are trademarks of Red Hat, Inc., registered in the United States and other countries.

Linux® is the registered trademark of Linus Torvalds in the United States and other countries.

Java® is a registered trademark of Oracle and/or its affiliates.

XFS® is a trademark of Silicon Graphics International Corp. or its subsidiaries in the United States and/or other countries.

MySQL® is a registered trademark of MySQL AB in the United States, the European Union and other countries.

Node.js® is an official trademark of Joyent. Red Hat is not formally related to or endorsed by the official Joyent Node.js open source or commercial project.

The OpenStack® Word Mark and OpenStack logo are either registered trademarks/service marks or trademarks/service marks of the OpenStack Foundation, in the United States and other countries and are used with the OpenStack Foundation's permission. We are not affiliated with, endorsed or sponsored by the OpenStack Foundation, or the OpenStack community.

All other trademarks are the property of their respective owners.

此内容没有您所选择的语言版本。

Installing and deploying Apicurio Registry on OpenShift

Install, deploy, and configure Apicurio Registry 3.0

Preface

Providing feedback on Red Hat documentation

Chapter 1. Service Registry Operator quickstart

1.1. Quickstart Service Registry Operator installation

1.2. Quickstart Service Registry instance deployment

Chapter 2. Installing Service Registry on OpenShift

2.1. Installing Service Registry from the OpenShift OperatorHub

Chapter 3. Service Registry configuration reference

3.1. Service Registry configuration options

3.1.1. api

3.1.2. auth

3.1.3. cache

3.1.4. ccompat

3.1.5. download

3.1.6. gitops

3.1.7. health

3.1.8. import

3.1.9. limits

3.1.10. redirects

3.1.11. rest

3.1.12. semver

3.1.13. storage

3.1.14. ui

3.2. Service Registry version 2 to version 3 configuration changes

3.2.1. api

3.2.2. auth

3.2.3. cache

3.2.4. ccompat

3.2.5. download

3.2.6. events

3.2.7. health

3.2.8. import

3.2.9. kafka

3.2.10. limits

3.2.11. redirects

3.2.12. rest

3.2.13. store

3.2.14. ui

Appendix A. Using your subscription

Accessing your account

Activating a subscription

Downloading ZIP and TAR files

Legal Notice

学习

尝试、购买和销售

社区

关于红帽文档

让开源更具包容性

關於紅帽

Theme

Red Hat legal and privacy links

Red Hat legal and privacy links