Schema registry
Managed Service for Apache Kafka supports schemas in the following formats:
- Apache Avro
- Protocol Buffers (Protobuf)
The schema registry API doesn't support JSON.
The schema registry feature integrated within Managed Service for Apache Kafka lets you create, manage, and use these schemas with your Kafka clients. The schema registry implements the Confluent Schema Registry REST API, which is compatible with existing Apache Kafka applications and common client libraries.
Configuration
These environment variables configure your managed Schema Registry:
| Variable | Description |
|---|---|
| SCHEMA_REGISTRY_NAME | Human-readable name shown in the UI and logs for this Schema Registry. |
| SCHEMA_REGISTRY_URL | Endpoint URL of the managed Schema Registry. |
| SCHEMA_REGISTRY_BEARER_AUTH_CUSTOM_PROVIDER_CLASS | Fully qualified class name for the custom bearer token provider. Use: com.google.cloud.hosted.kafka.auth.GcpBearerAuthCredentialProvider |
| SCHEMA_REGISTRY_BEARER_AUTH_CREDENTIALS_SOURCE | Specifies how credentials are obtained. Use: CUSTOM |
Required roles and permissions
As Kpow can be used to manage all Schema Registry resources (e.g., subjects, versions, compatibility settings), you can assign a role with full access to the Schema Registry directly to Kpow. This enables centralized and automated schema management.
To support this functionality, it's recommended to assign the Managed Kafka Schema Registry Admin role to the service account running Kpow.
For more granular or restricted access control, consider using Kpow’s built-in User Authorization system to define fine-tuned permissions for individual users and actions.
Access control
User permissions to Kafka cluster resources are defined by Schema actions. See: User Authorization.
Limitations
Kpow's functionality may be impacted by the limitations of the managed schema registry.
Example configuration
## Kafka Cluster Configuration
ENVIRONMENT_NAME=GCP Kafka Cluster
BOOTSTRAP=bootstrap.<cluster-id>.<gcp-region>.managedkafka.<gcp-project-id>.cloud.goog:9092
SECURITY_PROTOCOL=SASL_SSL
SASL_MECHANISM=OAUTHBEARER
SASL_LOGIN_CALLBACK_HANDLER_CLASS=com.google.cloud.hosted.kafka.auth.GcpLoginCallbackHandler
SASL_JAAS_CONFIG=org.apache.kafka.common.security.oauthbearer.OAuthBearerLoginModule required;
## Schema Registry Configuration
SCHEMA_REGISTRY_NAME=GCP Schema Registry
SCHEMA_REGISTRY_URL=https://managedkafka.googleapis.com/v1/projects/<gcp-project-id>/locations/<gcp-region>/schemaRegistries/<registry-id>
SCHEMA_REGISTRY_BEARER_AUTH_CUSTOM_PROVIDER_CLASS=com.google.cloud.hosted.kafka.auth.GcpBearerAuthCredentialProvider
SCHEMA_REGISTRY_BEARER_AUTH_CREDENTIALS_SOURCE=CUSTOM
## Your License Details
LICENSE_ID=<license-id>
LICENSE_CODE=<license-code>
LICENSEE=<licensee>
LICENSE_EXPIRY=<license-expiry>
LICENSE_SIGNATURE=<license-signature>
Kpow will automatically detect and connect to your configured Kafka broker and Schema Registry.
