Questions: CR for artifacts

[dweber019]

Is there a plan to support artifacts (e.g. a AVRO schema) as CR? This way a AVRO schema could be defined over GitOps, this would help in our organization to enable change in a more controlled way.

[jsenko]

This is an interesting idea, you suggest the operator would take care of pushing an AVRO artifact, defined as a CR, to the registry? I don't expect we will implement this feature in the near future, but we should keep it in the backlog. Could you please provide specifics - a more detailed use case, how would you expect it to work?

[dweber019]

Maybe some more detailed background form where I'm standing. We're using Strimzi / AMQ Streams in a bigger Enterprise and are just at the beginning of using Kafka ;)

Right now most of our resources are controlled over gitops e.g. Topics, KafkaUsers or even our Keycloak configurations. With gitops we found a way of having the state of resource controlled and can implement various gates on top of it, like governance or even data owner approvals.

Our week spot is now the schema registry. We considered to protect the Schema Registry API but this is far more complex than gitops as we don't know and it would be home grown.

Currently we are looking at https://docs.confluent.io/current/confluent-security-plugins/schema-registry/introduction.html#sr-security-plugin because of the statement of your previous comment, that you won't have this in the near future. This could solve our security needs but not regarding other aspects like governance.

[famarting]

@dweber019 have you evaluated uploading artifacts to the registry at runtime by your kafka producers? or maybe the maven plugin to upload the artifacts after deployment?

[jsenko]

Closing this issue, the work on this idea moved to https://github.com/Apicurio/apicurio-registry-content-sync-operator