Skip to content

Support Kafka schema registry config#847

Open
jiangpengcheng wants to merge 3 commits into
masterfrom
support_kafka_schema_registry
Open

Support Kafka schema registry config#847
jiangpengcheng wants to merge 3 commits into
masterfrom
support_kafka_schema_registry

Conversation

@jiangpengcheng

Copy link
Copy Markdown
Member

Summary

  • add a schemaRegistry section under Kafka messaging config for generic functions
  • map Schema Registry URL and basic/OAuth2 auth into _kafka_config.producer_config for the generic runtime
  • mount Schema Registry OAuth2 credentials and expose basic auth credentials through env vars
  • validate required Schema Registry fields and regenerate CRDs/deepcopy code

Details

The generic runtime expects Schema Registry settings in Kafka producer config using the schema.registry.* keys. This change lets users configure those settings with first-class Function Mesh fields instead of embedding them manually in producer config. Basic auth credentials are sourced from a Kubernetes secret, and OAuth2 credentials are mounted separately from the Kafka broker OAuth2 mount path.

Testing

  • go test -count=1 ./controllers/spec ./pkg/webhook
  • git diff --check

@github-actions

github-actions Bot commented Jul 8, 2026

Copy link
Copy Markdown

@jiangpengcheng:Thanks for your contribution. For this PR, do we need to update docs?
(The PR template contains info about doc, which helps others know more about the changes. Can you provide doc-related info in this and future PR descriptions? Thanks)

@github-actions github-actions Bot added the doc-info-missing This pr needs to mark a document option in description label Jul 8, 2026

@freeznet freeznet left a comment

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for adding first-class Schema Registry support. The overall shape looks good: types + deepcopy + CRDs are consistent, the OAuth2 mount reuses the existing generateVolumeFromOAuth2Config helpers (volume name = secretName-secretKey, so a broker/SR shared secret collapses to one volume mounted at two paths — correct), and the webhook validation + unit tests are solid.

A couple of things worth confirming before merge (details inline):

  1. Basic-auth ${ENV} interpolation inside producer_config — this is the first place the operator embeds ${...} placeholders into the _kafka_config.producer_config JSON rather than into a shell command, so it depends on the generic runtime expanding env vars in producer config values. Worth confirming.
  2. Minor: the OAuth2 sub-fields aren't validated in the webhook (relies on CRD required markers) — confirming that's intentional.

Nits (non-blocking): schema.registry.oauth2.config always serializes "scope":"" when scope is unset (consistent with the existing broker OAuth2 mapping, so fine); the PR carries the doc-info-missing label — user-facing docs for the new schemaRegistry fields should follow; and the Go 1.25.11 -> 1.25.12 bump is unrelated housekeeping bundled in here.

Comment thread controllers/spec/utils.go
Comment thread pkg/webhook/validate.go
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

doc-info-missing This pr needs to mark a document option in description

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants