Red Hat OpenShift Service Registry Service Definition
Introduction
Red Hat OpenShift Service Registry is provided as a fully hosted cloud service. The underlying platform is provisioned, operated, managed, and maintained by Red Hat. The service provides a production-grade managed schema registry and API definitions metadata repository for enterprises and organizations.
Service entitlements
Red Hat OpenShift Service Registry is available as a freely entitled service to the users of the following services:
-
Red Hat OpenShift Streams for Apache Kafka
-
Red Hat OpenShift API Management
The main use cases for OpenShift Service Registry are:
Store and manage schemas in event-driven architectures with OpenShift Streams for Apache Kafka
Schemas define the structure of data in a message and ensure that producers and consumers use the expected structure. Schemas force producers to publish data that conforms to a specific structure and compatibility policy, and also help consumers to parse and interpret the data.
You can use OpenShift Service Registry to store and manage the schemas used by your producers and consumers. OpenShift Service Registry also helps to reduce message size and improve overall performance. By storing the schemas in OpenShift Service Registry and passing only a schema ID rather than the whole schema in every message, the message size is reduced.
Store and manage API definitions in API-driven architectures with OpenShift API Management
When creating API-driven applications, the API definitions can be stored in a central datastore for easier discovery and governance. Development teams can query OpenShift Service Registry for existing API definitions for services already deployed in production, and can register new API definitions for new services in development.
You can use OpenShift Service Registry with OpenShift API Management to store and manage API definitions based on standards such as OpenAPI, GraphQL, WSDL, and AsyncAPI.
Deployment models
OpenShift Service Registry is deployed on multiple regions and administered and accessible only to Red Hat personnel. Based on a hybrid cloud architecture, the service is highly available and scalable.
The OpenShift Service Registry cloud service has a multi-tenant architecture. The compute and storage elements are deployed on multiple availability zones within a single region with ability to fail over and recover. Users can create their own Service Registry instance and control in which cloud provider and region their instance is hosted.
Red Hat provides the following components for provisioning and management tasks:
-
User interface
-
Service API
-
Identity and access management
-
Metrics and monitoring
-
Artifact management
-
Compatibility and validity rules
Customers access OpenShift Service Registry as a cloud service through public interfaces. Red Hat provides the following components for provisioning and monitoring tasks:
-
A web console
-
A dedicated
rhoascommand-line interface (CLI) tool -
A publicly available Service Registry Fleet Manager REST API
-
Client-side application libraries
Cloud provider and region availability
OpenShift Service Registry is currently available in the regions for the following cloud providers:
- Amazon Web Services (AWS)
- us-east-1
Cluster visibility and secure access
All Service Registry instances created through the OpenShift Service Registry cloud service are provisioned for secure access. Endpoints are TLS-enabled. External access is subject to authentication and authorization restrictions, which are configurable through the service’s identity and access management component.
Service configuration
OpenShift Service Registry follows an opinionated deployment of the Apicurio Schema Registry project optimized for high availability and reliability. The storage layer supporting OpenShift Service Registry is completely managed by Red Hat and not accessible to end users.
Operations related to provisioning and administering resources in the service are supported through the OpenShift Service Registry control plane interfaces (API, UI, and CLI). Resource operations available through the Service Registry REST API are restricted to prevent inappropriate modifications.
For a complete list of the operations available with the OpenShift Service Registry components, see the product documentation.
Service limits
All Service Registry instances created through Red Hat OpenShift Service Registry have predefined limits that represent the maximum capacity of a single Service Registry instance. Detailed information on the limits is provided in Red Hat OpenShift Service Registry Service Limits.
Red Hat actively monitors and enforces these limits in Service Registry instances. Customer usage that goes beyond these limits is subject to corrective action from Red Hat personnel, including but not limited to customer notification for correction, throttling, and service suspension.
Performance
Service Registry instances created through OpenShift Service Registry are capable of scaling to the service limits defined above. In the event that application and client performance do not meet expectations from a customer perspective, please contact Red Hat Support to help diagnose and resolve.
Identity and access management
The OpenShift Service Registry service supports authentication and authorization for end users (user identity) and Service Registry client applications (service accounts).
User identity
User identity is based on a customer’s redhat.com organization and identity. A customer’s user identity is used to access the OpenShift Service Registry service User Interface (UI), APIs, and Command-Line Interface (CLI).
Service accounts
Client applications access Service Registry instances through an authenticated service account. A service account provides the credentials - client ID and secret - for a client to access a Service Registry instance. OpenShift Service Registry components support service account creation. Creating service accounts for each client isolates and identifies client access to the Service Registry instance.
OpenShift Service Registry supports the ability to create multiple service accounts to isolate application access to a Service Registry instance.
Authentication
The service supports the SASL/OAUTHBEARER (recommended) and SASL/PLAIN (for clients that do not support SASL/OAUTHBEARER) protocols for client authentication.
Supported clients and APIs
Using the Core Registry REST API, client applications can manage schemas and API artifacts in OpenShift Service Registry. Red Hat tests and validates Java client libraries for the Core Registry API as part of the service release process. These libraries can be retrieved from Red Hat’s Maven repository or downloaded from product pages.
Compatibility with other schema registry REST APIs
In addition to the Core Registry API which offers most capabilities, OpenShift Service Registry provides API compatibility with the following schema registries by including implementations of their respective REST APIs:
-
Confluent Schema Registry version 6
-
IBM Event Streams schema registry version 1
-
CNCF CloudEvents Schema Registry version 0
Other Service Registry-compatible client tools should also work with OpenShift Service Registry. Responsibility for testing and validating unsupported clients is a customer responsibility.
For more information on supported clients, see Red Hat OpenShift Service Registry Supported and Compatible Configurations.
Security and compliance
The OpenShift Service Registry service is deployed on a fleet of OpenShift Dedicated instances. OpenShift Dedicated follows common industry best practices for security and controls. OpenShift Dedicated certifications are outlined in the product documentation.
OpenShift Service Registry stores customer data encrypted at rest leveraging native encryption services offered by the cloud providers.
All traffic over the wire is encrypted with TLS/SSL encryption.
OpenShift Service Registry uses logical separation of data between customers and provides controls designed to prevent unauthorized access to another customer’s data.
Metrics and logging
Service metrics
As a cloud service, OpenShift Service Registry collects a broad range of metrics on Service Registry instances spanning multiple components. Many of these metrics are internal only in order for Red Hat to provide and maintain the service at agreed levels and are therefore accessible to Red Hat authorized personnel only.
Service logging
System logs for all components of the OpenShift Service Registry are internal and available only to Red Hat personnel. Red Hat does not provide user access to component logs.
Updates and upgrades to the service
Red Hat will make a commercially reasonable effort to notify customers prior to service-impacting updates and upgrades. The determination of the need for a service update and the timing thereof are the sole responsibility of Red Hat.
Customers do not have control over when a service update occurs. Upgrades aim to preserve overall service availability, but may temporarily impact performance.
Service Registry clients have built-in compatibility across Service Registry versions, so Service Registry upgrades should not be service-impacting events for OpenShift Service Registry user.
Red Hat recommends that customers use the latest version of the client libraries described in Red Hat OpenShift Service Registry Supported and Compatible Configurations.
Service availability
Red Hat maintains a 99.95% availability for its General Availability cloud application services, including the underlying OpenShift Dedicated managed environment.
For more information, refer to Appendix 4 (Online Subscription Services) of the Red Hat Enterprise Agreements and Product Appendices.
Backup and disaster recovery
OpenShift Service Registry offers enhanced availability and durability through daily backups that occur in the OpenShift environment and replicating its stateful data to a different availability zone. In the event of a catastrophic failure, Red Hat site reliability engineers (SREs) will use a commercially reasonable approach to recover the service and data.
While the risk of data loss is minimized in this architecture, there remains a chance that data loss may occur in the case of failure of the whole deployment region. Additional backup and recovery procedures are the responsibility of the customer.
User-initiated operations might involve the deletion of Service Registry instances or artifacts. Recovery from any potentially destructive operations are the sole responsibility of the customer.
Getting Support
Red Hat OpenShift Service Registry is a premium offering. You have full access to the Red Hat Customer Portal with 24x7 production and developer-level support for our General Availability services.
File a ticket whenever you have a question or issue, specifying Red Hat OpenShift Service Registry.
For more details, see the Production Support Terms of Service.