docs (k8s): add Schema Registry ACLs for Redpanda Operator#1619
Open
david-yu wants to merge 16 commits intoredpanda-data:mainfrom
Open
docs (k8s): add Schema Registry ACLs for Redpanda Operator#1619david-yu wants to merge 16 commits intoredpanda-data:mainfrom
david-yu wants to merge 16 commits intoredpanda-data:mainfrom
Conversation
Add documentation for managing Schema Registry ACLs using the Redpanda Operator's User, RedpandaRole, and Group custom resources. This covers the new `subject` and `registry` ACL resource types added in operator PR redpanda-data/redpanda-operator#1306. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Contributor
|
Important Review skippedAuto incremental reviews are disabled on this repository. Please check the settings in the CodeRabbit UI or the ⚙️ Run configurationConfiguration used: Organization UI Review profile: CHILL Plan: Pro Run ID: You can disable this status message by setting the Use the checkbox below for a quick retry:
📝 WalkthroughWalkthroughThis pull request adds documentation for managing Schema Registry ACLs with the Redpanda Operator in Kubernetes. The changes include a new navigation entry pointing to a comprehensive documentation file that describes how to define and manage Schema Registry ACLs across User, RedpandaRole, and Group resources. The documentation covers supported operations, prerequisites, manifest examples, common use cases, and verification steps. Additionally, cross-reference links are added to an existing schema controller documentation file. Estimated code review effort🎯 3 (Moderate) | ⏱️ ~20 minutes Possibly related PRs
Suggested reviewers
🚥 Pre-merge checks | ✅ 3✅ Passed checks (3 passed)
✏️ Tip: You can configure your own custom pre-merge checks in the settings. ✨ Finishing Touches🧪 Generate unit tests (beta)
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
✅ Deploy Preview for redpanda-docs-preview ready!Built without sensitive environment variables
To edit notification comments on pull requests, go to your Netlify project configuration. |
![coderabbitai[bot]](https://avatars.githubusercontent.com/in/347564?s=60&v=4){kind=small}
Contributor
There was a problem hiding this comment.
🧹 Nitpick comments (2)
modules/manage/pages/kubernetes/security/authentication/k-schema-registry-acls.adoc (1)
6-6: Prefer auto-title xrefs where possible.Several xrefs hard-code link text; repository convention prefers
xref:...[]so titles are pulled from targets automatically.Based on learnings: "AsciiDoc linking: prefer using xref links with empty brackets (e.g., xref:section/target.adoc[]) because the title is pulled from the referenced document automatically."
Also applies to: 41-42, 55-56
🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed. In `@modules/manage/pages/kubernetes/security/authentication/k-schema-registry-acls.adoc` at line 6, The xref links in k-schema-registry-acls.adoc currently include hard-coded link text (e.g., xref:reference:k-crd.adoc#k8s-api-github-com-redpanda-data-redpanda-operator-operator-api-redpanda-v1alpha2-user[User] and xref:reference:k-crd.adoc#k8s-api-github-com-redpanda-data-redpanda-operator-operator-api-redpanda-v1alpha2-role[RedpandaRole]); replace those explicit labels with auto-title xrefs by removing the bracket text so they become xref:reference:k-crd.adoc#k8s-api-github-com-redpanda-data-redpanda-operator-operator-api-redpanda-v1alpha2-user[] and xref:reference:k-crd.adoc#k8s-api-github-com-redpanda-data-redpanda-operator-operator-api-redpanda-v1alpha2-role[], and apply the same change to the other occurrences noted around lines 41-42 and 55-56 so the link titles are pulled automatically from the target documents.modules/manage/pages/kubernetes/k-schema-controller.adoc (1)
281-281: Use empty-bracket xref for consistency with docs linking style.This link can rely on target page title instead of hard-coded text.
Suggested diff
-* xref:manage:kubernetes/security/authentication/k-schema-registry-acls.adoc[Manage Schema Registry ACLs (Operator)] +* xref:manage:kubernetes/security/authentication/k-schema-registry-acls.adoc[]Based on learnings: "AsciiDoc linking: prefer using xref links with empty brackets (e.g., xref:section/target.adoc[]) because the title is pulled from the referenced document automatically."
🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed. In `@modules/manage/pages/kubernetes/k-schema-controller.adoc` at line 281, Replace the explicit link text xref:manage:kubernetes/security/authentication/k-schema-registry-acls.adoc[Manage Schema Registry ACLs (Operator)] with an empty-bracket xref so the target title is pulled automatically, e.g. xref:manage:kubernetes/security/authentication/k-schema-registry-acls.adoc[]; update the occurrence in k-schema-controller.adoc where that xref appears.
🤖 Prompt for all review comments with AI agents
Verify each finding against the current code and only fix it if needed.
Nitpick comments:
In `@modules/manage/pages/kubernetes/k-schema-controller.adoc`:
- Line 281: Replace the explicit link text
xref:manage:kubernetes/security/authentication/k-schema-registry-acls.adoc[Manage
Schema Registry ACLs (Operator)] with an empty-bracket xref so the target title
is pulled automatically, e.g.
xref:manage:kubernetes/security/authentication/k-schema-registry-acls.adoc[];
update the occurrence in k-schema-controller.adoc where that xref appears.
In
`@modules/manage/pages/kubernetes/security/authentication/k-schema-registry-acls.adoc`:
- Line 6: The xref links in k-schema-registry-acls.adoc currently include
hard-coded link text (e.g.,
xref:reference:k-crd.adoc#k8s-api-github-com-redpanda-data-redpanda-operator-operator-api-redpanda-v1alpha2-user[User]
and
xref:reference:k-crd.adoc#k8s-api-github-com-redpanda-data-redpanda-operator-operator-api-redpanda-v1alpha2-role[RedpandaRole]);
replace those explicit labels with auto-title xrefs by removing the bracket text
so they become
xref:reference:k-crd.adoc#k8s-api-github-com-redpanda-data-redpanda-operator-operator-api-redpanda-v1alpha2-user[]
and
xref:reference:k-crd.adoc#k8s-api-github-com-redpanda-data-redpanda-operator-operator-api-redpanda-v1alpha2-role[],
and apply the same change to the other occurrences noted around lines 41-42 and
55-56 so the link titles are pulled automatically from the target documents.
ℹ️ Review info
⚙️ Run configuration
Configuration used: Organization UI
Review profile: CHILL
Plan: Pro
Run ID: 85b3a6ad-76ca-41ed-af12-72b7c75648f6
📒 Files selected for processing (3)
modules/ROOT/nav.adocmodules/manage/pages/kubernetes/k-schema-controller.adocmodules/manage/pages/kubernetes/security/authentication/k-schema-registry-acls.adoc
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
kbatuigas
requested changes
Mar 20, 2026
modules/manage/pages/kubernetes/security/authentication/k-schema-registry-acls.adoc
Show resolved
Hide resolved
modules/manage/pages/kubernetes/security/authentication/k-schema-registry-acls.adoc
Show resolved
Hide resolved
modules/manage/pages/kubernetes/security/authentication/k-schema-registry-acls.adoc
Outdated
Show resolved
Hide resolved
modules/manage/pages/kubernetes/security/authentication/k-schema-registry-acls.adoc
Outdated
Show resolved
Hide resolved
modules/manage/pages/kubernetes/security/authentication/k-schema-registry-acls.adoc
Outdated
Show resolved
Hide resolved
modules/manage/pages/kubernetes/security/authentication/k-schema-registry-acls.adoc
Show resolved
Hide resolved
modules/manage/pages/kubernetes/security/authentication/k-schema-registry-acls.adoc
Show resolved
Hide resolved
modules/manage/pages/kubernetes/security/authentication/k-schema-registry-acls.adoc
Outdated
Show resolved
Hide resolved
modules/manage/pages/kubernetes/security/authentication/k-schema-registry-acls.adoc
Show resolved
Hide resolved
modules/manage/pages/kubernetes/security/authentication/k-schema-registry-acls.adoc
Show resolved
Hide resolved
…ma-registry-acls.adoc Co-authored-by: Kat Batuigas <36839689+kbatuigas@users.noreply.github.com>
…ma-registry-acls.adoc Co-authored-by: Kat Batuigas <36839689+kbatuigas@users.noreply.github.com>
Contributor
Author
|
Thanks @kbatuigas I will incorporate your feedback. |
david-yu
changed the title
The operations list is already linked from the line above, so the subsection was duplicating content from the Schema Registry Authorization page. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Document the new monitoring.enabled, monitoring.scrapeInterval, and monitoring.labels Helm values that deploy a ServiceMonitor resource alongside Console for automatic Prometheus discovery. Relates to redpanda-data/redpanda-operator#1056 Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
- Add page-topic-type and personas metadata - Trim description to under 155 chars - Replace repeated "Ensure" in prerequisites with noun-led format - Replace "You can add" openers with direct statements - Fix "the Redpanda Schema Registry" -> "Schema Registry" - Trim "For details about" verbose opener - Rename "Suggested reading" to "Next steps" Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
The include directive for group-crds.feature was missing, causing the code block not to render on the deploy preview. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
The doc page describes both topic and subject ACLs in the examples, but the feature files only had topic ACLs. Add the missing subject ACL entries to match the documentation. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Move the explanatory text from after the code blocks to before them so it serves as intro text for each subsection. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Extract the three inline YAML examples from the Common use cases section into tagged scenarios in user-crds.feature so they are testable. Revert unrelated changes to the Console deploy page. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Do not Merge until 26.1 GA
Preview: https://deploy-preview-1619--redpanda-docs-preview.netlify.app/current/manage/kubernetes/security/authentication/k-schema-registry-acls/#grant-a-user-read-access-to-a-subject
subjectandregistryACL resource types for User, RedpandaRole, and Group CRDs introduced in Add Schema Registry ACLs redpanda-operator#1306Test plan
🤖 Generated with Claude Code