From b15809e880b9b1f38637def471a50bbe4f0b554a Mon Sep 17 00:00:00 2001 From: Avin Zhang Date: Tue, 2 Jun 2026 11:54:06 +1000 Subject: [PATCH] Document schema registry connectivity over private endpoints Clarify that a Kafka ClickPipe's schema registry does not need to be publicly accessible and can be reached over the same reverse private endpoint (AWS PrivateLink / GCP PSC) as the brokers, provided its hostname resolves to the endpoint's private IPs. Updates both the schema registries page and the AWS PrivateLink page. Co-Authored-By: Claude Opus 4.8 (1M context) --- .../data-ingestion/clickpipes/aws-privatelink.md | 4 ++++ .../clickpipes/kafka/02_schema-registries.md | 11 +++++++++++ 2 files changed, 15 insertions(+) diff --git a/docs/integrations/data-ingestion/clickpipes/aws-privatelink.md b/docs/integrations/data-ingestion/clickpipes/aws-privatelink.md index 787a9314e41..bee04b9c4bf 100644 --- a/docs/integrations/data-ingestion/clickpipes/aws-privatelink.md +++ b/docs/integrations/data-ingestion/clickpipes/aws-privatelink.md @@ -36,6 +36,10 @@ data source types: - MySQL - MongoDB +:::note +For Kafka, the [schema registry](/integrations/clickpipes/kafka/schema-registries) can be reached over the same reverse private endpoint as the brokers — it does not need to be publicly accessible — provided its hostname resolves to the endpoint's private IP addresses. +::: + ## Supported AWS PrivateLink endpoint types {#aws-privatelink-endpoint-types} ClickPipes reverse private endpoint can be configured with one of the following AWS PrivateLink approaches: diff --git a/docs/integrations/data-ingestion/clickpipes/kafka/02_schema-registries.md b/docs/integrations/data-ingestion/clickpipes/kafka/02_schema-registries.md index 686fb2a6fe7..aa8a0f72964 100644 --- a/docs/integrations/data-ingestion/clickpipes/kafka/02_schema-registries.md +++ b/docs/integrations/data-ingestion/clickpipes/kafka/02_schema-registries.md @@ -32,6 +32,17 @@ To integrate with a schema registry during ClickPipes configuration, you must us 2. Provide a complete path to the schema ID (e.g. `https://registry.example.com/schemas/ids/1000`) 3. Provide the root schema registry URL (e.g. `https://registry.example.com`) +## Network connectivity {#network-connectivity} + +ClickPipes connects to the schema registry over HTTPS at the URL you provide. The schema registry does not need to be publicly accessible. + +If your Kafka brokers are reached through a [reverse private endpoint](/integrations/clickpipes/aws-privatelink) (AWS PrivateLink or GCP Private Service Connect), the schema registry can use the same private connectivity. ClickPipes resolves the registry hostname through the reverse private endpoint's private DNS, so a registry hosted privately alongside your brokers is reachable as long as its hostname resolves to the reverse private endpoint's private IP addresses (via the endpoint's private DNS support or a custom private DNS mapping). + +Keep the following in mind: + +- The schema registry URL must use `https://`. +- If the registry hostname resolves to a private address, it must be reachable through a reverse private endpoint selected for the ClickPipe; otherwise the connectivity check during setup will fail. + ## How it works {#how-schema-registries-work} ClickPipes dynamically retrieves and applies the schema from the configured schema registry.