Skip to content

Event endpoint management

Event Endpoint management is a platform to manage asyncAPI definitions and enforces consumer applications to go to event gateway to control consumer traffic.

Next section is for the flows: 1,2,3,4.

Process of managing AsyncAPI

A Kafka topic owner can define an asyncAPI bottom up (using editors and may tools to extract data from schema, cluster and topic definition), or uses API management to define an asyncAPI document from an existing deployed topic:

  • From the API Connect home page

  • He defines asyncAPI with basic name, version and summary

  • completed with Kafka server bootstrap URL, topic name and schema definition:

  • complement with how to securely access the Kafka cluster, using a user with consumer ACL on specific topic, and the CA certificate in .pem format:

  • As the API needs to be visible in the Catalog, he publishes it as a product:

  • The outcome is the address of the event gateway and API key and secret to be used by future applications:

  • Newly create product is in the sandbox catalog:

Once in the catalog the product is visible in the API portal so other developers can subscribe to the product. See tech-adamy lab for that.

Event Endpoint Management deployment

CP4I Installation

  • Product documentation - installation
  • IBM recommends installing the operators for Platform Navigator, Automation Foundation assets, and Operations Dashboard because they assist in the deployment and management of the other capabilities.
  • Typically, a cluster administrator installs the operators, and an automation administrator creates the custom resources
  • Select installation mode for the operators: All namespace (in the openshift-operators) or specific namespace: operator only processes resources created in that namespace
  • If the operators are installed at cluster scope, the entire cluster effectively behaves as one large tenant.
  • If the operators are installed at namespace scope, each namespace effectively behaves as a different tenant.
  • With All namespace there can be only one Platform Navigator installed per cluster, and all Cloud Pak instances are owned by that Platform Navigator.
  • Verify the cluster scope permission needed per capabilities in this product doc
  • For both installation modes, by default a single instance of IBM Cloud Pak foundational services is installed in the ibm-common-services namespace if the foundational services operator is not already installed on the cluster.

EEPM deployment

  • Product documentation - deployment
  • Install an instance of the Event Endpoint Management capability in a single namespace.
  • Event Endpoint Management is installed and configured by the API Connect operator through the EventEndpointManager custom resource type
  • There are different deployment profiles: minimum with one node, and then 3 nodes

  • Use yaml from one of the solution, be sure to include the namespace for the target project where EEPM will run.

    # For rt-inventory demo
oc apply -k environments/rt-inventory-dev/services/event-endpoint/overlays

  • Verify

    oc get eventendpointmanager eda-eepm -ojsonpath={.status.phase}

    The installation creates the following pods

    pods description
    postgres-operator a dedicated operator to manage local postgresql servers
    postgreql server
    backrest repo an postgresql server for REST repository
    pgbouncer
    LDAP
    nats operator NATS middleware operator
    nats cluster NATS servers

...wait some long time...

Getting Started

API Connect components

An IBM API Connect cluster (defined through its APIConnectCluster Custom Resource Definition - CRD), deploys the following subsystems:

  • Management Cluster (ManagementCluster CRD)
  • Portal Cluster (PortalCluster CRD)
  • Gateway Cluster (GatewayCluster CRD)
  • Analytics Cluster (AnalyticsCluster CRD)

Info

The reason for the IBM API Connect subsystems to be called clusters is because each of those can be easily deployed highly available by using the profile property. As a result, it is common to see and strongly recommended, specially on production environments, to deploy all of these IBM API Connect subsystems using their highly available profile, which will deploy 3 replicas of each componet.

Registering event gateway service

Access to your event sources can be controlled by the Event Gateway Service. The service enforces runtime policies to secure and control access to Kafka topics hosted on one or more backend Kafka clusters. The Evt Gtw Service needs to be in the catalog. See these instructions to register the service.

# example for getting the URL
oc get eventgatewaycluster apim-demo-egw -ojsonpath='{.status.endpoints[?(@.name=="eventGateway")].uri}'

To see current TLS certificated used by the service, go to Cloud Manager > Manage resources > TLS > keystore

Connecting the consumer app

See the tech-academy lab for subsribing to the AsyncAPI and get server credential.

More Reading