Configuring initial installation

Find out what configuration to consider for the initial setup of your deployment. For more settings and managing your installation beyond initial setup, see advanced configuration.

Enabling persistent storage

To persist the data input into an Event Manager instance, configure persistent storage in your EventEndpointManagement configuration.

To enable persistent storage for EventEndpointManagement set spec.manager.storage.type to persistent-claim, and then configure the storage in one of the following ways:

Ensure that you have sufficient disk space for persistent storage.

Note: spec.manager.storage.type can also be set to ephemeral, although no persistence is provisioned with this configuration. Ephemeral storage is not recommended for production usage.

Dynamic provisioning

If a dynamic storage provisioner is present on the system, you can use the dynamic storage provisioner to dynamically provision the persistence for Event Endpoint Management. To configure this, set spec.manager.storage.storageClassName to the name of the storage class provided by the provisioner.

apiVersion: events.ibm.com/v1beta1
kind: EventEndpointManagement
# ...
spec:
  license:
    # ...
  manager:
    storage:
      type: persistent-claim
      storageClassName: csi-cephfs
# ...
  • Optionally, specify the storage size in storage.size (for example: "100Mi"). Ensure that the quantity suffix, such as Mi or Gi, is included.
  • Optionally, specify the root storage path where data is stored in storage.root (for example, "/opt/storage").
  • Optionally, specify the retention setting for the storage if the instance is deleted in storage.deleteClaim (for example, "true").

Providing persistent volumes

Before you install Event Endpoint Management, you can create a persistent volume for it to use as storage. To use a persistent volume that you created earlier, set the spec.manager.storage.selectors to match the labels on the persistent volume and set the spec.manager.storage.storageClassName to match the storageClassName on the persistent volume. The following example creates a persistent volume claim to bind to a persistent volume with the label precreated-persistence: my-pv and storageClassName: manual. Multiple labels can be added as selectors, and the persistent volume must have all labels present to match.

apiVersion: events.ibm.com/v1beta1
kind: EventEndpointManagement
# ...
spec:
  license:
    # ...
  manager:
    storage:
      type: persistent-claim
      selectors:
        precreated-persistence: my-pv
      storageClassName: manual
# ...

  • Optionally, specify the storage size in storage.size (for example: "100Mi"). Ensure that the quantity suffix, such as Mi or Gi, is included.
  • Optionally, specify the root storage path where data is stored in storage.root (for example, "/opt/storage").
  • Optionally, specify the retention setting for the storage if the instance is deleted in storage.deleteClaim (for example, "true").

Providing persistent volume and persistent volume claim

A persistent volume and persistent volume claim can be pre-created for Event Endpoint Management to use as storage. To use this method, set spec.manager.storage.existingClaimName to match the name of the pre-created persistent volume claim.

apiVersion: events.ibm.com/v1beta1
kind: EventEndpointManagement
# ...
spec:
  license:
    # ...
  manager:
    storage:
      type: persistent-claim
      existingClaimName: my-existing-pvc
# ...

Deploy network policies for operator-managed Event Gateways

By default, the operator deploys an instance-specific network policy when an instance of EventEndpointManagement or EventGateway is created. The deployment of these network policies can be turned off by setting the spec.deployNetworkPolicies to false.

The following code snippet is an example of a configuration that turns off the deployment of the network policy:

apiVersion: events.ibm.com/v1beta1
kind: EventEndpointManagement
# ...
spec:
  license:
    # ...
  deployNetworkPolicies: false
# ...
---
apiVersion: events.ibm.com/v1beta1
kind: EventGateway
# ...
spec:
  license:
    # ...
  deployNetworkPolicies: false  

Configuring ingress

If you are running on the Red Hat OpenShift Container Platform, routes are automatically configured to provide external access.

Optional: You can set a host for each exposed route on your Event Manager and operator-managed Event Gateway instances by setting values under spec.manager.endpoints[] in your EventEndpointManagement custom resource, and under spec.listeners[].groups[].endpoint in your EventGateway custom resource.

If you are running on other Kubernetes platforms, the Event Endpoint Management operator creates ingress resources to provide external access. No default hostnames are assigned to the ingress resource, and you must set hostnames for each exposed endpoint that is defined for the Event Manager and Event Gateway instances.

For the Event Manager instance, the spec.manager.endpoints[] section of your EventEndpointManagement custom resource must contain entries for the following service endpoints:

  • The Event Endpoint Management UI (service name: ui)
  • The Event Gateway (service name: gateway)
  • The Event Endpoint Management Admin API (service name: admin)
  • The Event Endpoint Management server for deploying gateways and exposing the Admin API (service name: server)

    Note:

    • The server service endpoint is required to deploy an Event Gateway by using the Event Endpoint Management UI.
    • The server service endpoint also exposes the Event Endpoint Management Admin API on path /admin, and can be used for making API requests to Event Endpoint Management programmatically. The Admin API URL is displayed on the Profile page.
    • The value that is supplied in endpoints[server].host must start with eem.

For each service endpoint, set the following values:

  • name is the name of the service: ui, gateway, admin, or server as applicable.
  • host is a DNS-resolvable hostname for accessing the named service.

For example:

apiVersion: events.ibm.com/v1beta1
kind: EventEndpointManagement
# ...
spec:
  manager:
    endpoints:
      - name: ui
        host: my-eem-ui.mycluster.com
      - name: gateway
        host: my-eem-gateway.mycluster.com
      - name: admin
        host: my-eem-admin.mycluster.com
      - name: server
        host: eem.my-eem-server.mycluster.com

For the operator-managed Event Gateway instance, set the gateway endpoint host in the spec.listeners[].groups[].endpoint section of your EventGateway custom resource, as shown in the following code snippet:

  ```yaml
  spec:
    listeners:
      - name: 
        groups:
        - name: 
          endpoint:
            host: my-gateway.example.com
  ```

Ingress default settings

If you are not running on the Red Hat OpenShift Container Platform, the following ingress defaults are set unless overridden:

  • class: The ingress class name is set by default to nginx. Set the class field on endpoints to use a different ingress class.

  • annotations: The following annotations are set by default on generated ingress endpoints:

  ingress.kubernetes.io/ssl-passthrough: 'true'
  nginx.ingress.kubernetes.io/backend-protocol: HTTPS
  nginx.ingress.kubernetes.io/ssl-passthrough: 'true'

If you specify a spec.manager.tls.ui.secretName on an EventEndpointManagement instance, the following reencrypt annotations are set on the ui ingress. Other ingresses are configured for pass-through.

    nginx.ingress.kubernetes.io/backend-protocol: HTTPS
    nginx.ingress.kubernetes.io/configuration-snippet: proxy_ssl_name "<HOSTNAME>";
    nginx.ingress.kubernetes.io/proxy-ssl-protocols: TLSv1.3
    nginx.ingress.kubernetes.io/proxy-ssl-secret: <NAMESPACE>/<SECRETNAME>
    nginx.ingress.kubernetes.io/proxy-ssl-verify: 'on'

Ingress annotations can be overridden by specifying an alternative set of annotations on an endpoint. The following code snippet is an example of overriding the annotations set on an operator-managed EventGateway gateway endpoint ingress.

apiVersion: events.ibm.com/v1beta1
kind: EventGateway
# ...
spec:
  # ...
  listeners:
    - name: <name>
      port: <port>
      groups:
      - name: <name>
        # ...
        endpoint:
          host: my-gateway.example.com
          annotations:
            some.annotation.foo: "true"
            some.other.annotation: value