API reference for the CRDs

Find out more abut the Custom Resource Definitions (CRDs) used by Event Endpoint Management.

eventendpointmanagement.events.ibm.com/v1beta1

Resource: spec

Field Type Description
deployNetworkPolicies boolean Control deployment of NetworkPolicies used by the instance. (default: true)
license license Object containing product licensing details.
manager manager Object containing Event Manager configuration.

eventgateway.events.ibm.com/v1beta1

Resource: spec

Field Type Description
config string N/A. Usage not advised.
deployNetworkPolicies boolean Control the deployment of NetworkPolicies that are used by the instance. (default: true)
endpoints endpoint List of endpoint configurations.
fips fips Object containing Federal Information Processing Standard (FIPS) configuration.
gatewayGroupName string The name of the gateway group to which this gateway is to be added.
gatewayID string The identifier of the gateway group to which this gateway is to be added.
gatewayContact string The contact information of the gateway administrator.
license license Object containing product licensing details.
managerEndpoint string The endpoint address for an Event Manager instance.
numKafkaBrokers integer The maximum number of Kafka brokers that the gateway can connect to.
security security Object containing security configuration.
template template Object containing Kubernetes resource overrides.
tls tls Object containing TLS configuration.
openTelemetry openTelemetry Object containing OpenTelemetry configuration.

API reference of objects used in the CRDs

Resource: apic

Field Type Description
clientSubjectDN string Common name used for mTLS with IBM API Connect.
jwks jwks Objects containing jwks configuration.
tls boolean Enable/Disable mTLS with API Connect.

Resource: authConfig

Field Type Description
authType string The authentication method you are going to use. One of LOCAL, OIDC, or INTEGRATION_KEYCLOAK.
oidcConfig oidcConfig Object containing OIDC configuration.

Resource: authentication

Field Type Description
maxRetries integer The maximum number of failed authentication attempts after which further attempts are blocked. Default is -1 (no limit).
retryBackoffMs integer The backoff time in milliseconds between consecutive failed authentication attempts. Default is 0.
lockoutPeriod integer The duration in seconds while the account is locked after an unsuccessful authentication attempt. Default is 0.

Resource: connection

Field Type Description
closeDelayMs integer The minimum delay in milliseconds after you close a connection. This helps prevent spam. Default is 8000.
closeJitterMs integer Additional delay in milliseconds after you close a connection. This helps prevent attacks. Default is 4000.
perSubLimit integer The maximum allowed TCP connections for each subscription. Default is -1 (no limit).

Resource: endpoint

Field Type Description
annotations map[string]string The annotations to use in place of the default ingress annotations.
class string The ingress class name to use on the ingress resource, defaults to nginx.
host string The DNS resolvable hostname to set on the ingress endpoint.
name string The name of the endpoint being configured. For valid values, see the following important notes.
type string The type of exposure for an endpoint. Either external, internal, or disabled (default is external). The type option is only applicable to the admin endpoint. The external type will expose the endpoint to network traffic from outside the cluster. The internal type will expose the endpoint to network traffic only from the cluster’s internal network. The disabled type will not expose the endpoint to any traffic.

Important:

  • On the OpenShift Container Platform, annotations and class are not valid configuration options because OpenShift routes are created.
  • On other Kubernetes platforms you must specify host values for exposed endpoints.
  • Valid values for name are:
    • For EventEndpointManagement resources: ui, gateway, admin, and apic.
    • For EventGateway resources: gateway.

Resource: fips

Field Type Description
mode string The value for Federal Information Processing Standard (FIPS) mode. Valid value is ‘wall’.

Resource: jwks

Field Type Description
endpoint string Service endpoint to provide JWKS URL.

Resource: license

For more information about licensing, see the licensing reference.

Field Type Description
accept boolean Setting to true will declare that you have accepted the license terms and conditions. (default: false)
license string The license with which you are installing the product.
metric string The license metric being used for your product license.
use string The usage of the license with which you are installing the product.

Resource: manager

Field Type Description
apic apic Object containing API Connect connection configuration.
authConfig authConfig Object containing authentication configuration.
endpoints []endpoint List of endpoint configuration.
extensionServices object Configure extension service endpoints.
storage storage Object containing persistence configuration.
template template Object containing Kubernetes resource overrides.
tls tls Object containing TLS configuration.
fips fips Object containing Federal Information Processing Standard (FIPS) configuration.
openTelemetry openTelemetry Object containing OpenTelemetry configuration.

Resource: oidcConfig

Field Type Description
additionalScopes array[string] Additional scopes over openid, profile, email that should be required, useful when using the authorizationClaimPointer.
authorizationClaimPointer string A JSON pointer to a claim in the ID token from the provider, which will be used for mapping authorization roles (for example, "/resource_access/client_id/roles").
authorizationPath string The path to the authorization endpoint of this provider.
clientIDKey string The key in the secret that contains the OIDC Client ID.
clientSecretKey string The key in the secret that contains the OIDC Secret Key.
discovery boolean Whether to use OIDC discovery to retrieve the configuration for this provider.
endSessionPath string The path to the end session endpoint of this provider.
secretName string Secret containing OIDC credentials.
site string The site of the OIDC provider.
tokenPath string The path to the token endpoint of this provider.

Resource: pod

Field Type Description
spec podSpec Kubernetes pod spec overrides.

Resource: request

Field Type Description
maxSizeBytes integer The maximum size allowed for the request payload in bytes. Default is -1 (no limit).

Resource: security

Field Type Description
connection connection Object containing connection options.
authentication authentication Object containing authentication options.
request request Object containing request options.

Resource: storage

Field Type Description
deleteClaim boolean Specifies if the persistent volume claim has to be deleted when the instance is deleted.
existingClaimName string The name of a pre-created Persistence Volume Claim (PVC).
root string The root storage path where data will be stored.
rotationSecretName string The Kubernetes secret used for supplying a new encryption key.
selectors object Labels to be used during PVC bind.
size string The storage size limit for the volume.
storageClassName string The storage class name to use on created Persistent Volume Claims (PVCs).
type string Type of persistence to use. One of ephemeral or persistent-claim.

Resource: template

Field Type Description
annotations object Annotations that will be added to all Kubernetes resources used by the instance.
labels object Labels that will be added to all Kubernetes resources used by the instance.
pod pod Object containing pod override configuration.

Resource: tls

Field Type Description
caCertificate string The key in the secret that holds the value of the CA certificate.
caSecretName string The name of a secret containing a root CA certificate that the product should use when creating additional certificates.
key string The key in the secret that holds the value of the private key.
secretName string The name of a secret containing certificates for securing component communications.
serverCertificate string The key in the secret that holds the value of the server certificate.
trustedCertificates array[trustedCertificate] A set of secrets containing certificates which the Event Manager should trust when communicating with other services, such as gateways or OIDC providers.
ui ui Object containing TLS configuration explicitly for the UI. (Not present in eventgateway.events.ibm.com/v1beta1)

Resource: otelTLS

Field Type Description
clientCertificate string The key in the secret that holds the value of the PKCS8 encoded client certificate to use for mutualTLS (mTLS).
clientKey string The key in the secret that holds the value of the PKCS8 encoded private key certificate to use for mutualTLS (mTLS).
secretName string The name of a secret containing certificates for securing component communications for mutualTLS (mTLS).
trustedCertificate trustedCertificate Configuration of a secret containing a TLS certificate to trust to validate the endpoint servers identity.

Resource: trustedCertificate

Field Type Description
certificate string The key within the specified secret that holds the value of the CA certificate.
secretName string The name of a Kubernetes secret containing a CA certificate to add to the truststore.

Resource: ui

Field Type Description
caCertificate string The key in the secret that holds the value of the CA certificate.
key string The key in the secret that holds the value of the private key.
secretName string The name of a secret containing certificates for securing component communications.
serverCertificate string The key in the secret that holds the value of the server certificate.

Resource: openTelemetry

Field Type Description
endpoint string The endpoint to send the OpenTelemetry metrics. Must include protocol http:// or https://
protocol string The transport protocol to use, grpc (default) or http/protobuf.
interval integer The interval between reporting of metrics in milliseconds. Default is 30000.
tls otelTLS The configuration of SSL Certificates for mTLS and a trusted certificate for endpoint server validation.
instrumentations []instrumentation A list of instrumentations to enable in addition to those for the Event Manager and Event Gateway.

Resource: instrumentation

Field Type Description
name string The instrumentation name.
enabled boolean Whether to enable or disabled the specified instrumentation.

Important:

  • The instrumentation name should be the instrumentation shortname. The supplied shortname is then configured as an env var against the relevant pod as OTEL_INSTRUMENTATION_<name>_ENABLED=<enabled> automatically.

status

Find the CRDs supported by status.

Important: Status field is used to display specific information about the instance. Do not edit the status field manually.

Resource: status

Field Type Description
conditions array[condition] A list of conditions representing the state of the custom resource.
versions versions Object containing versioning information.
endpoints array[endpoint] A list of endpoints exposed by the instance.
phase string A value representing the phase in which the instance is operating. One of Running, Failed or Pending.

Resource: available

Field Type Description
versions array[version] A list of the available versions.
channels array[channel] A list of the available channels.

Resource: availableLicense

Field Type Description
name string The semantic version number.
displayName string Optional display name for the license.
link string Link to the license content.
matchesCurrentType boolean True if the license matches the type of license used by the current operand.
licenseUseList array[string] A list of available license uses.
availableMetrics array[string] A list of available licenses metrics.

Resource: condition

Field Type Description
lastTransitionTime string The time at which the condition was applied.
message string Human-readable message indicating details about the condition.
reason string Machine-readable, UpperCamelCase text indicating the reason for the condition.
status string Indicates whether that condition is applicable. One of True, False or Unknown.

Resource: endpoint

Field Type Description
name string Unique name for the endpoint.
type string Type of service the endpoint is exposing. For example UI or API.
scope string The scope of the endpoint. For example External, Internal.
uri string The URI of the endpoint.

Resource: channel

Field Type Description
name string The semantic version number.
licenses array[availableLicense] A list of available licenses.
type string The identifier of the condition.

Resource: version

Field Type Description
name string The semantic version number.
licenses array[availableLicense] A list of available licenses.

Resource: versions

Field Type Description
reconciled string The reconciled version of the instance
available available Object containing available versions.