Find out more abut the Custom Resource Definitions (CRDs) used by Event Endpoint Management.
eventendpointmanagement.events.ibm.com/v1beta1
Resource: spec
Field |
Type |
Description |
deployNetworkPolicies |
boolean |
Control deployment of NetworkPolicies used by the instance. (default: true) |
license |
license |
Object containing product licensing details. |
manager |
manager |
Object containing Event Manager configuration. |
eventgateway.events.ibm.com/v1beta1
Resource: spec
Field |
Type |
Description |
config |
string |
N/A. Usage not advised. |
deployNetworkPolicies |
boolean |
Control the deployment of NetworkPolicies that are used by the instance. (default: true) |
endpoints |
endpoint |
List of endpoint configurations. |
fips |
fips |
Object containing Federal Information Processing Standard (FIPS) configuration. |
gatewayGroupName |
string |
The name of the gateway group to which this gateway is to be added. |
gatewayID |
string |
The identifier of the gateway group to which this gateway is to be added. |
gatewayContact |
string |
The contact information of the gateway administrator. |
license |
license |
Object containing product licensing details. |
managerEndpoint |
string |
The endpoint address for an Event Manager instance. |
numKafkaBrokers |
integer |
The maximum number of Kafka brokers that the gateway can connect to. |
security |
security |
Object containing security configuration. |
template |
template |
Object containing Kubernetes resource overrides. |
tls |
tls |
Object containing TLS configuration. |
openTelemetry |
openTelemetry |
Object containing OpenTelemetry configuration. |
API reference of objects used in the CRDs
Resource: apic
Field |
Type |
Description |
clientSubjectDN |
string |
Common name used for mTLS with IBM API Connect. |
jwks |
jwks |
Objects containing jwks configuration. |
tls |
boolean |
Enable/Disable mTLS with API Connect. |
Resource: authConfig
Field |
Type |
Description |
authType |
string |
The authentication method you are going to use. One of LOCAL , OIDC , or INTEGRATION_KEYCLOAK . |
oidcConfig |
oidcConfig |
Object containing OIDC configuration. |
Resource: authentication
Field |
Type |
Description |
maxRetries |
integer |
The maximum number of failed authentication attempts after which further attempts are blocked. Default is -1 (no limit). |
retryBackoffMs |
integer |
The backoff time in milliseconds between consecutive failed authentication attempts. Default is 0. |
lockoutPeriod |
integer |
The duration in seconds while the account is locked after an unsuccessful authentication attempt. Default is 0. |
Resource: connection
Field |
Type |
Description |
closeDelayMs |
integer |
The minimum delay in milliseconds after you close a connection. This helps prevent spam. Default is 8000. |
closeJitterMs |
integer |
Additional delay in milliseconds after you close a connection. This helps prevent attacks. Default is 4000. |
perSubLimit |
integer |
The maximum allowed TCP connections for each subscription. Default is -1 (no limit). |
Resource: endpoint
Field |
Type |
Description |
annotations |
map[string]string |
The annotations to use in place of the default ingress annotations. |
class |
string |
The ingress class name to use on the ingress resource, defaults to nginx . |
host |
string |
The DNS resolvable hostname to set on the ingress endpoint. |
name |
string |
The name of the endpoint being configured. For valid values, see the following important notes. |
type |
string |
The type of exposure for an endpoint. Either external , internal , or disabled (default is external ). The type option is only applicable to the admin endpoint. The external type will expose the endpoint to network traffic from outside the cluster. The internal type will expose the endpoint to network traffic only from the cluster’s internal network. The disabled type will not expose the endpoint to any traffic. |
Important:
- On the OpenShift Container Platform,
annotations
and class
are not valid configuration options because OpenShift routes are created.
- On other Kubernetes platforms you must specify host values for exposed endpoints.
- Valid values for
name
are:
- For
EventEndpointManagement
resources: ui
, gateway
, admin
, and apic
.
- For
EventGateway
resources: gateway
.
Resource: fips
Field |
Type |
Description |
mode |
string |
The value for Federal Information Processing Standard (FIPS) mode. Valid value is ‘wall’. |
Resource: jwks
Field |
Type |
Description |
endpoint |
string |
Service endpoint to provide JWKS URL. |
Resource: license
For more information about licensing, see the licensing reference.
Field |
Type |
Description |
accept |
boolean |
Setting to true will declare that you have accepted the license terms and conditions. (default: false) |
license |
string |
The license with which you are installing the product. |
metric |
string |
The license metric being used for your product license. |
use |
string |
The usage of the license with which you are installing the product. |
Resource: manager
Field |
Type |
Description |
apic |
apic |
Object containing API Connect connection configuration. |
authConfig |
authConfig |
Object containing authentication configuration. |
endpoints |
[]endpoint |
List of endpoint configuration. |
extensionServices |
object |
Configure extension service endpoints. |
storage |
storage |
Object containing persistence configuration. |
template |
template |
Object containing Kubernetes resource overrides. |
tls |
tls |
Object containing TLS configuration. |
fips |
fips |
Object containing Federal Information Processing Standard (FIPS) configuration. |
openTelemetry |
openTelemetry |
Object containing OpenTelemetry configuration. |
Resource: oidcConfig
Field |
Type |
Description |
additionalScopes |
array[string] |
Additional scopes over openid, profile, email that should be required, useful when using the authorizationClaimPointer . |
authorizationClaimPointer |
string |
A JSON pointer to a claim in the ID token from the provider, which will be used for mapping authorization roles (for example, "/resource_access/client_id/roles" ). |
authorizationPath |
string |
The path to the authorization endpoint of this provider. |
clientIDKey |
string |
The key in the secret that contains the OIDC Client ID. |
clientSecretKey |
string |
The key in the secret that contains the OIDC Secret Key. |
discovery |
boolean |
Whether to use OIDC discovery to retrieve the configuration for this provider. |
endSessionPath |
string |
The path to the end session endpoint of this provider. |
secretName |
string |
Secret containing OIDC credentials. |
site |
string |
The site of the OIDC provider. |
tokenPath |
string |
The path to the token endpoint of this provider. |
Resource: pod
Field |
Type |
Description |
spec |
podSpec |
Kubernetes pod spec overrides. |
Resource: request
Field |
Type |
Description |
maxSizeBytes |
integer |
The maximum size allowed for the request payload in bytes. Default is -1 (no limit). |
Resource: security
Field |
Type |
Description |
connection |
connection |
Object containing connection options. |
authentication |
authentication |
Object containing authentication options. |
request |
request |
Object containing request options. |
Resource: storage
Field |
Type |
Description |
deleteClaim |
boolean |
Specifies if the persistent volume claim has to be deleted when the instance is deleted. |
existingClaimName |
string |
The name of a pre-created Persistence Volume Claim (PVC). |
root |
string |
The root storage path where data will be stored. |
rotationSecretName |
string |
The Kubernetes secret used for supplying a new encryption key. |
selectors |
object |
Labels to be used during PVC bind. |
size |
string |
The storage size limit for the volume. |
storageClassName |
string |
The storage class name to use on created Persistent Volume Claims (PVCs). |
type |
string |
Type of persistence to use. One of ephemeral or persistent-claim . |
Resource: template
Field |
Type |
Description |
annotations |
object |
Annotations that will be added to all Kubernetes resources used by the instance. |
labels |
object |
Labels that will be added to all Kubernetes resources used by the instance. |
pod |
pod |
Object containing pod override configuration. |
Resource: tls
Field |
Type |
Description |
caCertificate |
string |
The key in the secret that holds the value of the CA certificate. |
caSecretName |
string |
The name of a secret containing a root CA certificate that the product should use when creating additional certificates. |
key |
string |
The key in the secret that holds the value of the private key. |
secretName |
string |
The name of a secret containing certificates for securing component communications. |
serverCertificate |
string |
The key in the secret that holds the value of the server certificate. |
trustedCertificates |
array[trustedCertificate] |
A set of secrets containing certificates which the Event Manager should trust when communicating with other services, such as gateways or OIDC providers. |
ui |
ui |
Object containing TLS configuration explicitly for the UI. (Not present in eventgateway.events.ibm.com/v1beta1) |
Resource: otelTLS
Field |
Type |
Description |
clientCertificate |
string |
The key in the secret that holds the value of the PKCS8 encoded client certificate to use for mutualTLS (mTLS). |
clientKey |
string |
The key in the secret that holds the value of the PKCS8 encoded private key certificate to use for mutualTLS (mTLS). |
secretName |
string |
The name of a secret containing certificates for securing component communications for mutualTLS (mTLS). |
trustedCertificate |
trustedCertificate |
Configuration of a secret containing a TLS certificate to trust to validate the endpoint servers identity. |
Resource: trustedCertificate
Field |
Type |
Description |
certificate |
string |
The key within the specified secret that holds the value of the CA certificate. |
secretName |
string |
The name of a Kubernetes secret containing a CA certificate to add to the truststore. |
Resource: ui
Field |
Type |
Description |
caCertificate |
string |
The key in the secret that holds the value of the CA certificate. |
key |
string |
The key in the secret that holds the value of the private key. |
secretName |
string |
The name of a secret containing certificates for securing component communications. |
serverCertificate |
string |
The key in the secret that holds the value of the server certificate. |
Resource: openTelemetry
Field |
Type |
Description |
endpoint |
string |
The endpoint to send the OpenTelemetry metrics. Must include protocol http:// or https:// |
protocol |
string |
The transport protocol to use, grpc (default) or http/protobuf. |
interval |
integer |
The interval between reporting of metrics in milliseconds. Default is 30000. |
tls |
otelTLS |
The configuration of SSL Certificates for mTLS and a trusted certificate for endpoint server validation. |
instrumentations |
[]instrumentation |
A list of instrumentations to enable in addition to those for the Event Manager and Event Gateway. |
Resource: instrumentation
Field |
Type |
Description |
name |
string |
The instrumentation name. |
enabled |
boolean |
Whether to enable or disabled the specified instrumentation. |
Important:
- The instrumentation name should be the instrumentation shortname. The supplied shortname is then configured as an env var against the relevant pod as
OTEL_INSTRUMENTATION_<name>_ENABLED=<enabled>
automatically.
status
Find the CRDs supported by status
.
Important: Status field is used to display specific information about the instance. Do not edit the status field manually.
Resource: status
Field |
Type |
Description |
conditions |
array[condition] |
A list of conditions representing the state of the custom resource. |
versions |
versions |
Object containing versioning information. |
endpoints |
array[endpoint] |
A list of endpoints exposed by the instance. |
phase |
string |
A value representing the phase in which the instance is operating. One of Running , Failed or Pending . |
Resource: available
Field |
Type |
Description |
versions |
array[version] |
A list of the available versions. |
channels |
array[channel] |
A list of the available channels. |
Resource: availableLicense
Field |
Type |
Description |
name |
string |
The semantic version number. |
displayName |
string |
Optional display name for the license. |
link |
string |
Link to the license content. |
matchesCurrentType |
boolean |
True if the license matches the type of license used by the current operand. |
licenseUseList |
array[string] |
A list of available license uses. |
availableMetrics |
array[string] |
A list of available licenses metrics. |
Resource: condition
Field |
Type |
Description |
lastTransitionTime |
string |
The time at which the condition was applied. |
message |
string |
Human-readable message indicating details about the condition. |
reason |
string |
Machine-readable, UpperCamelCase text indicating the reason for the condition. |
status |
string |
Indicates whether that condition is applicable. One of True , False or Unknown . |
Resource: endpoint
Field |
Type |
Description |
name |
string |
Unique name for the endpoint. |
type |
string |
Type of service the endpoint is exposing. For example UI or API . |
scope |
string |
The scope of the endpoint. For example External , Internal . |
uri |
string |
The URI of the endpoint. |
Resource: channel
Field |
Type |
Description |
name |
string |
The semantic version number. |
licenses |
array[availableLicense] |
A list of available licenses. |
type |
string |
The identifier of the condition. |
Resource: version
Field |
Type |
Description |
name |
string |
The semantic version number. |
licenses |
array[availableLicense] |
A list of available licenses. |
Resource: versions
Field |
Type |
Description |
reconciled |
string |
The reconciled version of the instance |
available |
available |
Object containing available versions. |