The following tables show configurable Event Gateway properties. How you set these properties depends on your gateway deployment type:
- Kubernetes Deployments use a ConfigMap and environment variables.
- Operator-managed gateways use the custom resource and environment variables.
- Docker gateways use environment variables that are provided as command-line arguments to
docker run.
Note: Where custom resource property fields contain “Not applicable” this means that no one-to-one mapping exists for this property with the ConfigMap or environment variables. The property still exists for the operator-managed gateway, but is derived from multiple properties, for example KAFKA_LISTENERS is derived from the custom resource properties spec.listerners[listener].name and spec.listeners[].port. Refer to the Event Gateway CRD reference for details of the Event Gateway custom resource properties.
General Event Gateway configuration properties
Configuration properties that apply to all Event Gateway deployments.
| Custom resource property | ConfigMap property | Environment variable | Description |
|---|---|---|---|
spec.manager.trustedCertificate |
manager.client.trust.pem |
MANAGER_CLIENT_TRUST_PEM |
The PEM encoded CA Certificates required to trust the Event Manager. Can be provided inline or by file reference with path file:///path/to/file.Type: String Dynamic: True Required: False |
| Use environment variable. | tls.versions |
TLS_VERSIONS |
The TLS versions that the Event Gateway can use. Default: TLSv1.3Type: String Required: False |
spec.manager.endpoint |
manager.client.url |
MANAGER_CLIENT_URL |
The URL to the gateway API on the Event Manager. Type: String Dynamic: True Required: False |
spec.manager.apiKey |
manager.client.api.key |
MANAGER_CLIENT_API_KEY |
The API key for access to the gateway API on the Event Manager. Used for access token exchange. Type: String Dynamic: True Required: False |
| Use environment variable. | manager.scan.interval |
MANAGER_SCAN_INTERVAL |
The period between checks for Event Manager updates in milliseconds (ms). Default: 30000Type: Integer Required: False |
| Use environment variable. | hostname |
HOSTNAME |
The hostname of this Event Gateway. Default: Set by Docker Type: String Required: True |
spec.gatewayContact |
gateway.contact |
GATEWAY_CONTACT |
Contact information for the owner of this Event Gateway. This information is displayed in the Event Endpoint Management UI. Type: String Dynamic: True Required: False |
| Use environment variable. | bootstrap.connection.timeout |
BOOTSTRAP_CONNECTION_TIMEOUT |
The bootstrap connection timeout, if a connection attempt exceeds this time in milliseconds (ms) it fails. Default: 30000Type: Integer Dynamic: True Required: False |
| Use environment variable. | monitor.scan.interval |
MONITOR_SCAN_INTERVAL |
The period between running cluster monitor updates in milliseconds (ms). Default: 30000Type: Integer Required: False |
| spec.traceSpec | trace.spec | TRACE_SPEC | Specifies the trace level. For example, debug, info, error.Default: infoType: String Required: False |
| Not applicable. | Not applicable. | swid |
SWID Tag ID for IBM License Metric Tool licensing in stand-alone mode. Valid values: CP4I, EA. Type: String Dynamic: True Required: False |
Kafka protocol configuration
Properties that manage how the Kafka protocol is managed by the Event Gateway.
| Custom resource property | ConfigMap property | Environment variable | Description |
|---|---|---|---|
| Not applicable. | kafka.listeners |
KAFKA_LISTENERS |
The Kafka listener. The format is: <listener name>://<host>:<port>. For example,: MY_SERVER_1://:8080Type: String Required: True |
| Not applicable. | kafka.listener.{0}.sni.enabled |
KAFKA_LISTENER_{0}_SNI_ENABLED |
This Kafka listener requires clients to use Server Name Indication (SNI). Default: falseType: Boolean Required: False |
| Not applicable. | kafka.listener.{0}.groups |
KAFKA_LISTENER_{0}_GROUPS |
The group that is available on this listener. The format is <name>://<type>. For example, DEFAULT://wildcard.Valid group types are explicit and wildcard.- explicit requires an explicit list of hostnames, which must be greater than or equal to the total number of Kafka brokers across all Kafka clusters that this gateway connects to.- wildcard requires a single wildcard address, which is used to create as many hostnames as needed.Default: DEFAULT://explicitType: String Required: False |
| Not applicable. | kafka.listener.{0}.group.{1}.addresses |
KAFKA_LISTENER_{0}_GROUP_{1}_ADDRESSES |
Comma-separated addresses of the format <host>:<port>, for example localhost:8090,localhost:8091,localhost:8092If the address type is wildcard, then a single address with a * is required, for example: *.example.com:8080.Type: String Required: False |
| Not applicable. | kafka.listener.{0}.keystore.location |
KAFKA_LISTENER_{0}_KEYSTORE_LOCATION |
Absolute path to the listener’s keystore. For example,: /path/to/my/keystoreType: Path Dynamic: True Required: True |
| Not applicable. | kafka.listener.{0}.keystore.key.location |
KAFKA_LISTENER_{0}_KEYSTORE_KEY_LOCATION |
Absolute path to the listener’s keystore key. For example,: /path/to/my/key.Required if keystore type is PEM. Type: Path Dynamic: True Required: False |
| Not applicable. | kafka.listener.{0}.keystore.password |
KAFKA_LISTENER_{0}_KEYSTORE_PASSWORD |
The password for the keystore. Type: String Dynamic: True Required: False |
| Not applicable. | kafka.listener.{0}.keystore.type |
KAFKA_LISTENER_{0}_KEYSTORE_TYPE |
The type of the keystore. Valid types: PEM, JKS, PKCS12 Default: PEMType: Enumeration Values: PEM, JKS, PKCS12 Dynamic: True Required: False |
| Not applicable. | kafka.listener.{0}.group.{1}.trust.pem |
KAFKA_LISTENER_{0}_GROUP_{1}_TRUST_PEM |
Path to a PEM formatted certificate file (can be multi-PEM format) that contains the certificates that a client must use to trust the gateway group addresses (These certificates are available in the Event Endpoint Management UI). Type: Path Dynamic: True Required: False |
spec.security.connection.request.maxSizeBytes |
kafka.max.message.length |
KAFKA_MAX_MESSAGE_LENGTH |
Configurable max message length of a Kafka protocol message. Defaults to no limit (-1). Default: -1Type: Integer Dynamic: True Required: False |
Security configuration
Event Gateway security-related properties.
| Custom resource property | ConfigMap property | Environment variable | Description |
|---|---|---|---|
spec.security.connection.closeDelayMs |
connection.close.tarpit.time.ms |
CONNECTION_CLOSE_DELAY_MS |
The time in milliseconds (ms) to tarpit a connection before closing. Default: 8000Type: Integer Dynamic: True Required: False |
spec.security.connection.closeJitterMs |
connection.close.jitter.time.ms |
CONNECTION_CLOSE_JITTER_MS |
The time in milliseconds (ms) to add as jitter in addition to tarpitting a connection before closing. Default: 4000Type: Integer Dynamic: True Required: False |
spec.security.authentication.maxRetries |
authentication.max.retries |
AUTHN_MAX_RETRIES |
The maximum number of failed authentication attempts before an account is locked. A value of -1 allows unlimited retries. Default: -1Type: Integer Required: False |
spec.security.authentication.lockoutPeriod |
authentication.lockout.period.s |
AUTHN_LOCKOUT_PERIOD_SECONDS |
The duration in seconds (s) that an account is locked for after the maximum number of authentication retries are exceeded. A value of -1 locks the account permanently. Default: 0Type: Integer Required: False |
spec.security.authentication.retryBackoffMs |
authentication.backoff.delay.increment.ms |
AUTHN_BACKOFF_DELAY_INCREMENT_MILLIS |
The incremental backoff time in milliseconds (ms) added between consecutive failed authentication attempts. Default: 0Type: Integer Required: False |
| Not applicable. | authentication.locked.response.delay.s |
LOCKED_RESPONSE_DELAY_SECONDS |
The delay in seconds (s) added to authentication requests while an account is locked. Default: 60Type: Integer Required: False |
| Not applicable. | authentication.max.connections.per.application |
MAX_CONNECTIONS_PER_SUBSCRIPTION |
The maximum allowed TCP connections for each Event Endpoint Management application. This property prevents reuse of credentials. A single client can use multiple connections, for example a Kafka client can use one connection for each partition and one for metadata updates. Default: -1Type: Integer Required: False |
spec.fips.mode |
fips.mode |
FIPS_MODE |
Enable FIPS mode for cryptographic operations. Default: NONEType: Enumeration Values: NONE, WALL Dynamic: True Required: False |
Audit logging configuration
Event Gateway audit logging properties.
| Custom resource property | ConfigMap property | Environment variable | Description |
|---|---|---|---|
| Use environment variable. | audit.log.writer |
AUDIT_LOG_WRITER |
The writer implementation used to write the audit logs. Default: FILEType: Enumeration Values: STDOUT, FILE Required: False |
| Use environment variable. | audit.log.format |
AUDIT_LOG_FORMAT |
The format that the audit logger uses to write logs. Default: SIMPLEType: Enumeration Values: NONE, SIMPLE, CADF Required: False |
| Use environment variable. | Use environment variable. | AUDIT_LOG_FILE |
The name of the audit log file. Default: egw-audit.logType: String Required: False |
| Use environment variable. | Use environment variable. | AUDIT_LOG_DIRECTORY |
The directory path where audit log files are written. Default: /var/log/auditType: String Required: False |
| Use environment variable. | Use environment variable. | AUDIT_LOG_FILE_WRITER_MAX_FILES |
The maximum number of audit log files to maintain. When the maximum is reached, logging rotates back to the first file. Default: 15Type: Integer Required: False |
| Use environment variable. | Use environment variable. | AUDIT_LOG_FILE_WRITER_MAX_FILE_MBYTES |
The maximum size in megabytes (MB) that an audit log file can reach. When the maximum is reached, a new log file is created. Default: 30Type: Long Required: False |
OpenTelemetry configuration
Event Gateway OpenTelemetry properties.
| Custom resource property | ConfigMap property | Environment variable | Description |
|---|---|---|---|
| Not applicable. | egw.enable.otel.metrics |
EGW_ENABLE_OTEL_METRICS |
Enable OpenTelemetry metrics collection and export. Default: trueType: Boolean Required: False |
spec.openTelemetry.endpoint |
Use environment variable. | OTEL_EXPORTER_OTLP_ENDPOINT |
The OTLP endpoint URL to send telemetry data to. Type: String Required: False |
spec.openTelemetry.protocol |
Use environment variable. | OTEL_EXPORTER_OTLP_PROTOCOL |
The OTLP protocol to use for sending telemetry data. Type: String Required: False |
spec.openTelemetry.interval |
Use environment variable. | OTEL_METRIC_EXPORT_INTERVAL |
The interval at which OpenTelemetry metrics are exported. Type: String Required: False |
| Not applicable. | Use environment variable. | OTEL_LOGS_EXPORTER |
The OpenTelemetry logs exporter to use. Type: String Required: False |
| Not applicable. | Use environment variable. | OTEL_METRICS_EXPORTER |
The OpenTelemetry metrics exporter to use. Type: String Required: False |
| Not applicable. | Use environment variable. | OTEL_TRACES_EXPORTER |
The OpenTelemetry traces exporter to use. Type: String Required: False |
| Use environment variable. | Use environment variable. | OTEL_SERVICE_NAME |
The service name to identify this Event Gateway instance in OpenTelemetry data. Type: String Required: False |
spec.openTelemetry.tls.clientKey |
Use environment variable. | OTEL_EXPORTER_OTLP_CLIENT_KEY |
The client key for mTLS authentication with the OTLP exporter. Type: String Required: False |
spec.openTelemetry.tls.clientCertificate |
Use environment variable. | OTEL_EXPORTER_OTLP_CLIENT_CERTIFICATE |
The client certificate for mTLS authentication with the OTLP exporter. Type: String Required: False |
spec.openTelemetry.tls.trustedCertificate[] |
Use environment variable. | OTEL_EXPORTER_OTLP_CERTIFICATE |
The CA certificate to trust when connecting to the OTLP exporter. Type: String Required: False |
| Not applicable. | Use environment variable. | OTEL_EXPORTER_OTLP_HEADERS |
Additional headers to include in data that is sent to the OTLP exporter. Type: String Required: False |
Kafka protocol OpenTelemetry configuration
Kafka records OpenTelemetry configuration.
| Custom resource property | ConfigMap property | Environment variable | Description |
|---|---|---|---|
spec.openTelemetry.tracesEnablement[] |
kafka.otel.record.tracing.enabled |
EGW_ENABLE_OTEL_KAFKA_RECORD_TRACING |
Export the Event Gateway OTEL traces for Kafka records. Default: falseType: Boolean Required: False |