Logging in

You can configure Event Streams for external access to the Event Streams UI and CLI. For OpenShift Container Platform, Event Streams uses routes to access the UI and CLI. You can use ingress to access the UI on other Kubernetes platforms.

Log in to Event Streams UI and CLI as follows:

1. Retrieve the URL of your instance.
2. Use the URL to log in to your instance.

Logging in to Event Streams UI

You can retrieve the URL for accessing the Event Streams UI:

• By using the OpenShift Container Platform web console.
• By using the Kubernetes command-line tool (kubectl).

Using the OpenShift Container Platform web console

Use the OpenShift web console to retrieve the URL for your Event Streams UI as follows:

1. Log in to the OpenShift Container Platform web console using your login credentials.

2. Expand Operators in the navigation on the left, and click Installed Operators.

   

3. Locate the operator that manages your Event Streams instance in the namespace. It is called Event Streams in the NAME column.
4. Click the Event Streams link in the row and click the Event Streams tab. This lists the Event Streams instances related to this operator.

5. Find your instance in the Name column and click the link for the instance.

   

6. A link to the Event Streams UI is displayed under the label Admin UI. Click the link to open the Event Streams UI login page in your browser tab.
7. Log in to your Event Streams UI from a supported web browser. Use your credentials provided to you by your cluster administrator. A cluster administrator can manage access rights by following the instructions in managing access. Enter your username and password to access the Event Streams UI.

Using the Kubernetes command-line tool (kubectl)

To retrieve the URL for your Event Streams UI, use the following commands:

1. Log in to your Kubernetes cluster as a cluster administrator by setting your kubectl context. Then, log in to Event Streams CLI.
2. Find the URL of your services as follows.

   • If you are running with route endpoint, run the following command:

     kubectl get routes -n <namespace> -l app.kubernetes.io/name=admin-ui
     

   • If you are running with ingress endpoint, run the following command:

     kubectl get ingress -n <namespace> -l app.kubernetes.io/name=admin-ui
     

     The following is an example output, and you use the value from the HOST/PORT column to log in to your UI in a web browser:

     NAME                        HOST/PORT                                                           PATH   SERVICES                    PORT   TERMINATION   WILDCARD
     my-eventstreams-ibm-es-ui   my-eventstreams-ibm-es-ui-myproject.apps.my-cluster.my-domain.com          my-eventstreams-ibm-es-ui   3000   reencrypt     None
     

3. Enter the address in a web browser. Add https:// in front of the HOST/PORT value. For example:

   https://my-eventstreams-ibm-es-ui-myproject.apps.my-cluster.my-domain.com
   

4. Log in to your Event Streams UI from a supported web browser. Use your credentials provided to you by your cluster administrator. A cluster administrator can manage access rights by following the instructions in managing access. Enter your username and password to access the Event Streams UI.

Logging in to Event Streams CLI

You can retrieve the URL for accessing the Event Streams CLI by using the Kubernetes command-line tool (kubectl).

Depending on your configured authentication type, follow the appropriate steps to log in to the CLI.

Logging in with SCRAM

Note: Before using the Event Streams CLI, ensure that you log in to your Kubernetes cluster as a cluster administrator by setting your kubectl context.

When you have the authentication type set to SCRAM, obtain the required credentials and endpoints, and then initialize and log in to the Event Streams CLI as follows:

1. Obtain the following credentials and endpoints from your cluster administrator:
   • Username
   • Password
   • Admin API URL
   • Schema registry URL

   A cluster administrator can retrieve credentials and manage access rights by following the instructions in managing access.

2. Using the credentials and information you obtained earlier, initialize the Event Streams plug-in by running the following command:

   kubectl es init --auth-type scram-sha-512
   

   Note: For the Event Streams CLI plug-in to be set up, ensure you add auth-type as scram-sha-512. For more information, see configuring UI and CLI security.

3. Enter the credentials and endpoints when prompted to log in to the Event Streams CLI.

   Alternatively, instead of waiting for the prompt, you can also run the command with all the credentials and endpoints as additional arguments in one command as follows:

   kubectl es init --auth-type scram-sha-512 --username <USERNAME> --password <PASSWORD> --api-url <ADMIN_API_URL> --schema-reg-url <SCHEMA_REGISTRY_URL>
   

Logging in with Keycloak

If your Event Streams instance is configured with Keycloak, you can log in to the Event Streams CLI as follows:

1. Initialize the Event Streams plug-in by running the following command:

   kubectl es init
   

2. From the list of authentication mechanisms, enter the number corresponding to device-oidc.

3. When prompted, enter the Admin API URL and schema registry URL.

4. If the Event Streams CLI is unable to determine the authenticity of the Keycloak server’s certificate, select one of the following options:

   • Continue with insecure connection to disable SSL certificate verification and establish an unencrypted connection with the server.

   • Add new certificate or bundle to trusted store to provide a CA certificate which can be used to verify the authenticity of the server certificate.

     By default, Keycloak uses the CA certificate stored in the router-ca secret in the openshift-ingress-operator namespace.

     Note: While specifying the location of the CA certificate, auto-complete for filepaths might not work. Either type the complete filepath or specify it while running the init command by using the --device-oidc-ca-cert flag if you want to use auto-complete.

   • Terminate command if you do not want to continue further.

5. Enter y when your consent is requested to open the login page in your default browser.

6. In the login page, enter your credentials to log in, and grant the requested access privileges for the Event Streams CLI. After successfully logging in, close the browser window and return to the CLI.

   Wait until the CLI completes the login process.

Tip: You can skip prompts by specifying endpoints and the certificate directly in the kubectl es init command as follows:

kubectl es init --auth-type device-oidc --api-url <ADMIN_API_URL> --schema-reg-url <SCHEMA_REGISTRY_URL> --device-oidc-ca-cert <CA_CERT FILEPATH>

Logging out

To log out of Event Streams:

1. In your Event Streams UI, click the user icon.
2. Click Log out.