Configuring Event Gateways for applications
For applications to be able to subscribe to multiple topics, you must update existing Event Gateways to support multi-topic subscriptions.
In the June 2026 version of Event Endpoint Management, existing subscriptions are converted to applications. To use the multi-topic subscription feature of applications, you must update your Event Gateways to support multi-topic applications.
Before you begin
Ensure that your Event Gateways are all upgraded to use the image from the 11.8.0 release.
Identify all gateway configuration properties that you customized, for example, gateway security settings. You must set these properties again in the new gateway configuration.
To make your Event Gateways capable of handling applications that subscribe to multiple topics, follow the steps for your gateway type:
Converting operator-managed gateways
- In the Event Endpoint Management UI navigation pane, click .
- For each Event Gateway, click
.
- Select the Operator-managed tab.
- Copy the contents of the Gateway properties text area.
- Create a file called
<gateway-name>-1180-update.yaml, and paste in the configuration from step 4. - If you made customizations to your gateway, then update the corresponding properties in your
<gateway-name>-1180-update.yaml file. For example, if you set
spec.openTelemetry.endpoint='https://my.collector.endpoint.example.com:4317', then set this again in the<gateway-name>-1180-update.yamlfile. - Run the following command to apply the update:
kubectl -n <namespace> apply -f <gateway-name>-1180-update.yaml. - Update your gateway backup to the
<gateway-name>-1180-update.yamlfile.
Converting Kubernetes deployment gateways
- In the Event Endpoint Management UI navigation pane, click .
- For each Event Gateway click
.
- Select the Kubernetes deployment tab.
- Copy the contents of the Gateway properties text area.
- Create a file called
<gateway-name>-1180-update.yaml, and paste in the configuration from step 4. - If you made customizations to your gateway, then update the corresponding properties in your
<gateway-name>-1180-update.yaml file. For example, if you set
spec.template.pod.spec.containers[egw].env[AUDIT_LOG_FORMAT]="CADF"in the custom resource definition of your gateway, then setaudit.log.format=CADFin the ConfigMap section of your <gateway-name>-1180-update.yaml file. Review the Event Gateways properties reference to identify where to set customized properties. - Run the following command to apply the update:
kubectl -n <namespace> apply -f <gateway-name>-1180-update.yaml. - Update your gateway backup to the
<gateway-name>-1180-update.yamlfile.
Converting Docker gateways
- In the Event Endpoint Management UI navigation pane, click .
- For each Event Gateway, click
.
- Select the Docker tab.
- Copy the contents of the Gateway properties text area.
- Create a file called
<gateway-name>-docker-run, and paste in the configuration from step 4. - If you made customizations to your gateway, then update the corresponding properties in your
<gateway-name>-docker-runfile. Search the Event Gateways properties reference for the properties that you want to update. - Use the new
<gateway-name>-docker-runcommand as the run command for your gateway. - Update your gateway backup with the
<gateway-name>-docker-runfile.
How to replace auto-generated mutual TLS credentials
In Event Endpoint Management versions previous to June 2026, if you define a virtual topic (option) as secured by mTLS and an additional security control (OAuth or SASL), then it is possible to create a subscription that provides only OAuth or SASL credentials, and not supply the mTLS credentials. In the June 2026 version, applications that specify mTLS always require the mTLS credentials. If any of your subscriptions specified mTLS, but did not include mTLS credentials, then when the subscription is converted to an application, appropriate mTLS credentials are automatically generated.
When this application was migrated from a subscription, the mutual TLS credentials were auto-generated. You might need to review your credentials to ensure they continue to work as expected.You can also see this warning if you use the Event Endpoint Management Admin API in the June 2026 version to create subscriptions. When you create subscriptions with the Admin API, you are not required to provide mTLS credentials, and so wildcard credentials are automatically generated.
Follow these steps to replace the auto-generated mTLS credentials:
- Ensure that all your Event Gateways support applications.
- Edit the applications to replace the auto-generated mTLS credentials. Create new mTLS credentials before you delete the auto-generated credentials.