Configuring Event Gateways for applications

For applications to be able to subscribe to multiple topics, you must update existing Event Gateways to support multi-topic subscriptions.

In the June 2026 version of Event Endpoint Management, existing subscriptions are converted to applications. To use the multi-topic subscription feature of applications, you must update your Event Gateways to support multi-topic applications.

Note: If you install a new Event Gateway, then it is already configured to support multi-topic applications and no action is required.
Important: Multi-topic subscriptions for applications are not enabled until all registered gateways are updated.

Before you begin

Ensure that your Event Gateways are all upgraded to use the image from the 11.8.0 release.

Identify all gateway configuration properties that you customized, for example, gateway security settings. You must set these properties again in the new gateway configuration.

To make your Event Gateways capable of handling applications that subscribe to multiple topics, follow the steps for your gateway type:

Converting operator-managed gateways

  1. In the Event Endpoint Management UI navigation pane, click Administration > Event Gateways.
  2. For each Event Gateway, click More options icon More options > View configuration details.
  3. Select the Operator-managed tab.
  4. Copy the contents of the Gateway properties text area.
  5. Create a file called <gateway-name>-1180-update.yaml, and paste in the configuration from step 4.
  6. If you made customizations to your gateway, then update the corresponding properties in your <gateway-name>-1180-update.yaml file. For example, if you set spec.openTelemetry.endpoint='https://my.collector.endpoint.example.com:4317', then set this again in the <gateway-name>-1180-update.yaml file.
  7. Run the following command to apply the update: kubectl -n <namespace> apply -f <gateway-name>-1180-update.yaml.
  8. Update your gateway backup to the <gateway-name>-1180-update.yaml file.

Converting Kubernetes deployment gateways

  1. In the Event Endpoint Management UI navigation pane, click Administration > Event Gateways.
  2. For each Event Gateway click More options icon More options > View configuration details.
  3. Select the Kubernetes deployment tab.
  4. Copy the contents of the Gateway properties text area.
  5. Create a file called <gateway-name>-1180-update.yaml, and paste in the configuration from step 4.
  6. If you made customizations to your gateway, then update the corresponding properties in your <gateway-name>-1180-update.yaml file. For example, if you set spec.template.pod.spec.containers[egw].env[AUDIT_LOG_FORMAT]="CADF" in the custom resource definition of your gateway, then set audit.log.format=CADF in the ConfigMap section of your <gateway-name>-1180-update.yaml file. Review the Event Gateways properties reference to identify where to set customized properties.
  7. Run the following command to apply the update: kubectl -n <namespace> apply -f <gateway-name>-1180-update.yaml.
  8. Update your gateway backup to the <gateway-name>-1180-update.yaml file.

Converting Docker gateways

  1. In the Event Endpoint Management UI navigation pane, click Administration > Gateway.
  2. For each Event Gateway, click More options icon More options > View configuration details.
  3. Select the Docker tab.
  4. Copy the contents of the Gateway properties text area.
  5. Create a file called <gateway-name>-docker-run, and paste in the configuration from step 4.
  6. If you made customizations to your gateway, then update the corresponding properties in your <gateway-name>-docker-run file. Search the Event Gateways properties reference for the properties that you want to update.
  7. Use the new <gateway-name>-docker-run command as the run command for your gateway.
  8. Update your gateway backup with the <gateway-name>-docker-run file.

How to replace auto-generated mutual TLS credentials

In Event Endpoint Management versions previous to June 2026, if you define a virtual topic (option) as secured by mTLS and an additional security control (OAuth or SASL), then it is possible to create a subscription that provides only OAuth or SASL credentials, and not supply the mTLS credentials. In the June 2026 version, applications that specify mTLS always require the mTLS credentials. If any of your subscriptions specified mTLS, but did not include mTLS credentials, then when the subscription is converted to an application, appropriate mTLS credentials are automatically generated.

If you have applications that are using automatically generated mTLS credentials, then a warning is displayed on the Application page of the Event Endpoint Management UI:
When this application was migrated from a subscription, the mutual TLS credentials were auto-generated. You might need to review your credentials to ensure they continue to work as expected.

You can also see this warning if you use the Event Endpoint Management Admin API in the June 2026 version to create subscriptions. When you create subscriptions with the Admin API, you are not required to provide mTLS credentials, and so wildcard credentials are automatically generated.

Follow these steps to replace the auto-generated mTLS credentials:

  1. Ensure that all your Event Gateways support applications.
  2. Edit the applications to replace the auto-generated mTLS credentials. Create new mTLS credentials before you delete the auto-generated credentials.
Important: After you replace the mTLS credentials, clients must use these updated credentials. Any clients that are not using these credentials will no longer be able to access the virtual topic.