Find out more about the Event Gateway custom resource properties.
Note: This reference page applies only to the
operator-managed gateway, and includes only the
Event Gateway CR properties that you might want to view or
update. Do not edit any CR properties that are not listed on this page.
Table 1. spec
| Field |
Type |
Description |
| config |
string |
N/A. Usage not advised. |
| deployNetworkPolicies |
boolean |
Control the deployment of NetworkPolicies that are used by the instance. (default:
true) |
| endpoints |
[]Table 2 |
Deprecated: List of endpoint configurations. Use
`spec.listener.{0}.groups.{0}.endpoint instead. |
| fips |
Table 3 |
Object containing Federal Information Processing Standard (FIPS) configuration. |
| gatewayGroupName |
string |
The name of the gateway group to which this gateway is to be added. |
| gatewayID |
string |
The identifier of the gateway group to which this gateway is to be added. |
| gatewayContact |
string |
The contact information of the gateway administrator. |
| license |
Table 4 |
Object containing product licensing details. |
| listeners |
[]Table 16 |
Configure event gateway listeners. |
| manager |
Table 21 |
Configure Event Manager instance to register the gateway. |
| managerEndpoint |
string |
Deprecated: The endpoint address for an Event Manager instance. Use
spec.manager.endpoint instead. |
| maxNumKafkaBrokers |
integer |
Deprecated: The maximum number of Kafka brokers your Event Gateway can connect to.
Default is 20. Use spec.listener.{0}.groups.{0}.maxNumKafkaBrokers instead. |
| openTelemetry |
Table 13 |
Configuration for OpenTelemetry |
| replicas |
integer |
The number of replicas for the gateway deployment |
| security |
Table 7 |
Object containing security configuration. |
| template |
Table 5 |
Object containing Kubernetes resource overrides. |
| tls |
Table 11 |
Deprecated: Object containing TLS configuration. Use
spec.listener.{0}.tls instead. |
| traceSpec |
string |
Dynamically configurable trace specification |
Table 2. spec.endpoints
| Field |
Type |
Description |
| annotations |
map[string]string |
The annotations to use in place of the Ingress default settings. |
| class |
string |
The ingress class name to use on the ingress resource, defaults to
nginx. |
| host |
string |
The DNS resolvable hostname to set on the ingress endpoint. |
| name |
string |
The name of the endpoint being configured. For valid values, see the following important
notes. |
Note:
- On the Red Hat OpenShift Container Platform,
annotations and class are not valid configuration options because
OpenShift routes are created.
- On the Red Hat OpenShift Container Platform, if you are creating
wildcard routes, then you must specify
host.
- On other Kubernetes platforms you must specify
host values for exposed
endpoints.
Table 3. spec.fips
| Field |
Type |
Description |
| mode |
string |
The value for Federal Information Processing Standard (FIPS) mode. Valid value is
‘wall’. |
Table 4. spec.license
| Field |
Type |
Description |
| accept |
boolean |
Setting to true will declare that you have accepted the license terms and conditions.
(default: false) |
| license |
string |
The license with which you are installing the product. |
| metric |
string |
The license metric being used for your product license. |
| use |
string |
The usage of the license with which you are installing the product. |
Table 5. spec.template
| Field |
Type |
Description |
| annotations |
object |
Annotations that will be added to all Kubernetes resources used by the instance. Any
annotations that are added to the template object and subsequently deleted are not automatically
removed from resources that are already instantiated. These annotations need to be manually removed
from the existing resources. |
| labels |
object |
Labels that will be added to all Kubernetes resources used by the instance. |
| pod |
Table 6 |
Object containing pod override configuration. |
Table 6. spec.template.pod
| Field |
Type |
Description |
| spec |
Kubernetes pod specification object |
Kubernetes pod spec overrides. |
Table 7. spec.security
| Field |
Type |
Description |
| connection |
Table 9 |
Object containing connection options. |
| authentication |
Table 8 |
Object containing authentication options. |
Table 8. spec.security.authentication
| Field |
Type |
Description |
| maxRetries |
integer |
The maximum number of failed authentication attempts after which further attempts are
blocked. Default is -1 (no limit). |
| retryBackoffMs |
integer |
The backoff time in milliseconds between consecutive failed authentication attempts. Default
is 0. |
| lockoutPeriod |
integer |
The duration in seconds while the account is locked after an unsuccessful authentication
attempt. Default is 0. |
Table 9. spec.security.connection
| Field |
Type |
Description |
| closeDelayMs |
integer |
The minimum delay in milliseconds after you close a connection. This helps prevent spam.
Default is 8000. |
| closeJitterMs |
integer |
Additional delay in milliseconds after you close a connection. This helps prevent attacks.
Default is 4000. |
| perSubLimit |
integer |
The maximum allowed TCP connections for each subscription. Default is -1 (no limit). |
| request |
Table 10 |
Request properties. |
Table 10. spec.security.connection.request
| Field |
Type |
Description |
| maxSizeBytes |
integer |
The maximum size allowed for the request payload in bytes. Default is -1 (no limit). |
Table 11. spec.tls
| Field |
Type |
Description |
| caCertificate |
string |
The key in the secret that holds the value of the CA certificate. |
| caSecretName |
string |
The name of a secret containing a root CA certificate that the product should use when
creating additional certificates. |
| key |
string |
The key in the secret that holds the value of the private key. |
| secretName |
string |
The name of a secret containing certificates for securing component communications. |
| serverCertificate |
string |
The key in the secret that holds the value of the server certificate. |
| trustedCertificate |
array[Table 12] |
A set of secrets containing certificates which the Event Gateway should trust when
communicating with other services, such as gateways or OIDC providers. |
Table 12. spec.tls.trustedCertificate
| Field |
Type |
Description |
| certificate |
string |
The key within the specified secret that holds the value of the CA certificate. |
| secretName |
string |
The name of a Kubernetes secret containing a CA certificate to add to the truststore. |
Table 13. spec.openTelemetry
| Field |
Type |
Description |
| endpoint |
string |
The endpoint to send the OpenTelemetry metrics. Must include protocol http:// or
https:// |
| protocol |
string |
The transport protocol to use, grpc (default) or http/protobuf. |
| interval |
integer |
The interval between reporting of metrics in milliseconds. Default is 30000. |
| tls |
Table 14otelTLS |
The configuration of SSL Certificates for mTLS and a trusted certificate for endpoint server
validation. |
| instrumentations |
[]Table 15 |
A list of instrumentations to enable in addition to those for the Event Manager and Event
Gateway. |
| metricsEnablement |
[] |
Configure Event Gateway OpenTelemetry metrics enablement. |
| tracesEnablement |
[] |
Configure Event Gateway OpenTelemetry trace enablement. |
Table 14. spec.openTelemetry.tls
| Field |
Type |
Description |
| clientCertificate |
string |
The key in the secret that holds the value of the PKCS8 encoded client certificate to use for
mutualTLS (mTLS). |
| clientKey |
string |
The key in the secret that holds the value of the PKCS8 encoded private key certificate to
use for mutualTLS (mTLS). |
| secretName |
string |
The name of a secret containing certificates for securing component communications for
mutualTLS (mTLS). |
| trustedCertificate |
[] |
Configuration of a secret containing a TLS certificate to trust to validate the endpoint
servers identity. |
Table 15. spec.openTelemetry.instrumentations
| Field |
Type |
Description |
| name |
string |
The instrumentation name. |
| enabled |
boolean |
Whether to enable or disabled the specified instrumentation. |
Important: The instrumentation name should be the instrumentation shortname. The
supplied shortname is then configured as an environment variable against the relevant pod as
OTEL_INSTRUMENTATION_<name>_ENABLED=<enabled> automatically.
Table 16. spec.listeners
| Field |
Type |
Description |
| groups |
[]Table 17 |
Groups of the listener. |
| name |
string |
Name of the listener. |
| port |
integer |
Port number of the listener. |
| tls |
Table 19 |
Configure TLS for the Event Gateway listener. |
Table 17. spec.listeners.groups
| Field |
Type |
Description |
| endpoint |
Table 18 |
Object containing endpoint configuration for the listener group. |
| maxNumKafkaBrokers |
integer |
The maximum number of Kafka brokers your Event Gateway can connect to. Default is 20.
(minimum: 1, maximum: 50) |
| name |
string |
Name of the group in the listener. |
| type |
string |
Type of the group: ‘EXPLICIT’ or ‘WILDCARD’. Default is ‘EXPLICIT’. |
Table 18. spec.listeners.groups.endpoint
| Field |
Type |
Description |
| annotations |
map[string]string |
Annotations for ingress resources. |
| class |
string |
The ingress class name. |
| host |
string |
The host to set on the endpoint resource. |
Table 19. spec.listeners.tls
| Field |
Type |
Description |
| caCertificate |
string |
The key in the secret that holds the value of the CA certificate. |
| caSecret |
Table 20 |
The details of the root CA certificate that the product should use when creating additional
certificates. |
| certificateType |
string |
The type of certificate to generate: ‘wildcard’ for a single wildcard certificate
(*.example.com), or ‘explicit’ for a single certificate with explicit hostnames as SANs. Defaults to
‘explicit’. |
| key |
string |
The key in the secret that holds the value of the private key. |
| secretName |
string |
The name of a secret containing certificates for securing component communications. |
| serverCertificate |
string |
The key in the secret that holds the value of the server certificate. |
Table 20. spec.listeners.tls.caSecret
| Field |
Type |
Description |
| certificate |
string |
The key in the secret that holds the value of the certificate. |
| secretName |
string |
The name of a secret containing a root CA certificate that the product should use when
creating additional certificates. |
Table 21. spec.manager
| Field |
Type |
Description |
| apiKey |
Table 22 |
Manager API key |
| endpoint |
string |
Manager endpoint |
| trustedCertificate |
|
Trustore for communicating with the manager. |
Table 22. spec.manager.apiKey
| Field |
Type |
Description |
| key |
string |
The key in the secret that holds the value of the API key. |
| secretName |
string |
The name of a secret containing API key for authenticating with the manager. |
Important: Status field is used to display specific information about the instance. Do
not edit the status field manually
Table 23. status
| Field |
Type |
Description |
| conditions |
array[condition] |
A list of conditions representing the state of the custom resource. |
| versions |
Table 28 |
Object containing versioning information. |
| endpoints |
array[Table 30] |
A list of endpoints exposed by the instance. |
| phase |
string |
A value representing the phase in which the instance is operating. One of
Running, Failed or Pending. |
Table 24. status.versions
| Field |
Type |
Description |
| reconciled |
string |
The reconciled version of the instance |
| available |
Table 25 |
Object containing available versions. |
Table 25. status.versions.available
| Field |
Type |
Description |
| versions |
array[Table 26] |
A list of the available versions. |
| channels |
array[Table 27] |
A list of the available channels. |
Table 26. tatus.versions.available.versions
| Field |
Type |
Description |
| name |
string |
The semantic version number. |
| licenses |
array[] |
A list of available licenses. |
Table 27. status.versions.available.channels
| Field |
Type |
Description |
| name |
string |
The semantic version number. |
| licenses |
array[Table 28] |
A list of available licenses. |
Table 28. status.versions.available.channels.licences
| Field |
Type |
Description |
| name |
string |
The semantic version number. |
| displayName |
string |
Optional display name for the license. |
| link |
string |
Link to the license content. |
| matchesCurrentType |
boolean |
True if the license matches the type of license used by the current operand. |
| licenseUseList |
array[string] |
A list of available license uses. |
| availableMetrics |
array[string] |
A list of available licenses metrics. |
Table 29. status.conditions
| Field |
Type |
Description |
| lastTransitionTime |
string |
The time at which the condition was applied. |
| message |
string |
Human-readable message indicating details about the condition. |
| reason |
string |
Machine-readable, UpperCamelCase text indicating the reason for the condition. |
| status |
string |
Indicates whether that condition is applicable. One of True,
False or Unknown. |
Table 30. status.endpoints
| Field |
Type |
Description |
| name |
string |
Unique name for the endpoint. |
| type |
string |
Type of service the endpoint is exposing. For example UI or
API. |
| uri |
string |
The URI of the endpoint. |