Registering an event gateway service

Configure your IBM® Event Endpoint Management instance (Manager) to be registered as an Event Gateway Service in API Connect.

Before you begin

The Event Endpoint Management instance must be configured to trust API Connect before you register the Event Gateway Service. For instructions, see the Retrieve the API Connect JSON Web Key Set (JWKS) endpoint, Configure Event Endpoint Management to trust API Connect, and Enabling mutual TLS sections in the Configure an Event Endpoint Management Manager as an Event Gateway Service documentation.

About this task

Event Endpoint Management provides the capability to describe and catalog your Kafka topics as event sources, and to grant access to application developers within the organization. Application developers can discover event endpoints and configure their applications to access them through the event gateway. With Event Endpoint Management, developers can control access to the event endpoints, and also control what data can be produced to them or consumed from them.

For more information on Event Endpoint Management, see the Event Endpoint Management introduction in the IBM Event Automation documentation.

One of the following roles is required to register and manage services:

  • Administrator
  • Topology Administrator
  • Owner
  • A custom role with the Topology:Manage permission

Procedure

Create the TLS Client profile to use when contacting the Event Endpoint Management instance.

  1. Create a client TLS keystore:
    1. Click Resources icon > Crypto Material > Keystore > Create.
    2. Upload the manager-client-key.pem file in Step 1.
    3. Upload the manager-client.pem file in Step 2.
    4. Click Save.
  2. Create a client TLS truststore:
    1. Click Truststore > Create.
    2. Upload the cluster-ca.pem file.
    3. Click Save.
  3. Create a TLS client profile:
    1. Click TLS client profile > Create.
    2. Select the new keystore and truststore.
    3. Select Allow insecure server connections.
    4. Click Save.

Retrieve the Event Gateway endpoints.

  1. Retrieve the Event Gateway management endpoint:

    To register an Event Endpoint Management instance with API Connect, you must provide the management endpoint on the event gateway, which defines where configuration updates from API Connect are sent. Retrieve the endpoint from Event Endpoint Management as follows:

    • OpenShift web console:
      1. Log in to the OpenShift Container Platform web console using your login credentials.
      2. Click Networking > Routes.
      3. Click Project and select the project where the Event Endpoint Management instance is installed.
      4. Use the search bar to find the route with the Name ending in apic.
      5. Copy the URL for the management endpoint from the Location column.
    • CLI:
      1. Log in to your Kubernetes cluster as a cluster administrator by setting your kubectl context.
      2. Set the context to the namespace where your Event Endpoint Management instance is installed:
        kubectl config set-context --current --namespace=<namespace>
      3. List the ingress resources and locate the API Connect ingress for your instance; unless overridden, the name ends in -apic:
         kubectl get ingress
      4. Copy the URL for the ingress resource from the Host column.
  2. Retrieve the Event Gateway client endpoint:

    To register an Event Endpoint Management instance with API Connect, you must provide an endpoint which defines where clients should connect to so they can consume events. Depending where you have deployed your Event Gateway, the steps to retrieve the client endpoint will differ:

    • OpenShift web console:
      1. Log in to the OpenShift Container Platform web console using your login credentials.
      2. Click Networking > Routes.
      3. Click Project and select the project where the Event Endpoint Management instance is installed.
      4. Use the search bar to find the route with the Name ending in ibm-egw-rt.
      5. Copy the URL for the client endpoint from the Location column.
      6. Edit the URL to remove the https:// protocol prefix, and to append the port :443 as a suffix.
    • CLI:
      1. Log in to your Kubernetes cluster as a cluster administrator by setting your kubectl context.
      2. Set the context to the namespace where your Event Endpoint Management instance is installed:
        kubectl config set-context --current --namespace=<namespace>
      3. List the ingress resources and locate the API Connect ingress for your instance; unless overridden, the name ends in -ibm-egw-rt:
         kubectl get ingress
      4. Copy the URL for the ingress resource from the Host column.
    • Stand-alone deployment:

      When deployed as a stand-alone gateway, the client endpoint value to use will be the name of the docker host running the gateway, and the GATEWAY_PORT value specified when starting the gateway container.

Register the Event Gateway Service in API Connect:

  1. Log in to Cloud Manager as an administrator.
  2. Click TopologyTopology.
  3. On the Topology page, click Register Service.
  4. On the Configure Service page, click the Event Gateway Service tile.
  5. On the Configure Event Gateway Service page, configure the service by completing the following fields:

Field Description
Title (required) Enter a descriptive display title for the Event Gateway Service.
Name (required) This field is populated for and is used as the internal field name.
Summary (optional) Enter a brief description.
Service endpoint configuration: Management endpoint on the gateway service Enter the Event Gateway management endpoint URL that you retrieved in step 4.
Service endpoint configuration: TLS client profile Specify the TLS Client profile to use when contacting the event gateway through the management endpoint.
API invocation endpoint: API endpoint base Enter the Event Gateway client endpoint URL that you retrieved in step 5.
API invocation endpoint: Server Name Indication (SNI) - Host Supports SNI (Server Name Indication) at the API Endpoint Base URL. The default hostname of '*' is required to allow all hosts; add other host names as needed. Wild card format is supported. The SNI capability enables you to serve multiple TLS secure host names through the same event gateway service, using the same IP address and port, without requiring them to use the same TLS profile.
Note: To allow requests from clients that don't support SNI, include a host name value of '*'.
API invocation endpoint: Server Name Indication (SNI) - TLS server profile

The TLS server profile that supports the specified hostname for SNI.

The server profile that is selected here contains the server certificate that is presented to callers of the APIs you publish on the gateway. By default this profile is set to Default TLS server profile. Best practice is to create your own TLS server profile that contains the certificate you want on your API invocation endpoint. For more information about configuring TLS server profiles, see TLS profiles overview.

  1. Click Save.
  2. If you want, you can delete the event gateway service as follows;
    1. If the event gateway service is already in use by any of the catalogs, you must disable the event gateway service as follows:
      1. Log in to API Manager.
      2. Click Manage icon in the API Manager UI navigation pane Manage, then select the catalog.
      3. Click Catalog settings.
      4. Click Gateway services.
      5. Click Edit.
      6. Remove the checkmark from the corresponding event gateway service.
      7. Click Save.
    2. Log in to the Cloud Manager user interface.
    3. In the navigation list, click Topology Topology.
    4. Click the options menu icon options icon alongside the corresponding event gateway service, then select Delete.
    5. Click Delete on the confirmation prompt.