Registering an event gateway service

Configure your IBM® Event Endpoint Management instance (Manager) to be registered as an Event Gateway Service in API Connect.

Before you begin

Before you register the Event Gateway Service, configure the Event Endpoint Management instance to trust API Connect. Download the Ingress CA and retrieve the Platform API endpoint from the Download Configuration tab in the Event Gateway section under the Gateway tile on the IBM Cloud Manager home page.
  • The Ingress CA certificate is required for Event Endpoint Management to trust API Connect.
  • The Platform API endpoint is required to create the API Connect jwksUrl endpoint.

    For instructions, see the Retrieve the API Connect JSON Web Key Set (JWKS) endpoint, Configure Event Endpoint Management to trust API Connect, and Enabling mutual TLS sections in the Configure an Event Endpoint Management Manager as an Event Gateway Service documentation.

  • Obtain certificates for a TLS Client profile.
    • In your Event Management instance, locate the secret named <event-manager-instance-name>-ibm-eem-manager.
      Note: If you provided your own certificate in a secret when you configured TLS for Event Manager, use that secret instead of <event-manager-instance-name>-ibm-eem-manager.
      • Copy the ca.crt and save it in a file called cluster-ca.pem
      • Copy the tls.crt and save it in a file called manager-client.pem
      • Copy the tls.key and save it in a file called manager-client-key.pem

    For more information see Obtain Certificates for a TLS Client Profile

About this task

Event Endpoint Management lets you describe and catalog Kafka topics as event sources and grant access to application developers in your organization. Application developers can discover event endpoints and configure their applications to access them through the event gateway. With Event Endpoint Management, they can control access to the event endpoints and manage the data that is produced to or consumed from them.

For more information on Event Endpoint Management, see the Event Endpoint Management introduction in the IBM Event Automation documentation.

Procedure

  1. Login to V12 Reserved administration console.
  2. To set up a truststore with CA certificates, complete the following steps:
    • On the home page, click the TLS tile .
    • In the Truststores section, click Create.
    • On the Create Truststore page, enter a Title for the truststore.
    • Upload your cluster-ca.pem created in Before you begin section.
    • Click Save.
  3. To set up a keystore with the client key and the client certificates, complete the following steps:
    • On the home page, click the TLS tile .
    • In the Keystores section, click Create.
    • On the Create keystore page, provide a Title for the keystore.
    • In the Step 1: Upload private key section, upload the manager-client-key.pem file that you created in Before you begin section.
    • In the Step 2: Upload public key section, upload the manager-client.pem file that you created in Before you begin section.
    • Click Save.
  4. To set up a TLS client profile with a matching keystore and truststore, complete the following steps:
    • On the home page, click the TLS tile .
    • In the TLS Client Profile section, click Create.
    • On the Create TLS Client Profile page, provide a Title for the TLS client profile.
    • Under Server connection, select Allow insecure server connections.
    • In the Keystore/truststore section, click Keystore and select the keystore containing the client certificate and the private key.
    • Click Truststore and select the truststore containing the CA certificates.
    • Click Save.

  1. To register Event Gateway, complete the following steps:
    • On the home page, click the Gateways tile.
    • On the Gateways page, click Register event gateway.
    • On the Configure event gateway page, fill in the required fields. The following table describes each field.
      Table 1. Register remote gateway
      Field Description
      Gateway details Provide the basic information that describes the new gateway. You must provide a Gateway type, and Title. The Name is generated from the title, for use in commands and API calls.
      Management endpoint configuration: URL of management endpoint Enter the Event Gateway management endpoint URL. For more information, see Retrieve the Event Gateway management endpoint.
      Management endpoint configuration: TLS client profile Specify the TLS Client profile to use when contacting the event gateway through the management endpoint.
      API invocation endpoint: Base URL of API invocation endpoint Enter the Event Gateway client endpoint URL. For more information, see Retrieve the Event Gateway client endpoint.
      API invocation endpoint: Server Name Indication (SNI) - Host Supports SNI (Server Name Indication) at the Base URL of API invocation endpoint. The default hostname of '*' is required to allow all hosts.
      Note: To allow requests from clients that don't support SNI, include a host name value of '*'.
      API invocation endpoint: Server Name Indication (SNI) - TLS server profile

      The TLS server profile that supports the specified hostname for SNI.

      The server profile that is selected here contains the server certificate that is presented to callers of the APIs you publish on the gateway. By default this profile is set to default TLS server profile shown as default in UI.

  2. Click Register.