To gain insights into the decision-making process of your applications, you can configure
the decision runtime to emit events that contain technical and business data to an external Apache
Kafka instance.
About this task
Configure the custom resource (CR) YAML file to emit events to an external Kafka instance.
For more information about emitted data, see Emitting decision
execution events.
Procedure
-
The sample configuration that targets a Kafka instance that is deployed in the same Kubernetes
cluster as Decision Intelligence Client Managed Software:
decision_runtime:
event_emitter:
enabled: true
kafka_topic: adsruntime
kafka_bootstrap_servers: kafkatest-kafka-bootstrap.strimzi.svc:9093
kafka_connection_secret_name: kafka-auth # properties kafka-username and kafka-password
kafka_security_protocol: SASL_SSL
kafka_sasl_mechanism: SCRAM-SHA-512
When you use a Simple Authentication Security Layer (SASL) authentication mechanism that requires
credentials (SCRAM-SHA-512 or PLAIN), the Kubernetes secret that
is referenced by the kafka_connection_secret_name property must contain two keys:
kafka-username and kafka-password.
When you target a Kafka instance over Transport Layer Security (TLS)
(
kafka_security_protocol: SASL_SSL), the TLS certificate that establishes trust to
this instance can be included in one of the following certificates:
- Cloud Pak TLS trust certificate list
(
spec.shared_configuration.trusted_certificates)
- Decision runtime trust certificates for Decision Intelligence
(
spec.ads_configuration.decision_runtime.decision_runtime_service.tls.certs_config_map_name)
- Secret that is referenced by the
kafka_connection_secret_name as the
kafka-server-certificate property
For more information about the event_emitter.* parameters, see Decision runtime
parameters.
- Configure the server certificate. The certificate is provided in PEM format in a
Kubernetes ConfigMap, which is similar to other certificates such as the ones for the decision
service archive repository and machine learning providers.