Limitations

This section describes various limitations that currently exist.

The IBM® Netcool® Operations Insight® Event Integrations Operator has the following limitations:

  • Only the AMD64 / x86_64 architecture is supported.
  • Prometheus integration is verified on Red Hat® OpenShift® Container Platform 4.5 and 4.6.
  • There are several known limitations when enabling secure connection between probe clients and server:
    • The required files in the secret must be created using the nc_gskcmd utility.
    • If your ObjectServer is configured with FIPS 140-2, the password for the key database file (omni.kdb) must meet the requirements stated in IBM Documentation: https://www.ibm.com/support/knowledgecenter/SSSHTQ_8.1.0/com.ibm.netcool_OMNIbus.doc_8.1.0/omnibus/wip/install/task/omn_con_ssl_creatingkeydatabasefips.html.
    • When encrypting a string value using the encryption config key file (encryption.keyfile), you must use the AES_FIPS as the cipher algorithm. AES algorithm is not supported.
    • When connecting to an ObjectServer in the same cluster, you can connect the gateway to the secure connection proxy which is deployed with the IBM Netcool Operations Insight ObjectServer to encrypt the communication using TLS but the TLS termination is done at the proxy. It is recommended to enable Mutual Transport Layer Security (mTLS) in Service Mesh to encrypt cluster data network traffic. For more information, refer to the ServiceMeshControlPlane parameters section in the Service Mesh installation, usage, and release notes.
  • There is no upgrade path from probe or gateway Helm charts to this Operator. Upgrades and rollback from Helm charts to Operator is not supported. Users must migrate the Helm release configuration to the respective probe or gateway custom resource YAML, deploy the custom resource YAML to install the probe or gateway, verify the integration is successful and working as expected before deleting the old Helm release.
  • Ensure that your cluster has internet access for the operator to pull the container images from entitled registry and public registry.
  • For the JDBC Gateway, if multiple deployments are connected to the same ObjectServer, in the event of a rolling update the deployments may result in the gateway attempting to execute insert, update, delete or duplicate events into the target RDBMS database. To address this limitation, the number of replicas for the Pod is limited to one and the recreate strategy is defined for the deployment.
  • Currently the JDBC Gateway can only be provisioned for Audit mode.
  • When the Generic Webhook Probe is configured to send HTTP requests to the target event source and there are more than one pod replica running, there may be duplicated HTTP requests sent to the target event source and duplicate events received in the ObjectServer. To avoid event duplication, limit the probe pod to one by setting the probe.replicaCount to 1 and probe.autoscaling.enabled to false.
  • If you opt to use the OLM UI to install or configure the Gateway for Kafka, you must do so using YAML view instead of the Form view. There is a known limitation in the Form view whereby it changes the Kafka Client Producer Configuration from a multi-line string into a single-line string which is not expected by the gateway and the text field does not accept new line characters.
  • Currently the Gateway for Kafka only supports SASL/PLAIN which is a simple username/password authentication mechanism. The gateway does not support SASL/GSSAPI which uses Kerberos for authentication.