Overview
The DPO DPOD Cloud Agent component allows support for IBM DataPower Gateways deployed in Kubernetes/OpenShift, and includes the following features:
Automatic discovery of IBM DataPower Gateways as they are deployed, scaled up or scaled down by the DataPower k8s Operator.
The collected data is stored in a persistent messaging layer until it is processed by DPOD.
The DPOD Cloud Agent is highly available and can be scaled up or down as required.
...
It includes the following components:
Cloud Agent Operator - manages the installation of the Cloud Agent instances and the discovery of the
DataPowerService
resources in the cluster.Cloud Agent Manager - performs auto-discovery of the DataPower Gateway pods, exposes APIs to DPOD to interact with the Cloud Agent the the DataPower Gateways, maintains the topics in the messaging component, sends keepalive messages, etc.
Cloud Agent Messaging - stores the collected data from the DataPower gateways until it is processed by DPOD.
Cloud Agent Syslog Ingester - receives Syslog messages from the DataPower Gateways.
Cloud Agent HTTP Ingester - receives HTTPS messages from the DataPower Gateways, such as WS-M payloads, API-C Analytics offload, etc.
Available Versions
DPOD Version | Cloud Agent Operator Version |
---|---|
1.0.19.0 | 0.1.0 |
Operator Installation Mode
When installing an operator via OLM, there are two options for the Installation Mode:
...
Note |
---|
Do not install the Operator in more than one mode. If |
Available Versions
...
...
Cloud Agent Operator Version
...
1.0.19.0
...
0.1.0
...
Network Configuration
The Cloud Agent sends and receives data to / from communicates with the DataPower Operations Dashboard instance which is installed outside the Kubernetes cluster.
Currently the DPOD Cloud Agent Operator supports the following methods for exposing the Cloud Agent’s services:
...
NodePort - (default) The Cloud Agent operator will create services with the type of NodePort
to expose the services externally to OCP.
...
Therefore, proper inbound (ingress) communication must be configured for the different services of the Cloud Agent.
The firewall requirements for the Cloud Agent, based on the DPOD deployment type, are detailed at Firewall Requirements.
Custom Network Configuration
The Cloud Agent operator includes several standard types of network configuration, such as NodePort
and Route
(for OpenShift).
However, it is also possible to use a custom network configuration. If you choose to use a custom network configuration, the Cloud Agent operator will not create any resources for exposing the services externally to
...
the cluster, and it is the user’s responsibility to create, update and delete these resources (e.g.: Ingress controller, LoadBalancer services, etc.).
For more information, see the Kubernetes documentation.
For
route
,Ingress
configuration see OCP Route Kubernetes Ingress documentation.For
ingress
Route
configuration see Kubernetes Ingress OCP Route documentation.
Cloud Agent Manager
Cloud Agent Inbound (ingress) Communication
The Cloud Agent inbound communication includes:
Management API invocation generated by DataPower Operations Dashboard to the
manager
component of the Cloud Agent.Kafka communication to the
messaging
component of the Cloud Agent (messaging brokers).
Manager
The manager
component has a number of properties (in the Cloud Agent CR) for controlling the communication:The manager exposes APIs to interact with the Cloud Agent and the DataPower Gateways. It is using the HTTPS protocol.
The following properties (in the Cloud Agent CR) control the way DPOD communicates with the manager:
externalHost
- The external host for accessing the manager from outside the cluster. It is the user’s responsibility to configure this host as a DNS entry that is available to DPOD. You can inspect the generated host in.status.endpoints
of the Cloud Agent CR (see also Endpoints).externalPort
- The external port for accessing the manager from outside the cluster (default is 443).incomingTrafficMethod
- The method of exposing the manager to incoming traffic from outside the cluster.
Available options are:Custom
,NodePort
,Route
(default
Route
and available for OpenShift only) - the operator will create a
Service
and aRoute
resources.NodePort
(default for Kubernetes)
externalHost
-
externalPort
- The external port for accessing the manager from outside the cluster (default is 443)the operator will create a
NodePort
Service
resource.Custom
- see “Custom Network Configuration” above.
incomingTrafficPort
- The port for exposing the manager to incoming traffic from outside the cluster (whenincomingTrafficMethod
isNodePort
, default is the value ofexternalPort
).
For more information, see Manager API documentation.
Cloud Agent Messaging
The messaging component has a number of serves the collected transactional data. It is using the Kafka protocol.
The following properties (in the Cloud Agent CR) for controlling the communication:
...
control the way DPOD communicates with the messaging:
externalHost
- The external host for accessing the messaging from outside the cluster. This value will be published by the messaging brokers (Kafka). The bootstrap endpoint will use this host, and each messaging broker will use a consecutive host name with its number at the end of the first part of the FQDN. It is the user’s responsibility to configure these hosts as DNS entries that are available to DPOD. You can inspect the list of the generated hosts in.status.endpionts
of the Cloud Agent CR (see also Endpoints).externalPortStart
- The starting external port for accessing the messaging from outside the cluster. The bootstrap endpoint will use this port, and each messaging broker will use a consecutive port (default is 30100).incomingTrafficMethod
- The method of exposing the messaging to incoming traffic from outside the cluster. Available options are:NodePort
(default) - the operator will createNodePort
Service
resources (one for the bootstrap<CR name>-msg-bse-svc
and one for each messaging broker<CR name>-msg-dir-svc-<broker number>
).Custom
- see “Custom Network Configuration” above.
incomingTrafficPortStart
- The starting port for exposing the messaging to incoming traffic from outside the cluster (whenincomingTrafficMethod
isNodePort
). The bootstrap endpoint will use this port, and each messaging broker will use a consecutive port (default is the value ofexternalPortStart
).
For more information, see Messaging API documentation.
The Cloud Agent Operator will create the following Kubernetes services for the messaging component:
...
<CR name>-msg-bse-svc
- A NodePort
service for externally accessing the messaging bootstrap port.
...
.