...
The Cloud Agent communicates with the DataPower Operations Dashboard instance which is installed outside the Kubernetes cluster. Therefore, proper inbound (ingress) communication must be configured for the different services of the Cloud Agent.
The firewall requirements for the Cloud Agent, based on the DPOD deployment type, are detailed at Firewall Requirements.
Custom Network Configuration
...
The manager exposes APIs to interact with the Cloud Agent and the the DataPower Gateways. It is using the HTTPS protocol.
The following properties (in the Cloud Agent CR) control the way DPOD can communicate communicates with the manager:
externalHost
- The external host for accessing the manager from outside the cluster. It is the user’s responsibility to configure this host as a DNS entry that is available to DPOD. You can inspect the generated host in.status.endpoints
of the Cloud Agent CR (see also Endpoints).externalPort
- The external port for accessing the manager from outside the cluster (default is 443).incomingTrafficMethod
- The method of exposing the manager to incoming traffic from outside the cluster. Available options are:Route
(default and available for OpenShift only) - the operator will create aService
and aRoute
resources.NodePort
(default for Kubernetes) - the operator will create aNodePort
Service
resource.Custom
- see “Custom Network Configuration” above.
incomingTrafficPort
- The port for exposing the manager to incoming traffic from outside the cluster (whenincomingTrafficMethod
isNodePort
, default is the value ofexternalPort
).
...
Cloud Agent Messaging
The messaging allows DPOD to receive serves the collected transactional data. It is using the Kafka protocol.
The following properties (in the Cloud Agent CR) control the way DPOD can communicate communicates with the messaging:
externalHost
- The external host for accessing the messaging from outside the cluster. This value will be published by the messaging brokers (Kafka). The bootstrap endpoint will use this host, and each messaging broker will use a consecutive host name with its number at the end of the first part of the FQDN. It is the user’s responsibility to configure these hosts as DNS entries that are available to DPOD. You can inspect the list of the generated hosts in.status.endpionts
of the Cloud Agent CR (see also Endpoints).externalPortStart
- The starting external port for accessing the messaging from outside the cluster. The bootstrap endpoint will use this port, and each messaging broker will use a consecutive port (default is 30100).incomingTrafficMethod
- The method of exposing the messaging to incoming traffic from outside the cluster. Available options are:NodePort
(default) - the operator will createNodePort
Service
resources (one for the bootstrap<CR name>-msg-bse-svc
and one for each messaging broker<CR name>-msg-dir-svc-<broker number>
).Custom
- see “Custom Network Configuration” above.
incomingTrafficPortStart
- The starting port for exposing the messaging to incoming traffic from outside the cluster (whenincomingTrafficMethod
isNodePort
). The bootstrap endpoint will use this port, and each messaging broker will use a consecutive port (default is the value ofexternalPortStart
).
...