Overview

Configuration Management Extension service (CMX) extends Kaa Protocol (1/KP) and implements Configuration Management Protocol (7/CMP) to distribute configuration data to endpoints. As with other Kaa extension services, CMX uses Extension Service Protocol (4/ESP) for integration with a communication service.

CMX does not persist endpoint configuration data in any way—instead, configuration is pulled from an endpoint configuration data provider.

CMX implements a proactive configuration data push—endpoint configuration is sent to the endpoint as soon as possible, and an explicit endpoint subscription is not required. Note that explicit subscription is still recommended. To detect when a configuration push is required, CMX listens to some endpoint connectivity and lifecycle events defined in Endpoint Lifecycle and Connectivity Events (9/ELCE).

Interfaces

CMX supports a number of interfaces to perform its functional role. The key supported interfaces are summarized in the following diagram.

CMX interfaces diagram

For inter-service communication, Kaa services mainly use REST APIs and messaging protocols that run over NATS messaging system.

EP configuration data transport

CMX acts as an endpoint configuration data consumer in line with 6/CDTP. This protocol is used to retrieve configuration data, update latest applied endpoint configuration, and listen to endpoint configuration update events.

CMX lets the endpoints check if new configuration is available and specify what configuration version they are currently using.

Extension service protocol

CMX uses 4/ESP over NATS to exchange 7/CMP messages with endpoints through a communication service.

Endpoint lifecycle and connectivity events

CMX listens to endpoint lifecycle and connectivity events:

  • endpoint.lifecycle.appversion-updated. Change of application version may render other configuration applicable, which triggers a configuration push.
  • endpoint.connectivity.connected. If an endpoint has a new configuration available, it will be pushed as soon as the endpoint connects to the system.

Tekton integration

CMX is integrated with the Kaa Tekton for centralized application configuration management. It receives configuration update messages from Tekton over 17/SCMP and uses Tekton REST API to retrieve current configs.

See configuration for more information.

Kaa Tenant Manager integration

CMX supports multi-tenancy with each tenant using a separate OAuth 2.0 issuer for authentication, authorization, and resource management. The list of the existing tenants is managed by [the Kaa Tenant Manager][Tenant Manager], which provides REST API for retrieving tenant security configs.

See the security configuration for more details on how to enable multi-tenancy in CMX.