BCX

Binary data Collection Extension (BCX) is a Kaa service that allows connected clients to upload endpoint-related binary data blobs. This is useful for storing arbitrary binary data coming from connected devices: still images, video segments, audio recordings, etc.

To upload binary data, connected client must first retrieve a temporary authorization token from the BCX service instance by sending a request using an existing communication channel. Requests must be made on behalf of an existing endpoint.

Once in posession of a temporary token, clients must upload binary data blobs related to the given endpoint using the RESTful data upload API.

BCX provides REST API for managing and accessing already uploaded binary blobs.

The currently supported data storage backends are:

  • AWS S3 (aws-s3—the default);
  • in-memory storage (ram) is for the testing purpose only and not recommended for production.

Interfaces

BCX supports a number of interfaces to perform its functional role. The key supported interfaces are summarized in the following diagram.

BCX interfaces diagram

For inter-service communication, Kaa services mainly use REST APIs and messaging protocols that run over NATS messaging system.

Token exchange extension interface

This interface provides a method for connected clients to retrieve temporary authentication tokens for uploading binary data blobs. To do so using the 1/KP protocol integration with the KPC, client needs to issue an empty request to the following resource path:

kp1/<appversion_name>/<bcx_extension_instance_name>/<endpoint_token>/token

For example:

kp1/kettle-v1/bcx/oolaiY5P/token

A successful response payload contains a temporary data upload token to be used for binary blob uploads. For example (token string intentionally trimmed):

{
    "token": "eyJhIjoiYXBwMSIsImUiOiJtYWxpY2lvdXNFU..."
}

When a token expires after a configurable time, client should re-issue a token request.

Binary data blob upload API

Binary data upload is accomplished via a REST API call. BCX expects the temporary authorization token retrieved via the token exchange interface to be set in the x-auth-token request header.

Binary data blobs management API

BCX provides RESTful API for accessing and managing binary data blobs uploaded by endpoints.

Tekton integration

BCX is integrated with the Kaa Tekton for centralized application configuration management. It receives configuration update messages from Tekton over 17/SCMP and uses Tekton REST API to retrieve current configs.

See configuration for more information.

Kaa Tenant Manager integration

BCX supports multi-tenancy with each tenant using a separate OAuth 2.0 issuer for authentication, authorization, and resource management. The list of the existing tenants is managed by [the Kaa Tenant Manager][Tenant Manager], which provides REST API for retrieving tenant security configs.

See the security configuration for more details on how to enable multi-tenancy in BCX.

Management interface

BCX exposes an HTTP-based management interface with the following endpoints:

  • GET /health returns 200 OK if the service is up and running properly, and 500 Internal Server Error otherwise. In case of errors, the response payload contains their human-redable descriptions. This endpoint can be used by Kubernetes for liveness and readiness probing.
  • GET /metrics provides service metrics in Prometheus text-based format.