Found this on page: Changing the Port Configuration for Event Broker Services “If you are using NodePort as part of your deployment for Customer-Controlled Regions, creating an event broker service generates the port numbers, which you can’t change.” – not true.
You should allow deployments to provide a nodeport for the deployments, a few update will be needed for the nodeport deployment, but this will make your customers’ life better.
Changing the ports are also possible, once that’s done, disable/enable a port on the broker will trigger an update on the current ports which will update the new ports in the page.
For an easier Broker SSO setup, if you are using a non-integrated F5 or other LBs, I would suggest you use the same port as NodePort port for the Management port 943, because this port will be used for other connections like event management agent connection and SSO profile (reply URI) so the “open broker management” page link from the solace portal would work.
For other ports like 55443 you can map it with whatever nodeport port is.
Event Management Agent doesn’t allow you to use a custom CA for your private domain and certs, you can update your deployment to add your CA and Root to make it work, this impacts both scan and change push from event portal.
Reach out to me if you have questions. 