How to deploy Eclipse Dirigible private Docker image in the SAP Cloud Platform Kyma environment

Overview

Eclipse Dirigible is an open-source cloud development platform that provides capabilities for end-to-end development processes from database modeling and management, through RESTful services using server-side JavaScript, to pattern-based user interface generation, role-based security, external services integration, testing, debugging, operations and monitoring.

Some of the unique features include:

• In-System development
• Low-Code/No-Code development
• Modeling and Generation from templates
• In-App extensibility
• Enterprise JavaScript APIs
• Web IDE

The platform aims to unify open-source business services by providing software developers with a convenient set of tools for building, running, and operating business applications in the Cloud. Dirigible is also part of the Eclipse Cloud Development top-level project.

Setup

Starting with Eclipse Dirigible 5.0, there are built-in integrations with the SAP Cloud Platform Cloud Foundry and Kyma environments. To deploy Eclipse Dirigible on either one of these environments, you need to use a Docker image. While deploying the publicly available Dirigible Docker images is quite straightforward, there could be some cases where a Docker image form a private Docker repository is needed. For example a proprietary extension to the Dirigible Web IDE is created, or new engine supporting some custom artefacts at the Dirigible Runtime is used, or just an application developed with Dirigible to be deployed in production. In any case building a Docker image and pushing it to a private Docker repository, seems reasonable.

In this tutorial, I’m going to show you how to deploy Eclipse Dirigible based Docker image from a private Docker repository. During the tutorial I’m going to use the Docker Hub “one private” repository policy from the “Free for Individuals” plan.

As a pre-requisite a Docker Hub registration is needed, if you already have such, or if you are going to use another private Docker repository, then skip this section.

1. Go to https://hub.docker.com
2. Create a new registration.
3. Login to your account.

(Docker Hub)

Next we are going to create a new Private repository:

1. Go to the Repositories tab.
2. Click the Create Repository button.
3. Set repository name (e.g. my-repository).
4. Add repository description (this is optional).
5. Switch the visibility from Public to Private
6. Create the repository

(Docker Hub Create New Repository)

Once the private Docker repository is created, then it’s time to push the Docker image to it:

1. Build your Docker image:

   docker build -t my-repository .

2. Tag the Docker image:

   docker tag my-repository <your-docker-hub-user>/my-repository​

3. Push the image to the private Docker repository:

   docker push <your-docker-hub-user>/my-repository​

4. Check that the Docker image was successfully pushed:

(Docker Image Tags)

Now it’s time to login to the SAP Cloud Platform Kyma environment from the SAP Cloud Platform Cockpit.:

1. Login to the SAP Cloud Platform Cockpit and navigate to the Kyma Console:
2. Once logged-in, select the default namespace.
3. Download the kubeconfig file:
   
4. Install and configure kubectl:
   • Navigate to this kubectl setup and configuration page, from the official Kubernetes website
   • Execute the following command to verify that the installation and configuration was successful (empty result should be returned, if the cluster was initially empty):

     kubectl get pods

The next step is to create a Secret for the private Docker repository:

1. Create docker-registy-secret through the kubectl, with the following command:

   kubectl create secret docker-registry docker-registry-secret \
   --docker-server=<your-registry-server> \
   --docker-username=<your-name> \
   --docker-password=<your-password> \
   --docker-email=<your-email>

   • Replace <your-registry-server> with your Private Docker Registry FQDN (e.g. https://index.docker.io/v1/ for DockerHub)
   • Replace <your-name> with your Docker username.
   • Replace <your-password> with your Docker password.
   • Replace <your-email> with your Docker email.
2. Execute the following command to verify that the creation of the private Docker repository secret was successful:

   kubectl describe secret docker-registry-secret​

   

3. For more details on the Docker registry secret setup, you can visit this page.

Once we have the secret created, it’s time to use it in a Deployment resource to pull and use the private Docker image:

1. Create a new deployment.yaml file.
2. Replace the file content with the following:

   apiVersion: apps/v1
   kind: Deployment
   metadata:
     name: my-application
     namespace: default
   spec:
     replicas: 1
     selector:
       matchLabels:
         app: my-application
     template:
       metadata:
         labels:
           app: my-application
       spec:
         imagePullSecrets:
           - name: docker-registry-secret
         containers:
           - name: my-application
             image: <docker-hub-username>/my-repository
             ports:
               - containerPort: 8080
                 name: my-application
             env:
               - name: DIRIGIBLE_HOST
                 value: https://my-application.<KYMA-CLUSTER-HOST>
               - name: DIRIGIBLE_THEME_DEFAULT
                 value: "fiori"
   ---
   apiVersion: v1
   kind: Service
   metadata:
     name: my-application
     namespace: default
     labels:
       app: my-application
   spec:
     ports:
     - port: 8080
       name: my-application
     clusterIP: None
     selector:
       app: my-application
   

3. Replace the <KYMA-CLUSTER-HOST> placeholder with the Kyma cluster host (e.g. c-71b4221.kyma.shoot.live.k8s-hana.ondemand.com) and the <docker-hub-username> with your Docker Hub username.
4. Execute the following command to create the required resources in the Kyma cluster:

   kubectl apply -f deployment.yaml​

After the container was successfully deployed, we can expose it to the external world;

1. With back to the Kyma Console
2. Go to Configuration -> API Rules.
3. Click on the Create API Rule button.
   • Provide a value for the API Rule Name (e.g. my-application).
   • Provide a value for the API Rule Hostname (e.g. my-application).
   • Select my-application (port: 8080) service from the API Rule Service dropdown.
   • Leave the default access strategy.
   • Click the Create button.
     

(Kyma Create API Rule)

Next we are going to create a new Authorization & Trust Management service instance to secure the application:

1. Go to the Service Management -> Catalog section.
2. Search for the Authorization & Trust Management service.
3. Create a new service instance:
   • Provide a value for the service instance Name (e.g. xsuaa-my-application).
   • Set the service instance Plan to application.
   • Provide additional parameters as a JSON:

     {
        "xsappname": "xsuaa-my-application",
        "oauth2-configuration": {
           "token-validity": 7200,
           "redirect-uris": [
              "https://my-application.<KYMA-CLUSTER>"
           ]
        },
        "scopes": [
           {
              "name": "$XSAPPNAME.Developer",
              "description": "Developer scope"
           },
           {
              "name": "$XSAPPNAME.Operator",
              "description": "Operator scope"
           }
        ],
        "role-templates": [
           {
              "name": "Developer",
              "description": "Developer related roles",
              "scope-references": [
                 "$XSAPPNAME.Developer"
              ]
           },
           {
              "name": "Operator",
              "description": "Operator related roles",
              "scope-references": [
                 "$XSAPPNAME.Operator"
              ]
           }
        ],
        "role-collections": [
           {
              "name": "my-application-dirigible",
              "description": "Dirigible Developer",
              "role-template-references": [ 
                 "$XSAPPNAME.Developer",
                 "$XSAPPNAME.Operator"
              ]
           }
        ]	
     }

(Authorization & Trust Management Service Instance Additional Parameters)

• • NOTE: It’s important to replace the redirect-uris value with the previously created API Rule Host (e.g. https://my-application.c-71b4221.kyma.shoot.live.k8s-hana.ondemand.com) and the xsappname property to match the service instance name

(Authorization & Trust Management Service Instance Additional Parameters)

1. Once the service instance is in Running status, it’s time to bind it to the My-application application.
2. Click on the Bind Application button and select the application deployment (e.g. my-application) form the dropdown:
3. After a while access the application:

Related Resources

• How to deploy Eclipse Dirigible in the SAP Cloud Platform Kyma environment
• Eclipse Dirigible – Building a Docker Image for Your Application
• How to deploy Eclipse Dirigible private Docker image in the SAP Cloud Platform Cloud Foundry environment
• How to deploy Eclipse Dirigible in the SAP Cloud Platform Cloud Foundry environment

Notes

Next, you can visit the Samples section to master some of the basic Eclipse Dirigible functionalities, explore the Enterprise JavaScript APIs, check out the YouTube channel for video content, or simply visit the official site for news and updates.