Skip to Content
Technical Articles

Setup of Api management/Cloud Foundry services with sap cloud connector on Kubernetes/Gardener

 

This blog specifically deals with consuming Cloud foundry services with Canary/gardener instance on any of the cloud providers. This scenario is for private cloud Kubernetes instance within a company’s firewall. The idea is to have secure REST api’s hosted on Kubernetes on gardener and be able to apply various policies such as rate limiting and access policy provided by api management. All sap cloud foundry services can follow the similar architecture if they are deploying nodejs/other  applications on kubernetes platform.

Let me talk about the setup and architecture first

                                                                                                                                                             Architecture

Architecture

The application pod hosts the rest API which we will be accessing in api management via cloud connector. the host and port will be the ClusterIP address of your pod/port.

The user interacts via certificate/api key or any other mechanism that you want to use for authentication. The sap cloud connector is used as the k8s system is within sap VPN and hence it treats the gardener system as an on prem system and establishes a secured tunnel from api management to k8s. the Pod is a ClusterIP service pod so it is accessible via cloud connector pod but not via external systems. The configurations that you have to make is use a docker container for sapcc and install it on the k8s using deployment file. Follow the below blog for docker installation
After you have the setup done on local machine and you have tested the flow, Create a K8s file like below. I will explain about the file in detail. The only aberration it has is the usage of init containers. If you don’t use init containers then your sap cc installation is wiped out after each time k8s restarts your sapcc pod. You can use a persistent volume to store the contents but without init containers, the pv is not able to store the installation files. Below i have declared two persistent volume and two pvc. it is required to copy contents for the init container. You have to store the contents at temp location /opt/sap/scc_seed and then copy them to your containers default location /opt/sap/scc

 

apiVersion: v1

kind: PersistentVolume

metadata:

name: stc-pv-vol

namespace: stc-mvp

spec:

storageClassName: default

capacity:

storage: 10Gi

accessModes:

– ReadWriteOnce

hostPath:

path: /data

type: Directory

apiVersion: v1

kind: PersistentVolumeClaim

metadata:

name: stc-pv-claim

namespace: stc-mvp

spec:

storageClassName: default

accessModes:

– ReadWriteOnce

resources:

requests:

storage: 5Gi

apiVersion: v1

kind: PersistentVolume

metadata:

name: stc-pv-volc

namespace: stc-mvp

spec:

storageClassName: default

capacity:

storage: 10Gi

accessModes:

– ReadWriteOnce

hostPath:

path: /data

type: Directory

apiVersion: v1

kind: PersistentVolumeClaim

metadata:

name: stc-pv-claimc

namespace: stc-mvp

spec:

storageClassName: default

accessModes:

– ReadWriteOnce

resources:

requests:

storage: 5Gi

apiVersion: apps/v1

kind: Deployment

metadata:

namespace: stc-mvp

name: sapcc

labels:

app: sapcc

spec:

selector:

matchLabels:

app: sapcc

replicas: 1

template:

metadata:

labels:

app: sapcc

spec:

volumes:

– name: stc-pv-vol

persistentVolumeClaim:

claimName: stc-pv-claim

– name: stc-pv-volc

persistentVolumeClaim:

claimName: stc-pv-claimc

initContainers:

– image:<imagename>:latest

name: init-service

command:

– bash

– “-c”

– |

set -ex

if find /opt/sap/scc/config -mindepth 1 | read; then

echo “directory not empty”;

echo `ls -la /opt/sap/scc`

else

echo “directory empty”;

cp -fR /opt/sap/scc_seed/* /opt/sap/scc/

echo “what is the listing now?”;

echo `ls -la /opt/sap/scc`

fi

volumeMounts:

– name: stc-pv-vol

mountPath: /opt/sap/scc

containers:

– image:<imagename>:latest

imagePullPolicy: Always

name: sapcc

ports:

– name: http

containerPort: 8443

volumeMounts:

– name: stc-pv-volc

mountPath: /opt/sap/scc

 

apiVersion: v1

kind: Service

metadata:

name: sapcc

namespace: stc-mvp

labels:

app: sapcc

spec:

ports:

– name: http

port: 8443

selector:

app: sapcc

type: LoadBalancer

Your docker file also requires some changes. you have to create a temp directory /opt/sap/scc_seed.

RUN mkdir /opt/sap/scc_seed && cp -fR /opt/sap/scc/* /opt/sap/scc_seed/
Hope this helps

 

 

/
Architecture
Be the first to leave a comment
You must be Logged on to comment or reply to a post.