Connectivity: Accessing a Workload in the Corporate Network or On-Premise System from SAP BTP, Kyma Runtime
If you want to access a workload in the corporate network or on-premise system from SAP BTP, Kyma runtime, you can use Connectivity Proxy from SAP BTP, Connectivity.
The sample demonstrates how to access workloads/APIs in the corporate network or on-premise system from SAP BTP, Kyma runtime and includes:
- Adding the Connectivity Proxy module in your Kyma runtime. See Connectivity in the Kyma Environment.
- Starting the sample Node.js application locally.
- Configuring Cloud Connector to be exposed to the connected SAP BTP account.
- Deploying a Serverless Function, which is configured to call the sample Node.js application via the Connectivity Proxy, in the Kyma runtime.
- Using a curl Pod to call the sample Node.js application via the Connectivity Proxy.
-
SAP BTP, Kyma runtime instance
-
The service plan connectivity_proxy of the connectivity service is assigned to your subaccount as an entitlement. For more information, see Configure Entitlements and Quotas for Subaccounts.
[!NOTE] For subaccounts created after February 15, 2024, this entitlement is assigned automatically.
-
You have the Istio, SAP BTP Operator, Serverless, and Connectivity Proxy modules added. For more information, see Adding and Deleting a Kyma Module.
-
Export the environment variable.
export NS=<your namespace> # e.g. default
-
Enable Istio sidecar proxy injection in your namespace.
kubectl label namespaces ${NS} istio-injection=enabled -
Start the sample Node.js application included in the repository. Clone the repository and run the following commands in the localmock directory:
npm install
npm start
-
Download and install Cloud Connector and establish a connection to the localmock app. See Installation.
-
Open Cloud Connector.
-
Choose the relevant subaccount or add a new one.
-
Choose Cloud To On-Premise.
-
Under the ACCESS CONTROL tab, choose the + button to add a system.
-
Set the following configuration options:
Parameter Value Backend Type Non-SAP System Protocol HTTP Internal Host localhost Internal Port 3000 Virtual Host localhost Virtual Port 3000 Principle Type None -
Choose the option to Check Internal Host and choose Finish.
Result The Check Result column should display that the sample is Reachable.
-
Set the URL path policy of the sample.
Under Resources Of localmock:3000 choose the + button to add a resource.
- Enter the URL Path /.
- Choose the Access Policy Path And All Sub-Paths.
- Choose Save.
The provided sample Function calls the on-premise sample application by proxying the call via the connectivity-proxy. Within the function.yaml code you can find this in the proxy object definition of the axios get call. The cc_url defines the URL to call as was defined in the virtual host/port specified in Cloud Connector.
-
Deploy the sample Function and APIRule custom resources found in the k8s directory:
kubectl -n ${NS} apply -f function.yaml kubectl -n ${NS} apply -f apirule.yaml
-
Open the APIRule in your namespace. In Kyma dashboard, go to Discovery and Network -> API Rules and choose the host of the cc-sample APIRule. The expected response should be similar to this one:
{ "OrderNo": "19", "createdBy": "Internal Inc.", "buyer": "The Buyer Co.", "currency": { "code": "EUR" }, "Items": [ { "product_ID": "943735", "quantity": 6, "title": "familiar", "price": 12 } ] }
-
Create an interactive Pod with curl installed.
kubectl run curl --image=curlimages/curl -i --tty
-
Call the on-premise connection.
curl --proxy http://connectivity-proxy.kyma-system.svc.cluster.local:20003 http://localhost:3000/orders?OrderNo=123[!NOTE] You can access the Connectivity Proxy service using the connectivity-proxy.kyma-system.svc.cluster.local:20003 URL.
-
Escape the Pod.
exit -
If you want to remove the Pod, run:
kubectl delete pod curl
For more information on principal propagation, see the VeridisQuo. Reaching SAP LOB destinations with connectivity proxy and principal propagation blog post and this sample.