on 05-23-2022 11:33 AM
Hello!
We have some problems connecting to our on premise S/4 HANA system from Kyma using SAPs connectivity service.
We followed this sample:
https://github.com/SAP-samples/kyma-runtime-extension-samples/tree/main/connectivity-proxy
However, when we create the Connectivity Service via Kyma Dashboard, there is no connectivity proxy pod created.
When we created the services via the service yaml file, we get two running connectivity proxy pods as seen in the screenshot:
When we test the service with the curl command, it doesn't know the proxy address:
Also, when we run our application we get the following error message:
com.sap.cloud.sdk.cloudplatform.connectivity.exception.DestinationAccessException: Failed to configure on-premise proxy for destination 'DEST_NAME'. Please make sure to correctly bind your application to a service instance.
Our yaml file is structed as following:
apiVersion: servicecatalog.k8s.io/v1beta1
kind: ServiceInstance
metadata:
name: connectivity-smartfi-controller
spec:
clusterServiceClassExternalName: connectivity
clusterServicePlanExternalName: connectivity_proxy
---
apiVersion: servicecatalog.k8s.io/v1beta1
kind: ServiceBinding
metadata:
name: connectivity-smartfi-controller-binding
spec:
instanceRef:
name: connectivity-smartfi-controller
Thanks in advance and kind regards,
Tim
Short update:
We have resolved the issue so that the connectivity service is working properly now. First, it seems like it we had to wait a bit for the connectivity service to setup, as we got a different error message after a while.
Furthermore we've made a fresh setup from scratch, after which we were able to use the curl command with a proxy. Seems like we messed up something in the earlier setup, but we can't say what exactly. Yet our application still couldn't find the connectivity proxy
For the last step, we added the principal propagation from this sample:
https://github.com/SAP-samples/kyma-runtime-extension-samples/tree/main/principal-prop-on-prem
To be precisive, we added the following config map
apiVersion: v1
data:
onpremise_proxy_host: connectivity-proxy.kyma-system.svc.cluster.local
onpremise_proxy_http_port: "20003
onpremise_proxy_ldap_port: "20001"
onpremise_proxy_port: "20003"
onpremise_proxy_rfc_port: "20001"
onpremise_socks5_proxy_port: "20004"
kind: ConfigMap
metadata:
creationTimestamp: null
name: connectivity-proxy-info
labels:
sample: principal-prop-on-prem
and mounted the config map and the xsuaa secret to our deployment:
- name: connectivity-proxy-details
projected:
sources:
- configMap:
name: connectivity-proxy-info
optional: false
- secret:
name: principal-prop-on-prem-xsuaa
optional: false
Our application now properly finds the proxy and is able to connect to the S4 on-premise system!
Thanks everyone for their help!
Kind regards,
Tim
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hello Tim, When you create the connectivity proxy service instance in one of user namespaces additionally you must have created a service binding usage, as depicted in the following gist. On a side note, having created merely a service instance will not trigger the binding usage process. When creating the service bing usage the application which is being bound to the connectivity proxy service is the default-gateway.
The connectivity proxy pod, namely connectivity-proxy-0, will be running in the context of the kyma-system namespace.
I hope that helps; kind regards; Piotr
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hey Piotr, thanks for your answer.
I've created the connectivity service with a binding to the default-gateway now:
Now I get a diffrent error message saying:
com.sap.cloud.sdk.cloudplatform.exception.NoServiceBindingException: Failed to get 'connectivity' service credentials from VCAP_SERVICES variable: no service binding found for service plan '(any)'. Please make sure to correctly bind your application to a service instance of the connectivity service.
Do you have an idea how to solve that?
Can you check that the services have been created by running?
kubectl get svc -n kyma-system | grep connect
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
kubectl get svc -n kyma-system | grep connect
central-application-connectivity-validator ClusterIP 100.71.151.169 <none> 8081/TCP,8080/TCP
62d
connectivity-proxy ClusterIP 100.65.187.115 <none> 20003/TCP,20004/TCP
160m
connectivity-proxy-tunnel ClusterIP None <none> 8042/TCP
160m
connectivity-proxy-tunnel-0 ClusterIP 100.67.226.172 <none> 8042/TCP
160m
connectivity-proxy-tunnel-healthcheck ClusterIP 100.70.126.84 <none> 8042/TCP
160m
Seems like the services have been created
Hello timrehrmann,
Let me start with the first part of your question. The connectivity proxy is being deployed in Kyma runtime by the reconciler running in the background. It's doing the job every 5 minutes which means in the "worst" case, you instantiate the Connectivity Service and bind it for the first time, and after 5 minutes you get the connectivity-proxy-0 pod running. That explains why it wasn't there with your YAML, but - maybe coincidence - instantly with the sample of GitHub.
I will forward your question to get the second part answered as well.
Best regards,
Marco
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Does it make a difference if you run the curl pod in the kyma-system namespace and try the curl test?
kubectl run curl --image=radial/busyboxplus:curl -i --tty -n kyma-system
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hey Jamie,
I get a different error both in the kyma-system namespace and the default one:
root@curl:/ ]$ curl --proxy http://connectivity-proxy.kyma-system.svc.cluster.local:20003 http://localhost:3000/orders?OrderNo=123
Cannot open tunnel with id account:///<our_subaccount_id>
Are we missing some entitlement for the connectivity service?
Ok, that error is indicating an issue with the cloud connector setup for the subaccount that Kyma is running in. I would suggest checking that the cloud connector is showing in the BTP cockpit under the connectivity menu and reviewing the setup of the connector itself.
For the other issue, did you disable the service mesh, the option Disable Sidecar Injection, for the namespace?
Regards,
Jamie
User | Count |
---|---|
67 | |
8 | |
7 | |
7 | |
7 | |
6 | |
5 | |
5 | |
5 | |
4 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.