cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

SAP Kyma using BTP Connectivity Service

Go to solution
timrehrmann
Explorer

on ‎05-23-2022 11:33 AM

0 Kudos

Hello!

We have some problems connecting to our on premise S/4 HANA system from Kyma using SAPs connectivity service.

We followed this sample:

https://github.com/SAP-samples/kyma-runtime-extension-samples/tree/main/connectivity-proxy

However, when we create the Connectivity Service via Kyma Dashboard, there is no connectivity proxy pod created.

When we created the services via the service yaml file, we get two running connectivity proxy pods as seen in the screenshot:

When we test the service with the curl command, it doesn't know the proxy address:

Also, when we run our application we get the following error message:

com.sap.cloud.sdk.cloudplatform.connectivity.exception.DestinationAccessException: Failed to configure on-premise proxy for destination 'DEST_NAME'. Please make sure to correctly bind your application to a service instance.

Our yaml file is structed as following:

apiVersion: servicecatalog.k8s.io/v1beta1
kind: ServiceInstance
metadata:
  name: connectivity-smartfi-controller
spec:
  clusterServiceClassExternalName: connectivity
  clusterServicePlanExternalName: connectivity_proxy

---
apiVersion: servicecatalog.k8s.io/v1beta1
kind: ServiceBinding
metadata:
  name: connectivity-smartfi-controller-binding
spec:
  instanceRef:
    name: connectivity-smartfi-controller

Thanks in advance and kind regards,

Tim

Show replies
Show replies
quovadis
Product and Topic Expert
Product and Topic Expert
‎05-23-2022 1:55 PM
0 Kudos

Tim, regarding the connectivity proxy creation we have provides several replies;

Re the use of BTP destinations: not sure what might have gone wrong at your end.

here follows a complete blog/tutorial on connectivity proxy used with a BTP destination to talk to an S/4HANA on premise....

https://blogs.sap.com/2022/04/07/veridisquo.-reaching-sap-lob-destinations-with-connectivity-proxy-a...

kind regards; Piotr

Answer

Accepted Solutions (1)

Accepted Solutions (1)

timrehrmann
Explorer
‎05-25-2022 1:01 PM

Short update:

We have resolved the issue so that the connectivity service is working properly now. First, it seems like it we had to wait a bit for the connectivity service to setup, as we got a different error message after a while.

Furthermore we've made a fresh setup from scratch, after which we were able to use the curl command with a proxy. Seems like we messed up something in the earlier setup, but we can't say what exactly. Yet our application still couldn't find the connectivity proxy

For the last step, we added the principal propagation from this sample:

https://github.com/SAP-samples/kyma-runtime-extension-samples/tree/main/principal-prop-on-prem

To be precisive, we added the following config map

apiVersion: v1
data:
  onpremise_proxy_host: connectivity-proxy.kyma-system.svc.cluster.local
  onpremise_proxy_http_port: "20003
  onpremise_proxy_ldap_port: "20001"
  onpremise_proxy_port: "20003"
  onpremise_proxy_rfc_port: "20001"
  onpremise_socks5_proxy_port: "20004"
kind: ConfigMap
metadata:
  creationTimestamp: null
  name: connectivity-proxy-info
  labels:
    sample: principal-prop-on-prem

and mounted the config map and the xsuaa secret to our deployment:

- name: connectivity-proxy-details
  projected:
    sources:
    - configMap:
        name: connectivity-proxy-info
        optional: false
    - secret:
        name: principal-prop-on-prem-xsuaa
        optional: false

Our application now properly finds the proxy and is able to connect to the S4 on-premise system!

Thanks everyone for their help!

Kind regards,

Tim

Show replies
Show replies

Answers (4)

Answers (4)

quovadis
Product and Topic Expert
Product and Topic Expert
‎05-23-2022 1:44 PM

Hello Tim, When you create the connectivity proxy service instance in one of user namespaces additionally you must have created a service binding usage, as depicted in the following gist. On a side note, having created merely a service instance will not trigger the binding usage process. When creating the service bing usage the application which is being bound to the connectivity proxy service is the default-gateway.

The connectivity proxy pod, namely connectivity-proxy-0, will be running in the context of the kyma-system namespace.

I hope that helps; kind regards; Piotr

Show replies
Show replies
timrehrmann
Explorer
‎05-23-2022 3:07 PM
0 Kudos

Hey Piotr, thanks for your answer.

I've created the connectivity service with a binding to the default-gateway now:

Now I get a diffrent error message saying:

com.sap.cloud.sdk.cloudplatform.exception.NoServiceBindingException: Failed to get 'connectivity' service credentials from VCAP_SERVICES variable: no service binding found for service plan '(any)'. Please make sure to correctly bind your application to a service instance of the connectivity service.

Do you have an idea how to solve that?

jamie_cawley
Advisor
Advisor
‎05-23-2022 12:37 PM

Can you check that the services have been created by running?

kubectl get svc -n kyma-system | grep connect

Show replies
Show replies
timrehrmann
Explorer
‎05-23-2022 1:52 PM
0 Kudos 
kubectl get svc -n kyma-system | grep connect
central-application-connectivity-validator                ClusterIP   100.71.151.169   <none>        8081/TCP,8080/TCP
 62d
connectivity-proxy                                        ClusterIP   100.65.187.115   <none>        20003/TCP,20004/TCP
 160m
connectivity-proxy-tunnel                                 ClusterIP   None             <none>        8042/TCP
 160m
connectivity-proxy-tunnel-0                               ClusterIP   100.67.226.172   <none>        8042/TCP
 160m
connectivity-proxy-tunnel-healthcheck                     ClusterIP   100.70.126.84    <none>        8042/TCP
 160m

Seems like the services have been created

Marco_Dorn
Advisor
Advisor
‎05-23-2022 12:14 PM

Hello timrehrmann,

Let me start with the first part of your question. The connectivity proxy is being deployed in Kyma runtime by the reconciler running in the background. It's doing the job every 5 minutes which means in the "worst" case, you instantiate the Connectivity Service and bind it for the first time, and after 5 minutes you get the connectivity-proxy-0 pod running. That explains why it wasn't there with your YAML, but - maybe coincidence - instantly with the sample of GitHub.

I will forward your question to get the second part answered as well.

Best regards,
Marco

Show replies
Show replies
timrehrmann
Explorer
‎05-23-2022 1:53 PM
0 Kudos

Ah I see, that could be a reason why it didn't show up after creating it with through the dashboard.

Okay, thanks for your help!

jamie_cawley
Advisor
Advisor
‎05-23-2022 2:26 PM
0 Kudos

Does it make a difference if you run the curl pod in the kyma-system namespace and try the curl test?

kubectl run curl --image=radial/busyboxplus:curl -i --tty -n kyma-system

Show replies
Show replies
timrehrmann
Explorer
‎05-23-2022 4:03 PM
0 Kudos

Hey Jamie,

I get a different error both in the kyma-system namespace and the default one:

root@curl:/ ]$ curl --proxy http://connectivity-proxy.kyma-system.svc.cluster.local:20003 http://localhost:3000/orders?OrderNo=123
Cannot open tunnel with id account:///<our_subaccount_id>

Are we missing some entitlement for the connectivity service?

jamie_cawley
Advisor
Advisor
‎05-23-2022 4:34 PM
0 Kudos

Ok, that error is indicating an issue with the cloud connector setup for the subaccount that Kyma is running in. I would suggest checking that the cloud connector is showing in the BTP cockpit under the connectivity menu and reviewing the setup of the connector itself.

For the other issue, did you disable the service mesh, the option Disable Sidecar Injection, for the namespace?

Regards,

Jamie

quovadis
Product and Topic Expert
Product and Topic Expert
‎05-23-2022 4:40 PM
0 Kudos

Tim, can you see your cloud connector up and running in the BTP sub-account your connectivity proxy service entitlement is coming from ?

if yes are you using any non-empty location id ?

Ask a Question