I’m part of the Kyma team working on the Application Connector and Connectivity Proxy features for SAP BTP, Kyma Runtime. I want to inform you about a new version of Connectivity Proxy available in Kyma.
Changes
Besides the security improvements, the 2.9.2 version brings new functionality that allows you to call your cloud Kyma workload from your On-Premise environment with the HTTP requests using a bidirectional secure communication channel. To build such a communication channel with Connectivity Proxy you must create the Service Mapping Kubernetes resource in your Kyma cluster. It contains information about the target Kubernetes service and a subaccount to which the Cloud Connector application is connected.
In addition, if you change your configuration, the Connectivity Proxy Pod will be automatically reloaded.
Configure Connectivity Proxy to access Kyma workloads from your On-Prem system
To access your workloads from your On-Prem system, perform the following steps:
- Implement your workload in Kyma. For example, Function or the REST API deployment.
- Expose the workload using the Kubernetes service of type Cluster IP. Read Using a Service to Expose Your App for more details.
- Create Service Mapping custom resource.
apiVersion: connectivityproxy.sap.com/v1 kind: ServiceMapping metadata: name: {SERVICE_MAPPING_NAME} spec: type: TCP subaccountId: {SUBACCOUNT_ID} serviceId: {VIRTUAL_SERVICE_NAME} internalAddress: {TARGET_KUBERNETES_SERVICE}For example:
apiVersion: connectivityproxy.sap.com/v1 kind: ServiceMapping metadata: name: sm spec: type: TCP subaccountId: ${SUBACCOUNT} serviceId: myservice internalAddress: echoserver.test:80In this example, the cluster contains the echoserver.test service with port 80.
The virtual service name under which the echoserver.test service will be available, is myservice. You can see the name in Cloud Connector, under Details in the Service Channels Overview after finishing step 4. - Create a service channel in Cloud Connector. To create a service channel, use the following command to retrieve the endpoint that you must later use as the Kubernetes Cluster Host:
kubectl get servicemappings.connectivityproxy.sap.com sm -ojsonpath={.status.endpoint}The required URL is the value of the `endpoint` key.
Go to Cloud Connector, and click On-Premise to Cloud. Choose the + (Add) button. In the wizard select service channel type, provide the endpoint URL, and local port number. Mind choosing a free port in your environment.
Select service channel type in Cloud Connector
Provide the endpoint URL
- To check your connection, you can use the following exemplary request:
curl -vvv {CLOUD_CONNECTOR_URL}:{LOCAL_PORT_NUMBER}/test-H "Host: echoserver.test"For example:
curl -vvv http://localhost:5001/test -H "Host: echoserver.test"You should get the 200 OK status.
Conclusion
The Connectivity Proxy feature in Kyma has been updated to version 2.9.2. It brings you interesting improvements and functionalities.
Follow the Configure Connectivity Proxy section to connect your Kyma workloads with your On-Prem system.
For more information on Connectivity Proxy, see Service Channels: On-Premise-to-Cloud Connectivity.
