Skip to content

Latest commit

 

History

History
58 lines (39 loc) · 4.35 KB

README.md

File metadata and controls

58 lines (39 loc) · 4.35 KB

az-private-linky-aks

Example project to showcase SAP Private Link service integration with a workload hosted on Azure Kubernetes Service.

📰🔗Associated blog post on the SAP community.

Main project can be found here. Associated blog series supporting the overall narrative and individual integration targets for SAP Private Link Service for Azure here.

Configure a private integration between SAP Business Technology Platform and your workload on Azure Kubernetes Service

Warning⚠️

This example assumes a configuration with a single-service deployment with NGINX. Hence the Private Link Service annotations are maintained on the service level. In case you prefer an Ingress Controller, the annotations need to be maintained there. Any Ingress Controller needs to be configured individually. See here for more details. Complete your YAML with the annotations maintained from the shared snippet in this repos.

  1. Create an AKS cluster

  2. Choose ingress flavor for your AKS in light of Azure Private Link Service:

The following steps apply to the standard Azure load balancer option and single service deployment.

  1. Run kubectl apply -f deployment.yaml
  2. Run kubectl apply -f service.yaml. Learn more about the Private Link Service configuration options for AKS here. For instance use "service.beta.kubernetes.io/azure-pls-auto-approval" to auto-approve connection requests from specified Azure subscriptions IDs.
  3. Check your configuration with kubectl describe svc hello-btp-service
  4. As of this step the process is identical to the standard process. Finish the handshake by completing the link from SAP BTP and approving the connection request from the PLS UI on AKS. See the SAP docs or the first post of the blog series for more details.

SAP BTP Destination configuration

Without SSL setup on NGINX, ingress controler or Azure Application Gateway you need to fallback to http for your integration test

key value
Name aks
Type HTTP
URL http://[your private hostname]/
Proxy Type PrivateLink
Authentication [based on your service needs]

Additional Properties

key value
HTML5.DynamicDestination true
WebIDEEnabled true
WebIDEUsage odata_abap

Become truly private and encrypted

Hints on troubleshooting