Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Kyma Deployment Update #196

Merged
merged 28 commits into from
Mar 17, 2023
Merged
Show file tree
Hide file tree
Changes from 23 commits
Commits
Show all changes
28 commits
Select commit Hold shift + click to select a range
92da5dd
add requires section
sidakphull Jan 31, 2023
1c9d137
update kyma deployment section
sidakphull Jan 31, 2023
facfd58
Merge branch 'main' into helm-chart-update
sidakphull Jan 31, 2023
0a47764
Merge branch 'main' into helm-chart-update
sidakphull Feb 1, 2023
2eadd19
use java 17 for building srv
sidakphull Feb 1, 2023
f3a4d8a
Merge branch 'main' into helm-chart-update
sidakphull Feb 13, 2023
bdde41e
add multitenancy steps
sidakphull Feb 13, 2023
b55873e
minor changes
sidakphull Feb 13, 2023
9f746d4
Merge branch 'main' into helm-chart-update
sidakphull Feb 15, 2023
bf82dd8
Merge branch 'main' into helm-chart-update
sidakphull Feb 16, 2023
3c9195b
Merge branch 'main' into helm-chart-update
sidakphull Feb 16, 2023
5ff9fa0
Merge branch 'main' into helm-chart-update
sidakphull Feb 20, 2023
b943b22
Merge branch 'main' into helm-chart-update
sidakphull Feb 23, 2023
6435d36
Merge branch 'main' into helm-chart-update
sidakphull Mar 2, 2023
f9c127b
update documentation to 6.6.0
sidakphull Mar 2, 2023
d48f1f5
add option to set xsuaa parameters
sidakphull Mar 2, 2023
4e457a9
Update .cdsrc.json
beckermarc Mar 3, 2023
c35e974
Merge branch 'main' into helm-chart-update
sidakphull Mar 16, 2023
3e68808
add extensibility and toggles to kyma mt config
sidakphull Mar 16, 2023
8c1116d
typo
sidakphull Mar 16, 2023
1655a44
refactoring
sidakphull Mar 17, 2023
22ff9ae
add destination
sidakphull Mar 17, 2023
0412529
Merge branch 'main' into helm-chart-update
sidakphull Mar 17, 2023
8156365
Update README.md
beckermarc Mar 17, 2023
a5ff714
Update kyma-st.json
beckermarc Mar 17, 2023
510ce3c
Put instructions for .cdsrc.json adaptions into README
beckermarc Mar 17, 2023
c59f9e7
Delete kyma-mt.json
beckermarc Mar 17, 2023
8aeeb71
Delete kyma-st.json
beckermarc Mar 17, 2023
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
207 changes: 156 additions & 51 deletions README.md
Original file line number Diff line number Diff line change
Expand Up @@ -241,57 +241,40 @@ Before you can access the UI using the (tenant-specific) URL to the bookshop(-mt
- Container Registry (e.g. [Docker Hub](https://hub.docker.com/))
- Command Line Tools: [`kubectl`](https://kubernetes.io/de/docs/tasks/tools/install-kubectl/), [`kubectl-oidc_login`](https://github.com/int128/kubelogin#setup), [`pack`](https://buildpacks.io/docs/tools/pack/), [`docker`](https://docs.docker.com/get-docker/), [`helm`](https://helm.sh/docs/intro/install/), [`cf`](https://docs.cloudfoundry.org/cf-cli/install-go-cli.html)
- Logged into Kyma Runtime (with `kubectl` CLI), Cloud Foundry space (with `cf` CLI) and Container Registry (with `docker login`)
- `@sap/cds-dk` >= 6.0.1
- `@sap/cds-dk` >= 6.6.0

### Add Deployment Files

CAP tooling provides your a Helm chart for deployment to Kyma.
CAP tooling provides you a Helm chart for deployment to Kyma.

For single tenant deployment, replace the contents of _`.cdsrc.json`_ with _`kyma-st.json`_.
For multi tenant deployment, replace the contents of _`.cdsrc.json`_ with _`kyma-mt.json`_.

Add the CAP Helm chart with the required features to this project:

```bash
cds add helm
cds add hana
cds add xsuaa
cds add html5-repo
```

#### Helm chart configuration

This project contains a pre-configured configuration file `values.yaml`, you just need to do the following changes in this file:

- `<your-container-registry>` - full-qualified hostname of your container registry
- `domain`- full-qualified domain name used to access applications in your Kyma cluster

#### Use API_BUSSINESS_PARTNER Remote Service (optional)
beckermarc marked this conversation as resolved.
Show resolved Hide resolved
#### Use API_BUSSINESS_PARTNER Remote Service (optional, single tenant only)

You can try the `API_BUSINESS_PARTNER` service with a real S/4HANA system with the following configuration:

1. Create either an on-premise or cloud destination in your subaccount.

2. Add the binding to the destination service for the service (`srv`) to the `values.yaml` file:
2. Add configuration required for the destination service by executing the following command.

```yaml
srv:
...
bindings:
...
destinations:
serviceInstanceName: destinations
```bash
cds add destination
```

(The destination service instance is already configured)

3. Set the profiles `cloud` and `destination` active in your `values.yaml` file:

```yaml
srv:
...
env:
SPRING_PROFILES_ACTIVE: cloud,destination
# TODO: To be removed after @sap/cds-dk patch
CDS_ENVIRONMENT_K8S_SERVICEBINDINGS_CONNECTIVITY_SECRETSPATH: '/bindings/connectivity'
CDS_ENVIRONMENT_K8S_SERVICEBINDINGS_CONNECTIVITY_SERVICE: 'connectivity'
```

4. For on-premise only: Add the connectivity service to your Helm chart:
Expand All @@ -300,6 +283,8 @@ You can try the `API_BUSINESS_PARTNER` service with a real S/4HANA system with t
cds add connectivity
```

Note: `cds add helm` will not add configuration required to create a Connectivity Service Instance. This Service Instance should be created by the Kyma Cluster Administrator. For more information regarding configuration of Connectivity Instance, please check the [documentation](https://cap.cloud.sap/docs/guides/deployment/deploy-to-kyma#connectivity-service).

*See also: [API_BUSINESS_PARTNER Remote Service and Spring Profiles](#api_business_partner-remote-service-and-spring-profiles)*

### Prepare Kubernetes Namespace
Expand All @@ -314,78 +299,198 @@ bash ./scripts/create-container-registry-secret.sh

The *Docker Server* is the full qualified hostname of your container registry.

#### Create a HDI container and a secret
#### Create a HDI container / Service Manager Instance and a Secret

This step is only required if you're using a BTP Trial account. If you're using a production or a free tier account then you can create HDI Container from Kyma directly by adding a [mapping to your Kyma namespace in your HANA Cloud Instance](https://blogs.sap.com/2022/12/15/consuming-sap-hana-cloud-from-the-kyma-environment/) and skip this step.

##### Single Tenant

```
bash ./scripts/create-db-secret.sh bookshop-db
```

It will create a HDI container `bookshop-db` on your currently targeted Cloud Foundry space and creates a secret `bookshop-db` with the HDI container's credentials in your current Kubernetes namespace.
It will create a HDI container `bookshop-db` instance on your currently targeted Cloud Foundry space and a secret `bookshop-db` with the credentials in your current Kubernetes namespace.

### Build
Make the following changes to your _`chart/values.yaml`_.

**Build data base deployer image:**
```diff
srv:
bindings:
db:
- serviceInstanceName: hana
+ fromSecret: bookshop-db
...

hana-deployer:
bindings:
hana:
- serviceInstanceName: hana
+ fromSecret: bookshop-db

...
- hana:
- serviceOfferingName: hana
- servicePlanName: hdi-shared
```
cds build --production

pack build $YOUR_CONTAINER_REGISTRY/bookshop-hana-deployer \
--path db \
--buildpack gcr.io/paketo-buildpacks/nodejs \
--builder paketobuildpacks/builder:base
##### Multi Tenant

```
bash ./scripts/create-sm-secret.sh bookshop-sm
```

(Replace `$YOUR_CONTAINER_REGISTRY` with the full-qualified hostname of your container registry)
It will create a Service Manager `bookshop-sm` instance on your currently targeted Cloud Foundry space and a secret `bookshop-sm` with the credentials in your current Kubernetes namespace.

Make the following changes to your _`chart/values.yaml`_.

**Build image for CAP service:**
```diff
srv:
bindings:
service-manager:
- serviceInstanceName: service-manager
+ fromSecret: bookshop-sm
...

sidecar:
bindings:
service-manager:
- serviceInstanceName: service-manager
+ fromSecret: bookshop-sm

...
- service-manager:
- serviceOfferingName: service-manager
- servicePlanName: container
```
mvn package

### Build

```bash
cds build --production
```

**Build image for CAP service:**

```bash
mvn clean package -DskipTests=true
```

```bash
pack build $YOUR_CONTAINER_REGISTRY/bookshop-srv \
--path srv/target/*-exec.jar \
--buildpack gcr.io/paketo-buildpacks/sap-machine \
--buildpack gcr.io/paketo-buildpacks/java \
--builder paketobuildpacks/builder:base \
--env SPRING_PROFILES_ACTIVE=cloud
--env SPRING_PROFILES_ACTIVE=cloud \
--env BP_JVM_VERSION=17
beckermarc marked this conversation as resolved.
Show resolved Hide resolved
```

(Replace `$YOUR_CONTAINER_REGISTRY` with the full-qualified hostname of your container registry)

**Build Approuter Image:**

```bash
pack build $YOUR_CONTAINER_REGISTRY/bookshop-approuter \
--path app \
--buildpack gcr.io/paketo-buildpacks/nodejs \
--builder paketobuildpacks/builder:base \
--env BP_NODE_RUN_SCRIPTS=""
```

**Build HTML5 application deployer image:**
**Build data base deployer image (single tenant only):**
beckermarc marked this conversation as resolved.
Show resolved Hide resolved

```bash
pack build $YOUR_CONTAINER_REGISTRY/bookshop-hana-deployer \
--path db \
--buildpack gcr.io/paketo-buildpacks/nodejs \
--builder paketobuildpacks/builder:base \
--env BP_NODE_RUN_SCRIPTS=""
```
bash ./scripts/build-ui-image.sh

**Build sidecar image (multi tenant only):**

```bash
pack build $YOUR_CONTAINER_REGISTRY/bookshop-sidecar \
--path mtx/sidecar/gen \
--buildpack gcr.io/paketo-buildpacks/nodejs \
--builder paketobuildpacks/builder:base \
--env BP_NODE_RUN_SCRIPTS=""
```

### Push container images

You can push all the container images to your container registry, using:

```bash
docker push $YOUR_CONTAINER_REGISTRY/bookshop-srv

docker push $YOUR_CONTAINER_REGISTRY/bookshop-approuter
```
docker push $YOUR_CONTAINER_REGISTRY/bookshop-hana-deployer

docker push $YOUR_CONTAINER_REGISTRY/bookshop-srv
#### Single Tenant

docker push $YOUR_CONTAINER_REGISTRY/bookshop-html5-deployer
```bash
docker push $YOUR_CONTAINER_REGISTRY/bookshop-hana-deployer
```

### Deployment
#### Multi Tenant

```bash
docker push $YOUR_CONTAINER_REGISTRY/bookshop-sidecar
```
helm upgrade bookshop ./chart --install -f values.yaml

### Configuration

Make the following changes in the _`chart/values.yaml`_ file.

1. Change value of `global.domain` key to your cluster domain.

2. Replace `<your-cluster-domain>` in `xsuaa.parameters.oauth2-configuration.redirect-uris` with your cluster domain.

3. Replace `<your-container-registry>` with your container registry.

4. Make the following change to add backend destinations required by Approuter.

```diff
- backendDestinations: {}
+ backendDestinations:
+ backend:
+ service: srv
+ mtx-api:
+ service: srv
```

### Access the UI
5. Add your image registry secret created in [Create container registry secret](#create-container-registry-secret) step.

```diff
global:
domain: null
- imagePullSecret: {}
+ imagePullSecret:
+ name: container-registry
```

### Deployment

Deploy the helm chart using the following command:

#### Single Tenant

```bash
helm install bookshop ./chart --set-file xsuaa.jsonParameters=xs-security.json
```

Before you can access the UI you should make sure to [Setup Authorizations in SAP Business Technology Platform](#setup-authorizations-in-sap-business-technology-platform).

1. Create a Launchpad Service subscription in the BTP Cockpit
2. Go to **HTML5 Applications**
3. Start any of the HTML5 applications
Click on the approuter url logged by the `helm install` to access the UI.

#### Multi Tenant

```bash
helm install bookshop ./chart --set-file xsuaa.jsonParameters=xs-security-mt.json
```

Additionally, you can add the UIs to a Launchpad Service site like it is described in in the last two steps of [this tutorial](https://developers.sap.com/tutorials/btp-app-kyma-launchpad-service.html#9aab2dd0-18ea-4ccd-bc44-24e87c845740).
In case of multi tenant, you'll have to subscribe to the application from a different subaccount. You can follow the steps mentioned [here](https://cap.cloud.sap/docs/guides/deployment/as-saas#subscribe) to access the application.

## Setup Authorizations in SAP Business Technology Platform

Expand Down
30 changes: 30 additions & 0 deletions kyma-mt.json
Original file line number Diff line number Diff line change
@@ -0,0 +1,30 @@
{
"requires": {
"multitenancy": true,
beckermarc marked this conversation as resolved.
Show resolved Hide resolved
"extensibility": true,
"toggles": true,
"auth": {
"kind": "xsuaa"
},
"approuter": {
"kind": "cloudfoundry"
}
},
"build": {
"target": ".",
"tasks": [
{
"for": "java"
},
{
"for": "mtx-sidecar"
},
{
"for": "hana"
}
]
},
"hana": {
"deploy-format": "hdbtable"
}
}
30 changes: 30 additions & 0 deletions kyma-st.json
Original file line number Diff line number Diff line change
@@ -0,0 +1,30 @@
{
"build": {
"target": ".",
"tasks": [
{
"for": "java"
},
{
"for": "mtx-sidecar"
},
{
"for": "hana"
}
]
},
"hana": {
"deploy-format": "hdbtable"
},
"requires": {
"auth": {
"kind": "xsuaa"
},
"approuter": {
"kind": "cloudfoundry"
},
"db": {
"kind": "hana-cloud"
}
}
}
Loading