Example project to showcase SAP Private Link service integration with a workload hosted on Azure Kubernetes Service.
📰🔗Associated blog post on the SAP community.
Main project can be found here. Associated blog series supporting the overall narrative and individual integration targets for SAP Private Link Service for Azure here.
Configure a private integration between SAP Business Technology Platform and your workload on Azure Kubernetes Service
Warning
⚠️ This example assumes a configuration with a single-service deployment with NGINX. Hence the Private Link Service annotations are maintained on the service level. In case you prefer an Ingress Controller, the annotations need to be maintained there. Any Ingress Controller needs to be configured individually. See here for more details. Complete your YAML with the annotations maintained from the shared snippet in this repos.
-
Create an AKS cluster
-
Choose ingress flavor for your AKS in light of Azure Private Link Service:
- Standard Azure load balancer
- Ingress Controller for AKS
- Azure Application Gateway (will be discussed in next post on the series)
The following steps apply to the standard Azure load balancer option and single service deployment.
- Run
kubectl apply -f deployment.yaml - Run
kubectl apply -f service.yaml. Learn more about the Private Link Service configuration options for AKS here. For instance use "service.beta.kubernetes.io/azure-pls-auto-approval" to auto-approve connection requests from specified Azure subscriptions IDs. - Check your configuration with
kubectl describe svc hello-btp-service - As of this step the process is identical to the standard process. Finish the handshake by completing the link from SAP BTP and approving the connection request from the PLS UI on AKS. See the SAP docs or the first post of the blog series for more details.
Without SSL setup on NGINX, ingress controler or Azure Application Gateway you need to fallback to http for your integration test
| key | value |
|---|---|
| Name | aks |
| Type | HTTP |
| URL | http://[your private hostname]/ |
| Proxy Type | PrivateLink |
| Authentication | [based on your service needs] |
| key | value |
|---|---|
| HTML5.DynamicDestination | true |
| WebIDEEnabled | true |
| WebIDEUsage | odata_abap |
- Continue your journey with a fully private AKS cluster here
- Add SSL to your AKS hosted workload using NGINX or Mesh. See the AKS ingress controller docs for more details.
- Azure Private Link Connectivity troubleshooting guide
- Test connectivity without XSUAA first and don't make to many configurations at the same time