Application
TokenRequest
ApplicationMapping
Deployment
(see below for code)ServiceBinding
(see below for code)ServiceBindingUsage
(see below for code)Deployment
(see below for code)Deployment
and tested out that the gateway endpoint was automatically added to the container. To help you to achieve the same testing, code has been provided below.# Create a sample Deployment
cat <<EOF | kubectl apply -f -
apiVersion: apps/v1
kind: Deployment
metadata:
name: nginx
labels:
app: nginx
spec:
replicas: 1
selector:
matchLabels:
app: nginx
template:
metadata:
labels:
app: nginx
spec:
containers:
- name: nginx
image: annajung/nginx-with-curl:0.0.1
ports:
- containerPort: 80
EOF
# Create a Service Binding
cat <<EOF | kubectl apply -f -
apiVersion: servicecatalog.k8s.io/v1beta1
kind: ServiceBinding
metadata:
name: nginx-binding
spec:
instanceRef:
name: sample-app
EOF
# Create a Service Binding Usage
cat <<EOF | kubectl apply -f -
apiVersion: servicecatalog.kyma-project.io/v1alpha1
kind: ServiceBindingUsage
metadata:
name: nginx-binding-usagee
spec:
serviceBindingRef:
name: nginx-binding
usedBy:
kind: deployment
name: nginx
EOF
# Retrieve pod name
NGINX_POD_NAME=$(kubectl get pod -l app=nginx \
-o jsonpath={.items[0].metadata.name})
# Search for GATEWAY_URL env variable that has been added automatically
kubectl exec -it $NGINX_POD_NAME -c nginx -- env | grep GATEWAY_URL
kyma-integration
namespace: Application Broker, Application Operator, Application Registry, Connection Token Handler, and Connector Service. Using these components, it manages a secure connection, traffic, and events to/from the external application to/from Kyma.Application
custom resource is created, Application Operator provisions an Application Gateway and an Event Service for the application. However, there are a lot more resources provisioned at the same time which might be the reason why it takes a bit for the status
field to show up. All components related to the Application
exists in the kyma-integration
namespace.TokenRequest
custom resource then retrieves the configuration from the Connector Service. Once the configuration has been received, it updates the existing TokenRequest
with a status
field that contains a token and a Connector Service info endpoint. This is the reason why you have to output the TokenRequest
after creating to grab the URL.Application
and ApplicationMapping
custom resources to create a Service Broker called application-broker
. Once application-broker
resource has been created, Service Catalog components recognize that there is a new broker and creates a ServiceClass
for each service exposed by the broker. Only when the Service Class has been created for the Application, you can create a ServiceInstance
to provision it to be used by any application running inside your cluster.ServiceInstance
, you have to bind it to either a function or a service running in the cluster. When that binding is established, a Secret
is created that contains a GATEWAY_URL
variable which is the endpoint used to connect to the Application
. One of the really nice things about the Secret
is that it gets automatically injected into the service/function that is bound to and the management of the Secret
(connection to the Application) stays separated from the service lifecycle.APIRule
custom resource, I wasn't able to successfully access the main page without listing the full path it redirects to. To get around this issue, I had to use port-forward
or use a non-Kyma environment to access WordPress application.Application
. However, the external application must be able to understand how to utilize the connection in the correct way. This means that additional code for a plugin for Kyma is required for the external application. As shown in the WordPress tutorial, the steps to achieve a connection with Kyma are to download and install a WordPress specific connector. This approach also means that the connection is managed outside of Kyma, which may be favorable or not depending on your use case.Application
custom resource can be viewed by running the following commandkubectl get all -n kyma-integration | grep $APP_NAME
Invalid Org Unit
error. The error is thrown when you curl
the configuration URL with the token due to mismatch of OU=OrgUnit and O=Organization
openssl genrsa -out generated.key 2048
# Remember to replace {APP_NAME} with the actual app name
openssl req -new -sha256 -out generated.csr -key generated.key -subj "/OU=OrgUnit/O=Organization/L=Waldorf/ST=Waldorf/C=DE/CN={APP_NAME}"
openssl base64 -in generated.csr
generated.csr
openssl base64 -in generated.csr | tr -d '\n'
--cert
flag takes base64 decoded clientCrt
.export CERT_FILE_NAME=clientCrtDecoded
export KEY_FILE_NAME=generated
export CLUSTER_DOMAIN=kyma.local
curl -X POST -H "Content-Type: application/json" -d '{"csr": "${BASE64_ENCODED_CSR}"}' ${CSR_SIGNING_URL_WITH_TOKEN} | jq . > clientcertificate.json
jq .clientCrt -r clientcertificate.json > clientCrt
cat clientCrt | base64 -d > ${CERT_FILE_NAME}.crt
curl https://gateway.${CLUSTER_DOMAIN}/v1/applications/management/info --cert ${CERT_FILE_NAME}.crt --key ${KEY_FILE_NAME}.key -k
api.spec
or a URL under api.SpecificationUrl
. However, OData APIs are only supported using api.SpecificationUrl
.provider
, name
, and description
. But you should define either api
or events
depending on which you want the application to expose. When api
is defined, api.targetUrl
is required. When events
is defined, events.spec
is required.json
file into curl
command by following the belowcurl -X POST -d '@api.json' https://gateway.kyma.local/{APP_NAME}/v1/metadata/services --cert clientCrtDecoded.crt --key generated.key -k
no matches for kind "Api" in version "gateway.kyma-project.io/v1alpha2"
. This is because Kyma no longer supports an API
custom resource and support APIRule
custom resource instead. To get around this issue, run the following. However, as mentioned in the "lessons learned" section, I had problems accessing WordPress application and this could be because of how I defined the APIRule
. I also started a conversation in Slack #general channel to speak with Kyma colleagues about the problem I am running into. If you're interested, please follow the conversation there!# Create an APIRule for WordPress
cat <<EOF | kubectl apply -f -
apiVersion: gateway.kyma-project.io/v1alpha1
kind: APIRule
metadata:
name: wordpress
namespace: wordpress
spec:
gateway: kyma-gateway.kyma-system.svc.cluster.local
rules:
- accessStrategies:
- config: {}
handler: noop
methods:
- GET
- POST
- PUT
- PATCH
- DELETE
- HEAD
path: /.*
service:
host: wordpress.kyma.local
name: wordpress
port: 80
EOF
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.