Technology Blogs by SAP
Learn how to extend and personalize SAP applications. Follow the SAP technology blog for insights into SAP BTP, ABAP, SAP Analytics Cloud, SAP HANA, and more.
Showing results for 
Search instead for 
Did you mean: 
The last week I was in the need of an SFTP server just to make some tests for PoC I was working on.

The first thought that came to my mind was to get an account in a Hyperscaler so I can easily create a VM exposed to the public internet, running some linux distro and install ssh. 

That could have definitely worked, but it was maybe too much for the need I had.

I started to explore options within SAP BTP, and found this great post from my colleague gunteralbrecht about deploying SAP Cloud Connector in Kyma.

So, if SAP Cloud Connector can run on a Kyma cluster, why not an SFTP server ?.

It was simpler than expected, so let me share the steps to prove it.

This blog assumes that a Kyma runtime is already deployed in the SAP BTP account, if that's not the case, please check this tutorial from SAP Developers

1) Create a Namespace

All the steps could be performed either by using the Kyma UI Dashboard or using the kubectl command line tool. For simplicity, I will use the Kyma UI Dashboard.

Go to Namespace and click on Create Namespace


Enter a name for the namespace, and be sure you let the Enable Sidecar Injection disabled


2) Create a Deployment

After the namespace is created, you are redirected into the namespace overview page. Go to Workloads -> Deployments and Create a new Deployment



3) Configure Deployment

I will deploy this public image from Docker Hub, that can be configured just by passing some env variables. You can also try running it locally with the below command *assuming that you already have docker installed

docker run -p 22:22 -d atmoz/sftp foo:pass:::upload

This will create a Container from the atmoz/sftp Image, and open the local 22 port mapping the same port in the container and create a user foo with password pass, that can upload files into the upload folder.

In the Create Deployment wizard, go to YAML option, so you can specify all the required parameters for the container, like below

apiVersion: apps/v1
kind: Deployment
name: impassioned-quiet
namespace: ns-sftp
labels: impassioned-quiet
replicas: 1
app: impassioned-quiet
app: impassioned-quiet 'false'
imagePullSecrets: []
- name: impassioned-quiet
image: atmoz/sftp
- containerPort: 22
- name: SFTP_USERS
value: foo:pass:::upload
memory: 64Mi
cpu: 50m
memory: 128Mi
cpu: 100m

After you deploy the image, you should get a running Pod with a single container running


4) (Optional) Connect to the Container and test the SFTP server

before exposing the container to internet, you can run a port-forward to open a tunnel from you local environment and the deployed container.

for this steps, you should have kubectl command line tool configured (with the kubeconfig file and oidc_login plugin )

  1. Run kubectl get pods -n ns-sftp

  2. Run kubectl port-forward impassioned-quiet-67f668974-vkddg -n ns-sftp 22:22 (replace the name of the pod with the name of the pod obtained in previous steps)

  3. Open another terminal, and connect to localhost:22 and try uploading some file

5) Expose the Container to Internet

You could either create a Service with annotations, as detailed in gunteralbrecht post or you could create a Service + DNS Entry CR separately.

Go to Services and create a new Service
apiVersion: v1
kind: Service
name: sftp-service
namespace: ns-sftp
type: LoadBalancer
app: 'impassioned-quiet'
- protocol: TCP
port: 2222
targetPort: 22

Notice here that type is set to Load Balancer and port and targetPort should be different.

Replace with the name used in the Deployment resource.

At this point you have the SFTP server exposed to Internet, and you could connect with the command like below

From the Service Overview, copy the External IP and connect to port 2222


6) (Optional) Create a DNS Entry to have a friendly host name

Go to Configuration -> DNS Entries and click on Create DNS Entry

The DNSName should be in the form <hostname>.<kyma_cluster_id>

And the Target should be the External IP obtained in the Service creation


You can can find out your Kyma Cluster ID in the Cluster Overview



With just few steps, you can get your own SFTP Server running on a SAP Kyma cluster.

As stated in the beginning of this post, this SFTP server is just for testing purpose and not mean for production use as there is no Persistent Volumes created to store the files nor secured way for provision users.