Technology Blogs by SAP
Learn how to extend and personalize SAP applications. Follow the SAP technology blog for insights into SAP BTP, ABAP, SAP Analytics Cloud, SAP HANA, and more.
cancel
Showing results for 
Search instead for 
Did you mean: 
I542634
Advisor
Advisor
With SAP BTP, Kyma Runtime, you can now expose your custom domain through an API Rule using an istio Gateway.

Steps to expose your custom domain



  1. Hold the certificate of your custom domain

  2. Create on istio-system namespace a TLS Secret holding the certificate’s data

  3. Create your new namespace (eg: dev)

  4. Create a new istio Gateway that consumes the Secret you just created

  5. Create a new API Rule hosting on your custom domain

  6. Test the endpoint on Postman with SSL enabled


 

Get the certificate of your custom domain


The certificate, or certificates should hold data for these 3 fields:

  • crt

  • key

  • ca



Create a TLS Kubernetes Secret with the credentials of your certificate


After getting your domains’ certificates, you’ll need to create a tls Kubernetes Secret that is required for your Istio Gateway. Log in to your Kyma cluster, go to istio-system namespace.

If istio-system is not visible on the namespace list, click on the top-right icon of your Dashboard to open "Preferences". On the left side, select "Clusters" and enable "Show hidden Namespaces".


Go back to your namespace list and select "istio-system".

On the left panel select Configuration – Secret.

Click on “+ Create Secret” and choose tls preset:


After that choose a name to your secret and fill the Data panel.

The tls Secret needs to hold the correct values for:

  • tls.crt

  • tls.key

  • ca.crt



After completion, click on Create. Your custom domain's certificate is now saved as a tls Secret.


Create an istio Gateway


Go to your application namespace, or create a new one (eg: dev). On the left panel select istio – Gateways.

Click on “+ Create Gateway”

Firstly, choose a name for your Gateway. After that, start by adding a Server:

Click on “+ Add”

Create an HTTPS port

Port number: 443

Name: https

Protocol: HTTPS


On the TLS panel:

TLS mode: SIMPLE

Credential name: select your secret on the istio-system namespace. (if the secret does not appear on the dropdown, don't worry and write it down, it will be found after creation)


On the Hosts panel:

Hosts: *.yourcustomdomain.com

Then click on “Create”


Create an API Rule


Go to your application namespace. On the left panel select Discovery and Network – API Rules.

Click on "+ Create API Rule" and start by selecting a name of your choice.

Under the Service panel:

Select Service name and choose the service and the port you want to expose through the API Rule.

After that complete Gateway and Hosts with your newly created Gateway and custom Domain.

Gateway: your_custom_gateway.dev.svc.cluster.local

Host: api.your_custom_domain.com


Under the Rules panel, apply the necessary changes that you see most fit.

When that is done, click on “Create”.


Test the connection to your custom domain on Postman


Open Postman and paste your newly created custom domain. Add necessary credentials and parameters if that is the case. In the end, enable the SSL verification under Settings and hit “Send”.











Conclusion


Kyma dashboard offers the possibility of exposing a service through an API rule hosting on a custom domain. With this, it is possible to avoid using Kyma domain on exposed APIs.

Feel free to provide feedback or ask questions about this topic 😊

If the SAP BTP, Kyma runtime topic interests you, here are some other links that you may like:


References




Further Readings


2 Comments