This sample details two use cases; the first showing how a call originating from Process Integration can call the Kyma Runtime and the second showing how a call originating from Kyma can call Process Integration. This scenario is intended for PI running in the NEO environment.
- Integration Tenant
- Kyma Runtime
- Cloud Connector
- Cloud Connector Connected to BTP Subaccount
- kubectl configured to use the
KUBECONFIG
file downloaded from the Kyma runtime.
This example calls an integration flow which calls a locally running service connected to BTP via the Cloud Connector.
For the locally running service httpbin can be used for the example flow. Pull and run the image
docker pull kennethreitz/httpbin
docker run -p 80:80 kennethreitz/httpbin
which will make the service available at http://localhost/
Choose Cloud To On-Premise
- Choose the
Add
button to add a new entry - Choose the
Back-end Type
ofNon-SAP System
and chooseNext
- Choose
HTTP
as theProtocol
and chooseNext
- Enter
localhost
for theInternal Host
and80
for theInternal Port
and chooseNext
- Enter
httpbin.local
for theVirtual Host
and80
for theVirtual Port
and chooseNext
- Choose the default values for the next options and choose
Finish
- Choose the
Add
button to add a new entry - Enter
/
for theURL Path
- Choose
Path And All Sub-Paths
for theAccess Policy
- Choose
Save
- Create a new
dev
Namespace:
kubectl create namespace dev
kubectl label namespaces dev istio-injection=enabled
- Apply the Resources:
kubectl -n dev apply -f ./k8s/cpi-scc-httpbin/function-neo.yaml
kubectl -n dev apply -f ./k8s/cpi-scc-httpbin/apirule-neo.yaml
- Within the
dev
namespace choose the menu optionWorkloads
->Functions
. - Open the
cpi-scc-httpbin-neo
function. - Under
Environment Variables
alter thecpi_url
value to include your Integration tenant url. - Under
Environment Variables
alter theuser
andpassword
values using a user that has the roleESBMessaging.send
- Save the Changes.
- Apply the Resources:
kubectl -n dev apply -f ./k8s/call-kyma-api/function.yaml
kubectl -n dev apply -f ./k8s/call-kyma-api/apirule.yaml
- Within the
dev
namespace choose the menu optionConfiguration
->OAuth Clients
. - Choose
Create OAuth Client
and provide the values:- Name: cpi-client
- Response types: Token
- Grant types: Client credentials
- Scope: read
- Choose
Create
. - Choose the
Decode
option to view the Client Id and Client Secret values. These will be needed in the Integration Setup.
To setup trust between Integration and the Kyma runtime, the root certificate of Kyma will need to be added into the Integration tenant.
- Navigate to dst-root-ca-x3
- Copy and Paste the DST Root certificate into a text file on your computer, saving it as
kyma.cer
. - Within the Integration tenant choose the menu option
Monitor
. - Choose the
Keystore
tile. - Choose
Add
->Certificate
- Choose
Browse
and select the save root certificatekyma.cer
, do not provide an Alias - Choose
Add
and Confirm Cert
- Within the Integration tenant choose the menu option
Monitor
. - Choose the
Security Material
tile. - Choose the
Create
drop down and chooseOAuth2 Client Credentials
and provide the values:- Name: kyma
- Grant type: Client Credentials
- Token Service URL:
https://oauth2.<kyma cluster>/oauth2/token
- Client ID: the value from the kyma oauth client
- Client Secret: the value from the kyma oauth client
- Client Authentication: Send as Request Header
- Include Scope: enabled
- Scope: read
- Content Type: application/x-www-form-urlencoded
- Choose the
Deploy
option
- Within the Integration tenant choose the menu option
Design
. - Choose the
Import
option and import theKyma Samples.zip
found in the cpi folder. - Within
Kyma Samples
, choose the Artifacts tab. - Choose the
call-kyma-api
artifact to open it. - Choose the
Configure
option and provide following values:- Address:
https://cpi-api-read-oauth.<kyma cluster>
- Credential Name: kyma
- Address:
- Save the changes.
- Open the
dev
namespace within the Kyma console. - Choose the menu option
Discovery and Network
->API Rules
- Choose the
Host
option for thecpi-scc-httpbin-neo
entry. - A successful response should contain a json structure containing the data submitted in the request
{
"args":{},
"data":"{\"somedata\":\"1234\"}",
"files":{},
"form":{},
"headers":{
"Accept":"*/*",
"Host":"httpbin.local",
"Sap-Messageprocessinglogid"
...
-
These steps can be done with a tool such as Postman or using Curl as shown here.
-
Grab the Integration Flow's URL by performing the following steps:
- Within the Integration tenant choose the menu option
Monitor
. - Go to
Manage Integration Content
->Started
Tile - Verify that 'call-kyma-api' Integration Flow is in the started state. Copy the URL (https://
<tenant url>
/http/kyma/api) from theEndpoints
tab.
- Within the Integration tenant choose the menu option
-
Run the following command to set the values into environment variables using a user that has the role
ESBMessaging.send
:export INTEGRATION_FLOW_URL='<integration-flow deployed iflow url>' export USER='<your btp user>' export PASSWORD='<your btp password>' export ENCODED_CREDENTIALS=$(echo -n "$USER:$PASSWORD" | base64)
-
Send the request to validate the scenario:
curl $INTEGRATION_FLOW_URL -H "Authorization: Basic $ENCODED_CREDENTIALS" -H "Content-Type: application/json"
A succesfully call should respond with
[{"orderid": "00000001", "description": "First sample order", "amount": "100.00"},{"orderid": "00000002", "description": "Second sample order", "amount": "102.00"},{"orderid": "00000003", "description": "Third sample order", "amount": "402.00"}]