In this blog post, we want to pick up all questions asked in the two Kyma-related TechEd sessions “Manage Your Kubernetes-Based Extensions for SAP Applications [DEV105]” and “Build Extensions with SAP BTP, Kyma Runtime [DEV261]”. The Hands-On is described at https://github.com/SAP-samples/teched2021-DEV261 in detail.
Q: Is there any instance strategy for Kyma runtime environment? Best practices guide or something?
A: The recommendation is to separate the productive instance from development & Q instance. You could technically have all in one and separate different stages inside one Kyma runtime by namespaces, but it’s better to split it by different instances once you go along with several use cases running inside Kyma.
Q: Kindly explain when to use kyma and when to use CF as runtime.
A: The choice of runtime at the moment depends on the type of the application / extension you want to run. Both CF and Kubernetes-based runtime are a good start, but they depend on your developer / operators skillset as well as on your innovation budget. If you decide for a microservice based approach, Kyma is the recommended runtime. Cloud Foundry in contrast is easier to get started with due to the supported build packs.
Q: Isn’t Docker Desktop legacy now?
Docker Desktop is not legacy. The Docker Subscription Service Agreement has changed for terms of Docker Desktop, but the tool still continues to exist (see https://www.docker.com/blog/updating-product-subscriptions/).
Kubernetes is deprecating Docker as a container runtime after v1.20, but that’s independent from Docker Desktop. For details see: https://kubernetes.io/blog/2020/12/02/dont-panic-kubernetes-and-docker/
Q: Will docker continue to be the underlying container technology for Kyma in the near future? (because of the recent changes in licensing for docker desktop for mid/large companies).
A: The underlying kubernetes cluster for a Kyma instance will soon transition to containerd as container runtime. However, that is unrelated to the docker daemon which you are using on your local machine.
Q: I imagine credentials should either be in the destination or the runtime env in a productive scenario?
A: Yes, you are right, however for simplicity of this tutorial we don’t focus 100% on production readiness. Please note that there are multiple different types of credentials, i.e Service credentials exchanged by OSB and in Service Bindings, external system credentials and so on. All need to be treated individually and handled differently sometimes.
Q: Are all these required entitlements available on a BTP trial account and free tier?
A: Yes, all entitlements for this walk through are possible on Trial and Free Tier. Only later in the CI-CD service, you can create two jobs instead of four. But the tutorial describes how to take care of the other two deployments.
The only thing to consider might be the regional availability of each service and their combination for the tutorial. It was tested in us-10 of Trial. The CICD service is not available on MS Azure, hence it can’t be instantiated in the Singapore region. But you could use the instance in a second subaccount in the US.
Q: In the entitlements, what does subaccount Assignment correspond to? For example for mobile service I can enter 1 to 70 units.
A: The entitlement depends on each service and its metric. E.g. for Kyma runtime, it’s number of instances. For other services, it might be GB/month. The metrics of each service are described at https://discovery-center.cloud.sap/servicessearch/?provider=all
Q: Can we access Kyma runtime from within SAP BTP cockpit?
A: Yes, via the link to the Kyma dashboard. Your user also needs to have the Kyma admin role. All steps are described at https://help.sap.com/products/BTP/65de2977205c403bbc107264b8eccf4b/ccb83c700e8d4bb8aa545d7307b8b08a.html?locale=en-US
Q: Does the Kyma container contain all storage and compute power that is needed or do we need additional HANA Service as a fundament to Kyma runtime environment?
A: This depends on what you want / need to build. If you have a HANA-based use case you need a DB instance external to your Kyma runtime cluster. Everything else for storage and compute and networking is built in. Note that BTP comes with a rich set of Backing service in its multi-cloud services portfolio. Feel free to explore it.
Q: Can we assume that Kyma runtime is a successor of SAP BTP, serverless runtime? Will serverless runtime be retired soon? Is there any migration path from serverless runtime to Kyma runtime?
A: Please refer to the blog post “SAP BTP, Serverless Runtime to be discontinued and replaced by SAP BTP, Kyma Runtime and SAP Integration Suite”. Kyma runtime supports Node.JS and Python as language for its serverless engine. Furthermore, Git-Repositories can be linked to the serverless engine. This should make transition straight forward. (link to SAP Help Portal page).
Q: How to access the CLI? Is it done from SAP BTP?
A: It is a standard Kubernetes CLI (kubectl) which you install on your computer.
Q: Does Kyma support Infrastructure as a Code? If yes, does this only work in a CPEA or PAYG environment?
A: Yes, it does (implicity) support it. With CD addons like ArgoCD or Flux you can apply GitOps to all your activities. This includes all kubernetes-managed objects. For code-based GitOps, the serverless engine in Kyma does already support CD by reacting on Git changes.
Usage of ArgoCD will be possible after the next major release of Kyma runtime which is planned for the near future.
Q: For Kyma on BTP, do we need to enable it only in a specific region?
A: You can choose any region for the Kyma runtime. To decrease latency, the recommendation for this tutorial is using the same region like the other services. All available regions and hypersalers are found at https://help.sap.com/products/BTP/65de2977205c403bbc107264b8eccf4b/350356d1dc314d3199dca15bd2ab9b0e.html?version=Cloud#cluster-regions
For the Free Tier, only AWS is available right now. We have it on the radar to add more regions. BTP Trial will simply create the Kyma Runtime in the region of your subaccount.
Q: I know the cloud solutions like SAP Cloud for Customer are easy to hook up to Kyma. But what features does the Kyma run time have to connect to SAP on-premise?
A: Cloud Connector support is planned to be available with the next major Kyma release coming planned for the near future. Then it is planned to auto deploy the “Connectivity Proxy for Kubernetes” when requested by the user. Here is the roadmap item.
Today, it’s possible to go via SAP Cloud Integration (https://github.com/SAP-samples/kyma-runtime-extension-samples/blob/main/pi-scenario/README.md)
Q: Can we connect continuous delivery service with custom pipeline?
A: The SAP Continuous Integration and Delivery Service provides a quick and easy start for users who are not that experienced with CI/CD or do not have their own infrastructure. If you have already Azure DevOps Pipeline or own Jenkins Infrastructure, you can implement similar pipelines as shown here. In case you should need more flexibility, you might also take a look at Project “Piper” (https://www.project-piper.io/) – it provides reusable steps implementation also for Docker Builds and Deployments to a Kubernetes Cluster.
Q: Once we have the extension ready in dev environment , how can we transport to quality and production environment, is it done using Transportation Management Service?
A: SAP Cloud Transport Management service does not support transports around Kyma yet – we had first discussions and plan to provide support for all SAP BTP runtimes. As soon as we will have an update, we will then communicate this via https://roadmaps.sap.com/board?PRODUCT=73554900100800001901&range=CURRENT-LAST, so please watch out for corresponding updates there.
Q: Does Kyma contain direct interface with gCTS?
A: gCTS enables CI/CD for ABAP development, such as on an SAP S/4HANA backend – therefore, we did not foresee a direct interface with Kyma here. If you should have combined scenarios, an (indirect) interplay via automated pipelines would be possible. To trigger gCTS from a pipeline, you can find gCTS steps in the step library of project ‘Piper’ (Project “Piper”: Continuous Delivery for the SAP Ecosystem (https://www.project-piper.io/).
Q: The app will be running in the Kyma environment while the destinations are in Cloud Foundry environment. How these 2 will be connected?
A: The destination service is the “storage”. The actual destination in fact points back into the Kyma cluster.
Q: Why is the HTML5 app deployed separately and not part of kyma runtime?
A: You could in principle do this. But the reason why the tutorial is using the HTML5 repo is that it also manages the integrations into Launchpad and Portal. It is pre-connected already. If you “host” HTML5 apps manually in Kyma, you’d need to configure additional things like CDM and similar.
Q: Are all SAP BTP services available in the Kyma runtim environment? If not, what is the roadmap for reference?
A: The plan is to make all services consumable from any SAP BTP runtime. The choice of runtime should not be based on the available services.
However, at this point in time, some services are not yet available from within Kyma runtime. The roadmap of each individual BTP service will show the respective plan.The “Service Marketplace” of the subaccount lets you filter for the different environments from which the services are consumable.
For more information on the strategy we recommend the TechEd session “Explore the Unified Runtime Strategy for SAP Business Technology Platform (DEV110)”.
Q: Let say I have two service, service1 consumed by UI (i.e. external), and another service2 called from service1 only. Do I need APIs to be configured for service2?
A: No, you don’t need it. Kyma brings a service mesh, which allows internal communication between workloads via TCP/IP including mutual TLS, etc. Hence, you have multiple options.
- you do no further auth in code, but instead you give service1 the mesh authorization to call service 2, or
- you use OAuth as depicted in the tutorial. Many people to just restrict in the mesh.
Additionally please note that Kyma does not expose endpoints to the public internet by default. If you want this (for example for the UI), then you need to do this exactly like Gaurav said: Explicitly by API Rule.
Q: Is there alternative for the postman tool offered by SAP BTP so that we can test in BTP only, instead of using postman?
A: No, not at this point in time.
Q: Some oAuth setups require next to the ‘scope’ parameter also a ‘resource’ parameter (for example when setting up a connection with Azure blobstorage). This is not supported so far in SAP BTP, Kyma runtime?
A: It is currently not supported in Kyma runtime. Nothing planned as present in this regard. If you see a need, please raise an Improvement Request at https://influence.sap.com/sap/ino/#/campaign/2280.
Q: Is there some github repo for similar Java/SpringBoot example?
A: There are several Java sample in the SAP samples repository in GitHub (https://github.com/SAP-samples/kyma-runtime-extension-samples): using Spring Boot as well as Micronaut.
Q: When we say serverless, then how can we create banking application in India, because the server should be physically located in India?
A: SAP BTP, Kyma runtime can be provisioned on AWS in India. See Kyma Cluster Regions. To avoid misunderstandings, serverless does not mean that no physical servers are involved, you just do not have to care about them as we manage them for you.
Q: Can we suggest persistent volume claims (PVCs) for productive scenarios? If a pod gets destroyed, are we still able to access PVC? if not any alternative way available
A: You should be able to use it for all storage purposes. If POD gets destroyed, etc… then the volume will stay and won’t get lost. Always ensure using BTP storage services if you can. Otherwise you have storage management overhead.
Q: Do we have any customer examples where the banking or e-governance applications are created in Kyma runtime?
A: No, not yet. We only have one external reference of Doehler GmbH in Germany.
Q: Is there like a complete flow chart that we can easylly follow for the end to end scenarion for the setup?
A: Here is the scenario described: https://github.com/SAP-samples/teched2021-DEV261
Q: Is there any tool, formula or Grafana query to retrive the average CU consumption of a pod (and replicas) in Kyma Runtime?
A: In your Grafana dashboard in Kyma you have a good set of predefined queries. Look at Kubernetes / Compute Resources /Pods and explore.
Q: When can we get the recording of this session?
A: Recordings of the workshops will be available in mid-December. Lectures are already available for replay on the platform and much of the Channel 1 content is also already available on demand in the various SAP owned YouTube Channels.
Q: Is there guidance when enhancing SAP CX solutions e.g. Sales & Service Cloud, when to use Kyma or SAP Cloud Applications Studio?
A: Especially when you build extensions across several solutions, it is recommended to use a runtime outside of the core application. Furthermore, if you want to use other programming languages than the supported ones by SAP Cloud Applications Studio, Kyma runtime could be the runtime of choice. Besides that, it is really your decision on where to go with your extensions.
Q: Is Kyma suitable for tenant-based extensions for multi-tenancy application? How to manage tenant/customer code?
A: You could use Kyma to create extensions to multi-tenant applications or run multi-tenant applications within Kyma. Here is a Discovery Center Mission to get you started on multi-tenant application on Kyma.
Q: Kyma is an SAP open source, what does it mean for customers?
A: Kyma is an open source project but SAP also has a managed offering – SAP BTP, Kyma Runtime. The open source project allows us to collaborate with the community to improve the platform. The managed offering is fully supported by SAP with specific SLAs.
Q: How can we make use of Terraform?
A: You can use Terraform to deploy your applications and Kubernetes configurations. See this example. This could be one of the possible ways to deploy among others such as “kubectl” and “helm” .
Q: How to estimate the consumption of capacity units of a given pod and related replicas?
A: You can either measure the resource consumption of your deployments and sum this up or limit the resources for deployments to control the cluster size and therefore the runtime size.
If you have more questions, feel free to add them in the comments section, in https://answers.sap.com/index.html, or via issues inside https://github.com/SAP-samples/teched2021-DEV261/issues.