Continental Innovates with Rancher and Kubernetes
Rancher and SAP have been working on a dedicated verification of SAP Data Intelligence 3 (SAP DI) on Rancher Kubernetes Engine (RKE) cluster and Longhorn storage platform. This blog will guide you on how to properly install SAP DI on an RKE cluster.
Learn more about at Installation Guide for SAP Data Intelligence.
First, we need to install an RKE cluster where we’ll install SAP DI.
You can deploy your RKE cluster in two ways:
Note: At the moment, SAP DI supports Kubernetes versions up to 1.15.X (check SAP PAM for K8s version update). Be sure to specify the correct kubernetes_version on your RKE deployment. Learn more in the SAP Note 2871970 (SAP S-user required).
kubernetes_version
In addition to using one of the above methods to install an RKE cluster, we recommend the following best practices for creating the production-ready Kubernetes clusters that will run your apps and services.
We used RKE v1.1.1 to deploy a test RKE cluster. RKE install details are here.
We’ve deployed our RKE cluster on an AWS infrastructure with the following properties:
m5.2xlarge
*.sap-demo.fe.rancher.space
registry.sap-demo.fe.rancher.space
vsystem.sap-demo.fe.rancher.space
Once you’ve deployed your infrastructure, cluster.yaml file has been created and RKE is up.
cluster.yaml
cat << EOF > cluster.yaml nodes: - address: <ELASTIC_IP_1> internal_address: <INTERNAL_IP_1> ssh_key_path: <AWS_KEY_FILE> user: ubuntu role: - controlplane - etcd - worker ssh_key_path: <AWS_KEY_FILE> - address: <ELASTIC_IP_2> internal_address: <INTERNAL_IP_2> user: ubuntu role: - controlplane - etcd - worker ssh_key_path: <AWS_KEY_FILE> - address: <ELASTIC_IP_3> internal_address: <INTERNAL_IP_3> user: ubuntu role: - controlplane - etcd - worker ssh_key_path: <AWS_KEY_FILE> kubernetes_version = "v1.15.11-rancher1-3" EOF rke up --config cluster.yaml
Once RKE finishes cluster deployment, kubeconfig will be generated on the current directory.
Note: Don’t use this example in a production environment. Overlapped planes are not recommended for production environments. Get more information about provisioning Kubernetes in a production cluster.
Take care of the following SAP DI prerequisites before install.
There are a couple of optional features that will require S3 compatible storage:
You need to define a default storageClass on your RKE cluster for SAP DI to work properly. SAP DI services should be able to generate a PersistentVolume PV and a PVC on your RKE cluster.
SAP DI installation has been tested on two distinct default storageClasses:
local_path
kubectl apply -f https://raw.githubusercontent.com/rancher/local-path-provisioner/master/deploy/local-path-storage.yaml
kubectl patch storageclass local-path -p '{"metadata": {"annotations":{"storageclass.kubernetes.io/is-default-class":"true"}}}'
If you are planning to use any optional features that require S3 compatible storage, we tested these S3 backends successfully:
More info at storage infrastructure requirements (SAP S-user required).
To manage TLS certificates for the installation, we’ve decided to install cert-manager into the RKE cluster. TLS certificates are required to access container registry and SAP DI portal once installed.
kubectl -n cert-manager apply -f https://github.com/jetstack/cert-manager/releases/download/v0.14.3/cert-manager.crds.yaml helm repo add jetstack https://charts.jetstack.io helm install --name cert-manager --namespace cert-manager --version v0.14.3 jetstack/cert-manager
Learn more about using self-signed certs.
SAP DI requires a container registry in order to mirror SAP Docker images. You need at least 60GB of free storage to fit all the Docker images. If you already have one Docker registry up and running, please jump to the next section.
To automate the TLS management, we’ll deploy a cert-manager issuer using letsencrypt integration. That allows Kubernetes to manage letsencrypt certificates automatically. This can be replaced by other kinds of certificates.
# Create issuer acme on kube-system cat << EOF > docker-registry-issuer.yaml apiVersion: cert-manager.io/v1alpha2 kind: Issuer metadata: name: letsencrypt-prod labels: app: "docker-registry" spec: acme: server: https://acme-v02.api.letsencrypt.org/directory email: test@sap.io privateKeySecretRef: name: letsencrypt-prod-key solvers: - http01: ingress: class: nginx kubectl -n kube-system apply -f docker-registry-issuer.yaml
Install docker-registry from helm chart, exposing and securizing it by ingress registry.sap-demo.fe.rancher.space
# Install docker-registry helm install docker-registry stable/docker-registry --namespace default \ --set ingress.enabled=true \ --set ingress.hosts[0]=registry.sap-demo.fe.rancher.space \ --set ingress.annotations.nginx\\.ingress\\.kubernetes\\.io/proxy-body-size="0" \ --set ingress.annotations.cert-manager\\.io/issuer=letsencrypt-prod \ --set ingress.annotations.cert-manager\\.io/issuer-kind=Issuer \ --set ingress.tls[0].secretName=tls-docker-registry-letsencrypt,ingress.tls[0].hosts[0]=registry.sap-demo.fe.rancher.space
See the full SAP DI installing guide for details.
Follow this procedure to install SL Container Bridge.
There are 3 installation options available:
SAP DATA INTELLIGENCE 3 - DI - Platform
SAP DATA INTELLIGENCE 3 - DI - Platform extended
SAP DATA INTELLIGENCE 3 - DI - Platform full Bridge
Once the installation option is selected, save the generated MPStack*.xml file.
Note: We chose SAP DATA INTELLIGENCE 3 - DI - Platform full Bridge for the example.
SAP SL Container Bridge (SLCB) is required to install SAP DI. Download SLCB software:
# downloaded proper version from SAP https://launchpad.support.sap.com/#/softwarecenter/search/SLCB mv SLCB01_<PL>-70003322.EXE /usr/local/bin/slcb
Once you’ve downloaded SLCB, deploy it on your RKE cluster. RKE cluster kubeconfig file is required:
export KUBECONFIG=<KUBECONFIG_FILE> slcb init # select advance config and set nodePort on installation
Note: If you are doing an airgap installation, please follow these instructions.
Once SLCB is deployed, it’s time to deploy SAP DI. To do that, you need a generated MP_Stack_*.xml file and Kubernetes slcbridgebase-service service information:
MP_Stack_*.xml
slcbridgebase-service
# Get slcbridgebase-service info, NODE_IP:NODE_PORT kubectl -n sap-slcbridge get service slcbridgebase-service # Execute slcb with proper arguments slcb execute --useStackXML software/MP_Stack_2000913929_20200513_.xml --url https://NODE_IP:NODE_PORT/docs/index.html # Choose option `3: - SAP DATA INTELLIGENCE 3 - DI - Platform full Bridge`
Note: As an option, SLCB could be executed from MP in web mode following these instructions. Service slcbridgebase-service should be exposed to the internet.
Installation parameters (used as example):
sap
sXXXXXXXXX
XXXXXXXX
rancher
Once SLCB execution is finished, check that everything is running on the SAP DI namespace:
kubectl -n sap get all NAME READY STATUS RESTARTS AGE pod/auditlog-668f6b84f6-rwt29 2/2 Running 0 7m4s pod/axino-service-02e00cde77282688e99304-7fdfff5579-lwjfn 2/2 Running 0 2m44s pod/datahub-app-database-4d39c65296aa257d23a3fd-69fc6fbd4c-bm4b7 2/2 Running 0 3m14s pod/datahub.post-actions.validations.validate-secrets-migratiosrtdg 0/1 Completed 0 59s pod/datahub.post-actions.validations.validate-vflow-xmdhk 1/1 Running 0 56s pod/datahub.post-actions.validations.validate-vsystem-xhkws 0/1 Completed 0 62s pod/datahub.voracluster-start-fd7052-94007e-kjxml 0/1 Completed 0 5m26s pod/datahub.vsystem-import-cert-connman-a12456-7283f8-xcxhb 0/1 Completed 0 3m8s pod/datahub.vsystem-start-f7c2f5-109b76-zjwnk 0/1 Completed 0 2m53s pod/diagnostics-elasticsearch-0 2/2 Running 0 8m31s pod/diagnostics-fluentd-cfl6g 1/1 Running 0 8m31s pod/diagnostics-fluentd-fhv7q 1/1 Running 0 8m31s pod/diagnostics-fluentd-jsw42 1/1 Running 0 8m31s pod/diagnostics-grafana-7cbc8d768c-6c74g 2/2 Running 0 8m31s pod/diagnostics-kibana-7d96b5fc8c-cd6gc 2/2 Running 0 8m31s pod/diagnostics-prometheus-kube-state-metrics-5fc759cf-8c9w4 1/1 Running 0 8m31s pod/diagnostics-prometheus-node-exporter-b8glf 1/1 Running 0 8m31s pod/diagnostics-prometheus-node-exporter-bn2zt 1/1 Running 0 8m31s pod/diagnostics-prometheus-node-exporter-xsm9p 1/1 Running 0 8m31s pod/diagnostics-prometheus-pushgateway-7d9b696765-mh787 2/2 Running 0 8m31s pod/diagnostics-prometheus-server-0 1/1 Running 0 8m31s pod/hana-0 2/2 Running 0 8m22s pod/internal-comm-secret-gen-xfkbr 0/1 Completed 0 6m4s pod/pipeline-modeler-84f240cee31f78c4331c50-6887885545-qfdx8 1/2 Running 0 29s pod/solution-reconcile-automl-3.0.19-h884g 0/1 Completed 0 4m16s pod/solution-reconcile-code-server-3.0.19-s84lp 0/1 Completed 0 4m32s pod/solution-reconcile-data-tools-ui-3.0.19-d8f5d 0/1 Completed 0 4m26s pod/solution-reconcile-dsp-content-solution-pa-3.0.19-2fvf4 0/1 Completed 0 4m32s pod/solution-reconcile-dsp-git-server-3.0.19-ff9z5 0/1 Completed 0 4m22s pod/solution-reconcile-installer-certificates-3.0.19-bhznp 0/1 Completed 0 4m21s pod/solution-reconcile-installer-configuration-3.0.19-92nfl 0/1 Completed 0 4m16s pod/solution-reconcile-jupyter-3.0.19-8dmd8 0/1 Completed 0 4m30s pod/solution-reconcile-license-manager-3.0.19-khdfl 0/1 Completed 0 4m30s pod/solution-reconcile-metrics-explorer-3.0.19-2kpv9 0/1 Completed 0 4m28s pod/solution-reconcile-ml-api-3.0.19-c9nrk 0/1 Completed 0 4m18s pod/solution-reconcile-ml-deployment-api-3.0.19-7xpp6 0/1 Completed 0 4m22s pod/solution-reconcile-ml-deployment-api-tenant-handler-3.0.19zrj74 0/1 Completed 0 4m27s pod/solution-reconcile-ml-dm-api-3.0.19-bfwgd 0/1 Completed 0 4m32s pod/solution-reconcile-ml-dm-app-3.0.19-whdf4 0/1 Completed 0 4m15s pod/solution-reconcile-ml-scenario-manager-3.0.19-mx5nf 0/1 Completed 0 4m21s pod/solution-reconcile-ml-tracking-3.0.19-tsjhq 0/1 Completed 0 4m32s pod/solution-reconcile-resourceplan-service-3.0.19-pddv6 0/1 Completed 0 4m20s pod/solution-reconcile-training-service-3.0.19-vrsn7 0/1 Completed 0 4m32s pod/solution-reconcile-vora-tools-3.0.19-cnsb8 0/1 Completed 0 4m23s pod/solution-reconcile-vrelease-appmanagement-3.0.19-xhpq9 0/1 Completed 0 4m30s pod/solution-reconcile-vrelease-delivery-di-3.0.19-pzxf6 0/1 Completed 0 4m16s pod/solution-reconcile-vrelease-diagnostics-3.0.19-mz56b 0/1 Completed 0 4m21s pod/solution-reconcile-vsolution-app-base-3.0.19-fmml5 0/1 Completed 0 4m23s pod/solution-reconcile-vsolution-app-base-db-3.0.19-cq52t 0/1 Completed 0 4m24s pod/solution-reconcile-vsolution-app-data-3.0.19-svq4z 0/1 Completed 0 4m26s pod/solution-reconcile-vsolution-dh-flowagent-3.0.19-ntlnx 0/1 Completed 0 4m33s pod/solution-reconcile-vsolution-dsp-core-operators-3.0.19-bx2vx 0/1 Completed 0 4m26s pod/solution-reconcile-vsolution-shared-ui-3.0.19-bprsp 0/1 Completed 0 4m30s pod/solution-reconcile-vsolution-vsystem-ui-3.0.19-vjx7d 0/1 Completed 0 4m26s pod/spark-master-5d4567d976-bj27f 1/1 Running 0 8m28s pod/spark-worker-0 2/2 Running 0 8m28s pod/spark-worker-1 2/2 Running 0 8m18s pod/storagegateway-665c66599c-vlslw 2/2 Running 0 6m53s pod/strategy-reconcile-sdi-rancher-extension-strategy-3.0.19-d2lzm 0/1 Completed 0 3m42s pod/strategy-reconcile-sdi-system-extension-strategy-3.0.19-5xf8m 0/1 Completed 0 3m51s pod/strategy-reconcile-strat-rancher-3.0.19-3.0.19-7lzgb 0/1 Completed 0 3m49s pod/strategy-reconcile-strat-system-3.0.19-3.0.19-6xxwj 0/1 Completed 0 4m3s pod/tenant-reconcile-rancher-3.0.19-wg5mc 0/1 Completed 0 3m37s pod/tenant-reconcile-system-3.0.19-hjlr8 0/1 Completed 0 3m42s pod/uaa-69f5f554b6-5xvsn 2/2 Running 0 6m41s pod/vflow-build-vrep-vflow-dockerfiles-com-sap-sles-basetxf4j 1/1 Running 0 21s pod/vora-catalog-9c8dc9698-sw95m 2/2 Running 0 2m36s pod/vora-config-init-knpdg 0/2 Completed 0 3m36s pod/vora-deployment-operator-5d86445f77-n5ss7 1/1 Running 0 5m38s pod/vora-disk-0 2/2 Running 0 2m36s pod/vora-dlog-0 2/2 Running 0 5m37s pod/vora-dlog-admin-vmdnp 0/2 Completed 0 4m36s pod/vora-landscape-84b9945bc6-rnvmd 2/2 Running 0 2m36s pod/vora-nats-streaming-594779b867-4gh6z 1/1 Running 0 6m4s pod/vora-relational-79969dbd8f-ct2c7 2/2 Running 0 2m36s pod/vora-security-operator-79dc4546d-7zdhf 1/1 Running 0 9m35s pod/vora-textanalysis-68dbf78ff5-kh5zx 1/1 Running 0 9m46s pod/vora-tx-broker-9f87bc658-qg6pn 2/2 Running 0 2m36s pod/vora-tx-coordinator-7bb7d8dd95-vd925 2/2 Running 0 2m36s pod/voraadapter-5945e67c3b994f63be463c-5ffb75bfb4-dzc68 2/2 Running 0 3m9s pod/voraadapter-b314f02c87f2ce620db952-74b45f6c44-68r25 2/2 Running 0 2m43s pod/vsystem-796cf899d-c5kfg 2/2 Running 1 6m4s pod/vsystem-module-loader-72fbr 1/1 Running 0 6m4s pod/vsystem-module-loader-bgh8m 1/1 Running 0 6m4s pod/vsystem-module-loader-xlvx2 1/1 Running 0 6m4s pod/vsystem-vrep-0 2/2 Running 0 6m4s NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE service/app-svc-pipeline-modeler-84f240cee31f78c4331c50 ClusterIP 10.43.16.248 <none> 8090/TCP 29s service/auditlog ClusterIP 10.43.96.131 <none> 3030/TCP 7m4s service/axino-911b92c395d64f1e84ad03 ClusterIP 10.43.104.18 <none> 6090/TCP 2m44s service/datahub-app-db-ecfb1cadeef44090be9d86 ClusterIP 10.43.177.249 <none> 3000/TCP 3m14s service/diagnostics-elasticsearch ClusterIP 10.43.45.202 <none> 9200/TCP 8m31s service/diagnostics-elasticsearch-discovery ClusterIP None <none> 9300/TCP 8m31s service/diagnostics-grafana ClusterIP 10.43.115.112 <none> 80/TCP 8m31s service/diagnostics-kibana ClusterIP 10.43.60.29 <none> 80/TCP 8m31s service/diagnostics-prometheus-kube-state-metrics ClusterIP 10.43.88.199 <none> 8080/TCP 8m31s service/diagnostics-prometheus-node-exporter ClusterIP 10.43.101.42 <none> 9100/TCP 8m31s service/diagnostics-prometheus-pushgateway ClusterIP 10.43.176.63 <none> 80/TCP 8m31s service/diagnostics-prometheus-server ClusterIP 10.43.160.10 <none> 9090/TCP 8m31s service/hana-service ClusterIP 10.43.80.232 <none> 30017/TCP 8m22s service/hana-service-metrics ClusterIP 10.43.132.213 <none> 9103/TCP 8m22s service/nats-streaming ClusterIP 10.43.208.229 <none> 8222/TCP,4222/TCP 6m4s service/spark-master-24 ClusterIP 10.43.82.12 <none> 7077/TCP,6066/TCP,8080/TCP 8m28s service/spark-workers ClusterIP 10.43.11.215 <none> 8081/TCP 8m28s service/storagegateway ClusterIP 10.43.130.210 <none> 14000/TCP 6m53s service/storagegateway-hazelcast ClusterIP None <none> 5701/TCP 6m53s service/uaa ClusterIP 10.43.130.144 <none> 8080/TCP 6m41s service/vora-catalog ClusterIP 10.43.154.31 <none> 10002/TCP 2m36s service/vora-dlog ClusterIP 10.43.77.6 <none> 8700/TCP 5m37s service/vora-prometheus-pushgateway ClusterIP 10.43.59.201 <none> 80/TCP 8m31s service/vora-textanalysis ClusterIP 10.43.66.139 <none> 10002/TCP 9m46s service/vora-tx-coordinator ClusterIP 10.43.22.225 <none> 10002/TCP 2m36s service/vora-tx-coordinator-ext ClusterIP 10.43.26.8 <none> 10004/TCP,30115/TCP 2m36s service/voraadapter-8e24c0d37ff84eedb6845f ClusterIP 10.43.212.168 <none> 8080/TCP 2m43s service/voraadapter-9e59e082a782489080c834 ClusterIP 10.43.82.121 <none> 8080/TCP 3m9s service/vsystem ClusterIP 10.43.11.216 <none> 8797/TCP,8125/TCP,8791/TCP 6m4s service/vsystem-auth ClusterIP 10.43.199.56 <none> 2884/TCP 6m4s service/vsystem-internal ClusterIP 10.43.123.42 <none> 8796/TCP 6m4s service/vsystem-scheduler-internal ClusterIP 10.43.151.190 <none> 7243/TCP 6m4s service/vsystem-vrep ClusterIP 10.43.75.159 <none> 8737/TCP,8738/TCP,8736/TCP,2049/TCP,111/TCP,8125/TCP 6m4s NAME DESIRED CURRENT READY UP-TO-DATE AVAILABLE NODE SELECTOR AGE daemonset.apps/diagnostics-fluentd 3 3 3 3 3 <none> 8m31s daemonset.apps/diagnostics-prometheus-node-exporter 3 3 3 3 3 <none> 8m31s daemonset.apps/vsystem-module-loader 3 3 3 3 3 <none> 6m4s NAME READY UP-TO-DATE AVAILABLE AGE deployment.apps/auditlog 1/1 1 1 7m4s deployment.apps/axino-service-02e00cde77282688e99304 1/1 1 1 2m44s deployment.apps/datahub-app-database-4d39c65296aa257d23a3fd 1/1 1 1 3m14s deployment.apps/diagnostics-grafana 1/1 1 1 8m31s deployment.apps/diagnostics-kibana 1/1 1 1 8m31s deployment.apps/diagnostics-prometheus-kube-state-metrics 1/1 1 1 8m31s deployment.apps/diagnostics-prometheus-pushgateway 1/1 1 1 8m31s deployment.apps/pipeline-modeler-84f240cee31f78c4331c50 0/1 1 0 29s deployment.apps/spark-master 1/1 1 1 8m28s deployment.apps/storagegateway 1/1 1 1 6m53s deployment.apps/uaa 1/1 1 1 6m41s deployment.apps/vora-catalog 1/1 1 1 2m36s deployment.apps/vora-deployment-operator 1/1 1 1 5m38s deployment.apps/vora-landscape 1/1 1 1 2m36s deployment.apps/vora-nats-streaming 1/1 1 1 6m4s deployment.apps/vora-relational 1/1 1 1 2m36s deployment.apps/vora-security-operator 1/1 1 1 9m35s deployment.apps/vora-textanalysis 1/1 1 1 9m46s deployment.apps/vora-tx-broker 1/1 1 1 2m36s deployment.apps/vora-tx-coordinator 1/1 1 1 2m36s deployment.apps/voraadapter-5945e67c3b994f63be463c 1/1 1 1 3m9s deployment.apps/voraadapter-b314f02c87f2ce620db952 1/1 1 1 2m43s deployment.apps/vsystem 1/1 1 1 6m4s NAME DESIRED CURRENT READY AGE replicaset.apps/auditlog-668f6b84f6 1 1 1 7m4s replicaset.apps/axino-service-02e00cde77282688e99304-7fdfff5579 1 1 1 2m44s replicaset.apps/datahub-app-database-4d39c65296aa257d23a3fd-69fc6fbd4c 1 1 1 3m14s replicaset.apps/diagnostics-grafana-7cbc8d768c 1 1 1 8m31s replicaset.apps/diagnostics-kibana-7d96b5fc8c 1 1 1 8m31s replicaset.apps/diagnostics-prometheus-kube-state-metrics-5fc759cf 1 1 1 8m31s replicaset.apps/diagnostics-prometheus-pushgateway-7d9b696765 1 1 1 8m31s replicaset.apps/pipeline-modeler-84f240cee31f78c4331c50-6887885545 1 1 0 29s replicaset.apps/spark-master-5d4567d976 1 1 1 8m28s replicaset.apps/storagegateway-665c66599c 1 1 1 6m53s replicaset.apps/uaa-69f5f554b6 1 1 1 6m41s replicaset.apps/vora-catalog-9c8dc9698 1 1 1 2m36s replicaset.apps/vora-deployment-operator-5d86445f77 1 1 1 5m38s replicaset.apps/vora-landscape-84b9945bc6 1 1 1 2m36s replicaset.apps/vora-nats-streaming-594779b867 1 1 1 6m4s replicaset.apps/vora-relational-79969dbd8f 1 1 1 2m36s replicaset.apps/vora-security-operator-79dc4546d 1 1 1 9m35s replicaset.apps/vora-textanalysis-68dbf78ff5 1 1 1 9m46s replicaset.apps/vora-tx-broker-9f87bc658 1 1 1 2m36s replicaset.apps/vora-tx-coordinator-7bb7d8dd95 1 1 1 2m36s replicaset.apps/voraadapter-5945e67c3b994f63be463c-5ffb75bfb4 1 1 1 3m9s replicaset.apps/voraadapter-b314f02c87f2ce620db952-74b45f6c44 1 1 1 2m43s replicaset.apps/vsystem-796cf899d 1 1 1 6m4s NAME READY AGE statefulset.apps/diagnostics-elasticsearch 1/1 8m31s statefulset.apps/diagnostics-prometheus-server 1/1 8m31s statefulset.apps/hana 1/1 8m22s statefulset.apps/spark-worker 2/2 8m28s statefulset.apps/vora-disk 1/1 2m36s statefulset.apps/vora-dlog 1/1 5m37s statefulset.apps/vsystem-vrep 1/1 6m4s NAME REFERENCE TARGETS MINPODS MAXPODS REPLICAS AGE horizontalpodautoscaler.autoscaling/spark-worker-hpa StatefulSet/spark-worker <unknown>/50% 2 10 2 8m28s NAME COMPLETIONS DURATION AGE job.batch/datahub.post-actions.validations.validate-secrets-migration 1/1 2s 59s job.batch/datahub.post-actions.validations.validate-vflow 0/1 56s 56s job.batch/datahub.post-actions.validations.validate-vsystem 1/1 2s 62s job.batch/datahub.voracluster-start-fd7052-94007e 1/1 2s 5m26s job.batch/datahub.vsystem-import-cert-connman-a12456-7283f8 1/1 2s 3m8s job.batch/datahub.vsystem-start-f7c2f5-109b76 1/1 2s 2m53s job.batch/internal-comm-secret-gen 1/1 6s 6m4s job.batch/solution-reconcile-automl-3.0.19 1/1 2s 4m16s job.batch/solution-reconcile-code-server-3.0.19 1/1 2s 4m32s job.batch/solution-reconcile-data-tools-ui-3.0.19 1/1 4s 4m26s job.batch/solution-reconcile-dsp-content-solution-pa-3.0.19 1/1 4s 4m32s job.batch/solution-reconcile-dsp-git-server-3.0.19 1/1 3s 4m22s job.batch/solution-reconcile-installer-certificates-3.0.19 1/1 6s 4m21s job.batch/solution-reconcile-installer-configuration-3.0.19 1/1 3s 4m16s job.batch/solution-reconcile-jupyter-3.0.19 1/1 3s 4m30s job.batch/solution-reconcile-license-manager-3.0.19 1/1 3s 4m30s job.batch/solution-reconcile-metrics-explorer-3.0.19 1/1 3s 4m28s job.batch/solution-reconcile-ml-api-3.0.19 1/1 1s 4m18s job.batch/solution-reconcile-ml-deployment-api-3.0.19 1/1 4s 4m22s job.batch/solution-reconcile-ml-deployment-api-tenant-handler-3.0.19 1/1 2s 4m27s job.batch/solution-reconcile-ml-dm-api-3.0.19 1/1 2s 4m32s job.batch/solution-reconcile-ml-dm-app-3.0.19 1/1 1s 4m15s job.batch/solution-reconcile-ml-scenario-manager-3.0.19 1/1 6s 4m21s job.batch/solution-reconcile-ml-tracking-3.0.19 1/1 2s 4m32s job.batch/solution-reconcile-resourceplan-service-3.0.19 1/1 4s 4m20s job.batch/solution-reconcile-training-service-3.0.19 1/1 4s 4m32s job.batch/solution-reconcile-vora-tools-3.0.19 1/1 1s 4m23s job.batch/solution-reconcile-vrelease-appmanagement-3.0.19 1/1 2s 4m30s job.batch/solution-reconcile-vrelease-delivery-di-3.0.19 1/1 23s 4m16s job.batch/solution-reconcile-vrelease-diagnostics-3.0.19 1/1 1s 4m21s job.batch/solution-reconcile-vsolution-app-base-3.0.19 1/1 3s 4m23s job.batch/solution-reconcile-vsolution-app-base-db-3.0.19 1/1 4s 4m24s job.batch/solution-reconcile-vsolution-app-data-3.0.19 1/1 4s 4m26s job.batch/solution-reconcile-vsolution-dh-flowagent-3.0.19 1/1 3s 4m33s job.batch/solution-reconcile-vsolution-dsp-core-operators-3.0.19 1/1 5s 4m26s job.batch/solution-reconcile-vsolution-shared-ui-3.0.19 1/1 3s 4m30s job.batch/solution-reconcile-vsolution-vsystem-ui-3.0.19 1/1 5s 4m26s job.batch/strategy-reconcile-sdi-rancher-extension-strategy-3.0.19 1/1 1s 3m42s job.batch/strategy-reconcile-sdi-system-extension-strategy-3.0.19 1/1 2s 3m51s job.batch/strategy-reconcile-strat-rancher-3.0.19-3.0.19 1/1 1s 3m49s job.batch/strategy-reconcile-strat-system-3.0.19-3.0.19 1/1 2s 4m3s job.batch/tenant-reconcile-rancher-3.0.19 1/1 29s 3m37s job.batch/tenant-reconcile-system-3.0.19 1/1 3s 3m42s job.batch/vora-config-init 1/1 18s 3m36s job.batch/vora-dlog-admin 1/1 18s 4m36s NAME SCHEDULE SUSPEND ACTIVE LAST SCHEDULE AGE cronjob.batch/auditlog-retention 0 0 * * * False 0 <none> 7m4s
Now that our SAP DI deployment is up and running, let’s check that installation and all provided web portals are working properly. Find more information at Post-Installation Configuration of SAP DI.
By default, the SAP DI System Management portal is not exposed. In the example, we are using Ingress to expose and secure it. Learn more at Expose SAP DI System Management.
# Create issuer acme on sap namespace cat << EOF > sap-di-vsystem-issuer.yaml apiVersion: cert-manager.io/v1alpha2 kind: Issuer metadata: name: letsencrypt-prod labels: app: "sap-di-vsystem" spec: acme: server: https://acme-v02.api.letsencrypt.org/directory email: test@sap.io privateKeySecretRef: name: letsencrypt-prod-key solvers: - http01: ingress: class: nginx EOF kubectl -n sap apply -f sap-di-vsystem-issuer.yaml
# Create vsystem ingress cat << EOF > sap-di-vsystem-ingress.yaml apiVersion: extensions/v1beta1 kind: Ingress metadata: annotations: kubernetes.io/ingress.class: nginx nginx.ingress.kubernetes.io/force-ssl-redirect: "true" nginx.ingress.kubernetes.io/secure-backends: "true" nginx.ingress.kubernetes.io/backend-protocol: HTTPS nginx.ingress.kubernetes.io/proxy-body-size: "0" nginx.ingress.kubernetes.io/proxy-buffer-size: 16k nginx.ingress.kubernetes.io/proxy-connect-timeout: "30" nginx.ingress.kubernetes.io/proxy-read-timeout: "1800" nginx.ingress.kubernetes.io/proxy-send-timeout: "1800" cert-manager.io/issuer: "letsencrypt-prod" cert-manager.io/issuer-kind: Issuer name: vsystem spec: rules: - host: vsystem.sap-demo.fe.rancher.space http: paths: - backend: serviceName: vsystem servicePort: 8797 path: / tls: - hosts: - vsystem.sap-demo.fe.rancher.space secretName: tls-vsystem-letsencrypt EOF kubectl -n sap apply -f sap-di-vsystem-ingress.yaml
Cert-manager issuer needs a few minutes to generate the TLS letsencrypt certificate. Once the TLS certificate is ready, vsystem service should be available at https://vsystem.sap-demo.fe.rancher.space
https://vsystem.sap-demo.fe.rancher.space
More info at Testing Your Installation
Rancher and SAP have been working on RKE and Longhorn validation as a supported Kubernetes distribution and storage platform to deploy SAP DI in production.
Validation is not complete – it’s around 90 percent. The item that is not complete is:
In this blog, we showed you how to install SAP DI software with common options. However, we did not cover all of them. Please refer to SAP documentation to learn more: