Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

One-click-configuration updated with nodeport notice for local installation #600

Merged
merged 5 commits into from
Sep 10, 2018
Merged

One-click-configuration updated with nodeport notice for local installation #600

Changes from all commits
Commits
Show all changes
5 commits
Select commit Hold shift + click to select a range
cfcf6ea
one-click-configuration updated with nodeport notice for local instal…
Sep 10, 2018
3273807
formatting
Sep 10, 2018
dd5692c
formatting fix
Sep 10, 2018
ec1ae97
Formatting fix
Sep 10, 2018
feadb2b
Update 015-details-one-click-configuration.md
Sep 10, 2018
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
101 changes: 57 additions & 44 deletions docs/application-connector/docs/015-details-one-click-configuration.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -3,11 +3,11 @@ title: Automatic connection configuration
type: Details
---

Kyma Application Connector allows to authenticate and securely communicate with different systems. Kyma provides an easy way to set up these external solutions with the mechanism for automatic connection configuration.
Kyma Application Connector allows to authenticate and securely communicate with different external solutions. Kyma provides an easy way to set up such connection through the automatic connection configuration mechanism.

## Flow description

The automatic configuration flow is presented in this diagram:
The automatic connection configuration flow is presented in this diagram:
![Automatic Configuration Flow](./assets/002-automatic-configuration.png)

This example assumes that a new Remote Environment intended to connect the external solution already exists and is in the `disconnected` state, which means that there are no external solutions connected to it.
Expand All @@ -27,34 +27,47 @@ Follow these steps to configure the automatic connection between the Kyma Applic

1. Get the configuration address URL with a valid token.

Using the UI:

- Go to the Kyma console UI.
- Select **Administration**.
- Select the **Remote Environments** from the **Integration** section.
- Choose the Remote Environment to which you want to connect the external solution.
- Click **Connect Remote Environment**.
- Copy the token by clicking **Copy to clipboard**.

Alternatively, get the configuration URL with a valid token using `kubectl port-forward` or `kubectl proxy`.

- Request:

First, run:
```
kubectl -n=kyma-integration port-forward svc/connector-service-internal-api 8080:8080
```
Send the request in a new terminal window:
```
curl -X POST http://localhost:8080/v1/remoteenvironments/{remote-environment-name}/tokens
```
- Response:
```json
{
"url":"{CONFIGURATION_URL_WITH_TOKEN}",
"token":"example-token-123"
}
```
Using the UI:

- Go to the Kyma console UI.
- Select **Administration**.
- Select the **Remote Environments** from the **Integration** section.
- Choose the Remote Environment to which you want to connect the external solution.
- Click **Connect Remote Environment**.
- Copy the token by clicking **Copy to clipboard**.

Alternatively, get the configuration URL with a valid token using `kubectl port-forward` or `kubectl proxy`.

- Request:

First, run:
```
kubectl -n=kyma-integration port-forward svc/connector-service-internal-api 8080:8080
```
Send the request in a new terminal window:
```
curl -X POST http://localhost:8080/v1/remoteenvironments/{remote-environment-name}/tokens
```
- Response:
```json
{
"url":"{CONFIGURATION_URL_WITH_TOKEN}",
"token":"example-token-123"
}
```
When you connect an external solution to a local Kyma deployment, you must set the NodePort of the `core-nginx-ingress-controller` for the Gateway Service and for the Event Service.

- To get the NodePort, run:
```
kubectl -n kyma-system get svc core-nginx-ingress-controller -o 'jsonpath={.spec.ports[?(@.port==443)].nodePort}'
```
- Set it for the Gateway Service and the Event Service using these calls:
```
curl https://gateway.kyma.local:{NODE_PORT}/ec-default/v1/metadata/services --cert ec-default.crt --key ec-default.key -k
```
```
curl https://gateway.kyma.local:{NODE_PORT}/ec-default/v1/ec-default/v1/events --cert ec-default.crt --key ec-default.key -k
```

2. Use the provided link to fetch information about the Kyma URLs and CSR configuration.

Expand Down Expand Up @@ -83,25 +96,25 @@ Alternatively, get the configuration URL with a valid token using `kubectl port-

3. Use values received in the `certificate.subject` field to create a CSR.

```
openssl req -new -out test.csr -key ec-default.key -subj "/OU=OrgUnit/O=Organization/L=Waldorf/ST=Waldorf/C=DE/CN=ec-default"
```
```
openssl req -new -out test.csr -key ec-default.key -subj "/OU=OrgUnit/O=Organization/L=Waldorf/ST=Waldorf/C=DE/CN=ec-default"
```

After the CSR is ready, make the following call:
After you create the CSR, make the following call:

- Request:
- Request:

```
curl -H "Content-Type: application/json" -d '{"csr":"BASE64_ENCODED_CSR_HERE"}' https://connector-service.CLUSTER_NAME.kyma.cluster.cx/v1/remoteenvironments/{remote-environment-name}/client-certs?token=example-token-456
```
```
curl -H "Content-Type: application/json" -d '{"csr":"BASE64_ENCODED_CSR_HERE"}' https://connector-service.CLUSTER_NAME.kyma.cluster.cx/v1/remoteenvironments/{remote-environment-name}/client-certs?token=example-token-456
```

- Response:
- Response:

```
{
"crt":"BASE64_ENCODED_CRT"
}
```
```
{
"crt":"BASE64_ENCODED_CRT"
}
```

4. The `crt` field contains a valid base64-encoded PEM block of a certificate signed by the Kyma CA.

Expand Down