SAP Edge Integration Cell (EIC) - External Services

Important

Support Disclaimer: Red Hat does not provide support for the PostgreSQL/Redis/Valkey services configured through this repository. Support is available directly from the respective vendors:

• PostgreSQL: Crunchy Data
• Redis: Redis Labs
• Valkey: Valkey.io (community-supported)

This repository is intended for testing purposes only. The configurations and scripts are designed for test validation scenarios and are not recommended for production use.

This repository provides tooling for deploying external services (PostgreSQL, Redis, Valkey) for SAP Edge Integration Cell (EIC) on OpenShift Container Platform.

Table of Contents

• Overview
• Prerequisites
• External Services Setup
  • Databases
    • PostgreSQL
  • Datastores
    • Redis
    • Valkey
      • Standalone Mode
      • Cluster Mode
• GitOps with Argo CD
• Automated Deployment Scripts
• Operations Documentation
• License

For CI/CD pipeline documentation, see .tekton/README.md

Overview

This repository provides scripts and procedures for setting up test validation external services for SAP EIC on the OpenShift Container Platform (OCP). The services covered include:

Databases:

• PostgreSQL (via Crunchy Data Operator)

Datastores:

• Redis (via Redis Enterprise Operator)
• Valkey (via Red Hat Helm Charts)

Note: These services are optional. If you don't enable or configure external database/datastore during the SAP EIC installation, EIC will automatically deploy self-contained pods within its own service namespace.

Prerequisites

• Access to an OpenShift Container Platform cluster using an account with cluster-admin permissions
• Installed command line tools: oc, jq, git
• For GitOps: OpenShift GitOps Operator installed

Shared Storage

When ODF (OpenShift Data Foundation) is installed, set the shared file system parameters as follows:

Property	Settings
Enable Shared File System	yes
Shared File System Storage Class	ocs-storagecluster-cephfs

Additionally, set the ODF ocs-storagecluster-ceph-rbd storage class as default for RWO/RWX Block volumes to meet most block storage requirements for various services running on OpenShift.

External Services Setup

Databases

PostgreSQL

The following steps install the Crunchy Postgres Operator and deploy an external PostgreSQL DB service.

1. Clone the repository:

   git clone https://github.com/redhat-sap/sap-edge.git

2. Create a new project:

   oc new-project sap-eic-external-postgres

3. Apply the OperatorGroup configuration:

   oc apply -f sap-edge/edge-integration-cell/postgres-operator/operatorgroup.yaml

4. Apply the Subscription configuration:

   oc apply -f sap-edge/edge-integration-cell/postgres-operator/subscription.yaml

5. Wait for the Postgres operator to be ready:

   bash sap-edge/edge-integration-cell/external-postgres/wait_for_postgres_operator_ready.sh

6. Create a PostgresCluster:

   oc apply -f sap-edge/edge-integration-cell/external-postgres/postgrescluster-v15.yaml

   • For other versions, replace v15 with v16 or v17.
7. Wait for Crunchy Postgres to be ready:

   bash sap-edge/edge-integration-cell/external-postgres/wait_for_postgres_ready.sh

8. Get access details of Crunchy Postgres:

   bash sap-edge/edge-integration-cell/external-postgres/get_external_postgres_access.sh

After running the above script, you will get the access details of Crunchy Postgres like the following:

• External DB Hostname: hippo-primary.sap-eic-external-postgres.svc
• External DB Port: 5432
• External DB Name: eic
• External DB Username: eic
• External DB Password: xklaieniej12#
• External DB TLS Root Certificate saved to external_postgres_db_tls_root_cert.crt

Please use the provided information to set up the EIC external DB accordingly.

Cleanup PostgreSQL

Option 1: Automated Cleanup (Recommended)

Use the provided cleanup script for comprehensive automated cleanup:

# Interactive cleanup with confirmation
bash sap-edge/edge-integration-cell/cleanup_postgres.sh

# Force cleanup without prompts (for CI/CD)
bash sap-edge/edge-integration-cell/cleanup_postgres.sh --force

# Dry-run to preview what would be deleted
bash sap-edge/edge-integration-cell/cleanup_postgres.sh --dry-run

# Custom namespace cleanup
bash sap-edge/edge-integration-cell/cleanup_postgres.sh --namespace my-postgres-namespace

Option 2: Manual Cleanup

To manually clean up the PostgresCluster:

oc delete postgrescluster eic -n sap-eic-external-postgres
bash sap-edge/edge-integration-cell/external-postgres/wait_for_deletion_of_postgrescluster.sh
oc delete subscription crunchy-postgres-operator -n sap-eic-external-postgres
oc get csv -n sap-eic-external-postgres --no-headers | grep 'postgresoperator' | awk '{print $1}' | xargs -I{} oc delete csv {} -n sap-eic-external-postgres
oc delete namespace sap-eic-external-postgres

Datastores

Redis

The following steps install the Redis Enterprise Operator and deploy an external Redis datastore service.

1. Clone the repository:

   git clone https://github.com/redhat-sap/sap-edge.git

2. Create a new project:

   oc new-project sap-eic-external-redis

3. Apply the OperatorGroup configuration:

   oc apply -f sap-edge/edge-integration-cell/redis-operator/operatorgroup.yaml

4. Apply the Subscription configuration:

   oc apply -f sap-edge/edge-integration-cell/redis-operator/subscription.yaml

5. Apply the Security Context Constraint (SCC):
   • For OpenShift versions 4.16 and later, use

   oc apply -f sap-edge/edge-integration-cell/redis-operator/security_context_constraint_v2.yaml

   • For OpenShift versions earlier than 4.16, use:

   oc apply -f sap-edge/edge-integration-cell/redis-operator/security_context_constraint.yaml

6. Wait for the Redis operator to be ready:

   bash sap-edge/edge-integration-cell/external-redis/wait_for_redis_operator_ready.sh

7. Create a RedisEnterpriseCluster:

   oc apply -f sap-edge/edge-integration-cell/external-redis/redis_enterprise_cluster.yaml

8. Wait for the RedisEnterpriseCluster to be ready:

   bash sap-edge/edge-integration-cell/external-redis/wait_for_rec_running_state.sh

9. Create a RedisEnterpriseDatabase:

   oc apply -f sap-edge/edge-integration-cell/external-redis/redis_enterprise_database.yaml

   • Note: You might need to run the above command several times until it works because the previously created RedisEnterpriseCluster needs some time to enable the admission webhook successfully.
10. Wait for the RedisEnterpriseDatabase to be ready:

    bash sap-edge/edge-integration-cell/external-redis/wait_for_redb_active_status.sh

11. Get access details of Redis:

    bash sap-edge/edge-integration-cell/external-redis/get_redis_access.sh

After running the above script, you will get the access details of Redis like the following:

• External Redis Addresses: redb-headless.sap-eic-external-redis.svc:12117
• External Redis Mode: standalone
• External Redis Username: [leave me blank]
• External Redis Password: XpglWqoR
• External Redis Sentinel Username: [leave me blank]
• External Redis Sentinel Password: [leave me blank]
• External Redis TLS Certificate content saved to external_redis_tls_certificate.pem
• External Redis Server Name: rec.sap-eic-external-redis.svc.cluster.local

Alternatively, you can run the following script to retrieve access details for both Redis and Postgres:

bash sap-edge/edge-integration-cell/get_all_accesses.sh

Cleanup Redis

Option 1: Automated Cleanup

Use the provided cleanup script for comprehensive automated cleanup:

# Interactive cleanup with confirmation (auto-detects OpenShift version)
bash sap-edge/edge-integration-cell/cleanup_redis.sh

# Force cleanup without prompts (for CI/CD)
bash sap-edge/edge-integration-cell/cleanup_redis.sh --force

# Dry-run to preview what would be deleted
bash sap-edge/edge-integration-cell/cleanup_redis.sh --dry-run

# Specify OpenShift version for SCC cleanup
bash sap-edge/edge-integration-cell/cleanup_redis.sh --ocp-version 4.16

# Custom namespace cleanup
bash sap-edge/edge-integration-cell/cleanup_redis.sh --namespace my-redis-namespace

Option 2: Manual Cleanup

To manually clean up the Redis instance:

oc delete redisenterprisedatabase redb -n sap-eic-external-redis
oc delete redisenterprisecluster rec -n sap-eic-external-redis
bash sap-edge/edge-integration-cell/external-redis/wait_for_deletion_of_rec.sh
oc delete subscription redis-enterprise-operator-cert -n sap-eic-external-redis
oc get csv -n sap-eic-external-redis --no-headers | grep 'redis-enterprise-operator' | awk '{print $1}' | xargs -I{} oc delete csv {} -n sap-eic-external-redis
# For OpenShift versions earlier than 4.16
oc delete scc redis-enterprise-scc-v2
# For OpenShift versions 4.16 and later
oc delete scc redis-enterprise-scc
oc delete namespace sap-eic-external-redis

Valkey

Valkey is a Redis-compatible in-memory datastore. For SAP EIC, TLS is always enabled.

Two deployment modes are available:

Mode	Directory	Description
Standalone	external-valkey/	Single Valkey instance. Use when SAP EIC datastore Mode is standalone.
Cluster	external-valkey-cluster/	Redis Cluster mode with hash slot sharding (3+ nodes). Use when SAP EIC datastore Mode is cluster.

Standalone Mode

For detailed deployment instructions, see edge-integration-cell/external-valkey/README.md.

1. Clone the repository:

   git clone https://github.com/redhat-sap/sap-edge.git

2. Deploy Valkey:

   # Deploy with TLS (password optional, default: testp)
   bash sap-edge/edge-integration-cell/external-valkey/deploy_valkey.sh
   
   # Deploy with custom password
   bash sap-edge/edge-integration-cell/external-valkey/deploy_valkey.sh --password <your-password>

3. Get access details for SAP EIC configuration:

   bash sap-edge/edge-integration-cell/external-valkey/get_valkey_access.sh

After running the above script, you will get access details like the following:

• External Valkey Addresses: valkey-0.valkey-headless.sap-eic-external-valkey.svc.cluster.local:6380
• External Valkey Mode: standalone
• External Valkey Username: [leave me blank]
• External Valkey Password: testp
• External Valkey TLS Certificate content saved to valkey_tls_certificate.pem
• External Valkey Server Name: valkey-headless.sap-eic-external-valkey.svc.cluster.local

Cluster Mode

For detailed deployment instructions, see edge-integration-cell/external-valkey-cluster/README.md.

1. Clone the repository:

   git clone https://github.com/redhat-sap/sap-edge.git

2. Deploy Valkey cluster:

   # Deploy with TLS (password optional, default: testp)
   bash sap-edge/edge-integration-cell/external-valkey-cluster/deploy_valkey.sh
   
   # Deploy with custom password
   bash sap-edge/edge-integration-cell/external-valkey-cluster/deploy_valkey.sh --password <your-password>

3. Get access details for SAP EIC configuration:

   bash sap-edge/edge-integration-cell/external-valkey-cluster/get_valkey_access.sh

After running the above script, you will get access details like the following:

• External Valkey Addresses: valkey-0.valkey-headless.sap-eic-external-valkey-cluster.svc.cluster.local:6380,valkey-1.valkey-headless.sap-eic-external-valkey-cluster.svc.cluster.local:6380,valkey-2.valkey-headless.sap-eic-external-valkey-cluster.svc.cluster.local:6380
• External Valkey Mode: cluster
• External Valkey Username: [leave me blank]
• External Valkey Password: testp
• External Valkey TLS Certificate content saved to valkey_tls_certificate.pem
• External Valkey Server Name: valkey-headless.sap-eic-external-valkey-cluster.svc.cluster.local

Cleanup Valkey

# Standalone cleanup
bash sap-edge/edge-integration-cell/external-valkey/cleanup_valkey.sh

# Cluster cleanup
bash sap-edge/edge-integration-cell/external-valkey-cluster/cleanup_valkey.sh

# Force cleanup (no prompts)
bash sap-edge/edge-integration-cell/external-valkey/cleanup_valkey.sh --force
bash sap-edge/edge-integration-cell/external-valkey-cluster/cleanup_valkey.sh --force

GitOps with Argo CD

This project supports automated deployment using Argo CD and a GitOps workflow.

Requirements: OpenShift cluster with OpenShift GitOps Operator installed.

Deploying with Argo CD

1. Apply the parent Argo CD Application:

   oc apply -f edge-integration-cell/sap-eic-external-services-app.yaml

2. Apply the Security Context Constraint for Redis:

   # OpenShift 4.16+
   oc apply -f edge-integration-cell/redis-operator/security_context_constraint_v2.yaml
   # OpenShift < 4.16
   oc apply -f edge-integration-cell/redis-operator/security_context_constraint.yaml

3. Grant Argo CD admin privileges:

   oc apply -f edge-integration-cell/argocd-rbac/argocd-admin-rolebinding-postgres.yaml
   oc apply -f edge-integration-cell/argocd-rbac/argocd-admin-rolebinding-redis.yaml

Argo CD will install the operators and deploy the PostgresCluster and RedisEnterpriseCluster resources.

Automated Deployment Scripts

For convenience, automated deployment scripts are available that simplify the manual steps into single commands.

Deploy All Services

# Interactive deployment
bash edge-integration-cell/deploy_all_external_services.sh

# Force mode (no prompts)
bash edge-integration-cell/deploy_all_external_services.sh --force

# Dry-run to preview
bash edge-integration-cell/deploy_all_external_services.sh --dry-run

Deploy Individual Services

# PostgreSQL only
bash edge-integration-cell/deploy_postgres.sh
bash edge-integration-cell/deploy_postgres.sh --version v16

# Redis only
bash edge-integration-cell/deploy_redis.sh
bash edge-integration-cell/deploy_redis.sh --type ha

Cleanup All Services

# Interactive cleanup
bash edge-integration-cell/cleanup_all_external_services.sh

# Force cleanup
bash edge-integration-cell/cleanup_all_external_services.sh --force

Operations Documentation

• Crunchy Postgres Operator Quickstart
• Redis on Kubernetes
• Valkey Documentation

License

This project is licensed under the Apache License 2.0. See the LICENSE for details.