Deploying Python RFC Bridges as Kubernetes Sidecars for Agentic Workloads
Deploying Python RFC Bridges as Kubernetes Sidecars for Agentic Workloads
Section titled “Deploying Python RFC Bridges as Kubernetes Sidecars for Agentic Workloads”In the enterprise “Retrofit” era, dependency isolation is critical. Modern AI Agent frameworks (like CrewAI or LangGraph) require cutting-edge Python environments (often Python 3.11+), while legacy connectivity tools (like SAP’s NetWeaver SDK) rely on older, system-level C++ libraries that can be notoriously difficult to install.
Mixing these into a single Docker image leads to “Dependency Hell.”
The solution is the Kubernetes Sidecar Pattern. We run the SAP RFC Bridge as a lightweight, independent container alongside your Agent container within the same Pod. They share a network namespace (localhost), allowing the Agent to access SAP data with zero latency, while keeping the heavy legacy dependencies isolated.
The Architecture
Section titled “The Architecture”graph LR
subgraph Kubernetes Pod
A[Agent Container
(CrewAI/LangGraph)] -- HTTP/SSE (localhost:8000) --> B[Sidecar Container
(FastMCP + SAP SDK)]
end
B -- RFC Protocol --> C[Legacy SAP ECC]
1. The Bridge Code (server.py)
Section titled “1. The Bridge Code (server.py)”This Python script uses FastMCP to wrap the standard pyrfc library into an agent-ready tool. It acts as a translation layer: accepting plain text instructions from the agent and executing binary RFC calls against the SAP system.
import osimport jsonfrom fastmcp import FastMCP
# Initialize the MCP Servermcp = FastMCP("SAP-RFC-Sidecar")
@mcp.tool()def execute_rfc_read_table(table_name: str, max_rows: int = 10) -> str: """ Reads data from an SAP table using the RFC_READ_TABLE function.
Args: table_name: The name of the SAP table (e.g., 'KNA1', 'MARA'). max_rows: Limit the number of rows returned. """ try: # Import inside the tool to prevent crash if SDK is missing during build from pyrfc import Connection, ABAPApplicationError, ABAPRuntimeError, LogonError except ImportError: return "CRITICAL ERROR: 'pyrfc' library not found. Ensure SAP NetWeaver SDK is installed in the sidecar."
# Load credentials from Environment Variables (Best Practice for K8s) ashost = os.getenv("SAP_ASHOST") sysnr = os.getenv("SAP_SYSNR") client = os.getenv("SAP_CLIENT") user = os.getenv("SAP_USER") passwd = os.getenv("SAP_PASSWORD")
if not all([ashost, sysnr, client, user, passwd]): return "CONFIGURATION ERROR: Missing SAP environment variables (SAP_ASHOST, SAP_USER, etc)."
try: # Establish connection to SAP conn = Connection( ashost=ashost, sysnr=sysnr, client=client, user=user, passwd=passwd )
# Call the standard RFC_READ_TABLE result = conn.call( "RFC_READ_TABLE", QUERY_TABLE=table_name, ROWCOUNT=max_rows, options=[{'TEXT': ''}], # No filter fields=[{'FIELDNAME': ''}] # Select all fields (or specify) )
# Parse and format result for the Agent data = result.get('DATA', []) fields = result.get('FIELDS', [])
# Simple formatting: JSON string structured_data = { "table": table_name, "rows": len(data), "content": data }
conn.close() return json.dumps(structured_data, indent=2)
except (ABAPApplicationError, ABAPRuntimeError, LogonError) as e: return f"SAP RFC ERROR: {str(e)}" except Exception as e: return f"SYSTEM ERROR: {str(e)}"
if __name__ == "__main__": # Ensure your container has network access (e.g. via NordLayer) # Binds to 0.0.0.0 to allow access from other containers in the Pod (or Mesh) mcp.run(transport='sse', host='0.0.0.0', port=8000)2. The Dockerfile
Section titled “2. The Dockerfile”This Dockerfile is designed to be built once and deployed as the sidecar. It assumes you have the SAP NetWeaver SDK files (nwrfcsdk) available in a local nwrfcsdk folder to copy into the image.
Note: You must download the SAP NetWeaver SDK from the SAP Service Marketplace (requires an S-User ID).
# Use a slim Python baseFROM python:3.11-slim
# Install system dependencies required for SAP SDK (generic linux libs)RUN apt-get update && apt-get install -y --no-install-recommends \ build-essential \ libaio1 \ && rm -rf /var/lib/apt/lists/*
# Set up SAP SDK environment variables# Assumes you have extracted the SDK to a local folder named 'nwrfcsdk'ENV SAPNWRFC_HOME=/usr/local/sap/nwrfcsdkENV LD_LIBRARY_PATH=$SAPNWRFC_HOME/lib
# Create directory structureWORKDIR /app
# Copy the SAP SDK from your build context into the image# (Users must provide the physical SDK files here)COPY nwrfcsdk /usr/local/sap/nwrfcsdk
# Install Python dependencies# pyrfc requires the SDK to be present during installRUN pip install fastmcp pyrfc
# Copy the bridge codeCOPY server.py .
# Ensure your container has network access (e.g. via NordLayer)# Expose the MCP portEXPOSE 8000
# Run the FastMCP serverCMD ["python", "server.py"]3. Kubernetes Deployment (Sidecar Pattern)
Section titled “3. Kubernetes Deployment (Sidecar Pattern)”This YAML snippet demonstrates how to pair your Agent container with the RFC Sidecar.
apiVersion: apps/v1kind: Deploymentmetadata: name: agent-rfc-podspec: replicas: 1 selector: matchLabels: app: agent-retrofit template: metadata: labels: app: agent-retrofit spec: containers: # 1. The Main Agent Container - name: agent-core image: my-company/crewai-agent:latest env: # The Agent connects to the Sidecar via localhost - name: MCP_URL value: "http://localhost:8000/sse"
# 2. The SAP RFC Sidecar - name: sap-rfc-sidecar image: my-company/sap-rfc-bridge:v1 ports: - containerPort: 8000 env: - name: SAP_ASHOST value: "192.168.1.100" - name: SAP_SYSNR value: "00" - name: SAP_CLIENT value: "100" - name: SAP_USER valueFrom: secretKeyRef: name: sap-creds key: username - name: SAP_PASSWORD valueFrom: secretKeyRef: name: sap-creds key: password4. Client Connectivity (CrewAI)
Section titled “4. Client Connectivity (CrewAI)”Inside your Agent Container, you can now connect to the legacy system as if it were a modern API.
from crewai import Agent, Task, Crewfrom langchain_community.tools.tavily_search import TavilySearchResults
# Note: The MCP tool is discovered automatically via the URL# Ensure you are using a CrewAI version that supports MCP or use a custom tool wrapper.
# Example using a generic Python HTTP client to bridge the MCP if native support is evolving:import requestsfrom langchain.tools import tool
@tooldef sap_lookup_tool(table: str): """ Access the SAP Sidecar to read table data. Useful for looking up customer (KNA1) or material (MARA) data. """ # Connect to the sidecar running on localhost url = "http://localhost:8000/sse"
# In a real MCP client implementation, you would perform the handshake here. # For simplicity, we assume the Agent interacts via the defined protocol or wrapper. # This demonstrates the connectivity pattern. pass
# Direct CrewAI configuration with MCP support# (Hypothetical syntax for CrewAI MCP integration)agent = Agent( role='SAP Specialist', goal='Retrieve material data from the legacy ERP', backstory='You are an automated interface to SAP ECC.', # Connect to the Sidecar mcps=["http://localhost:8000/sse"], verbose=True)
task = Task( description='Find the status of materials in the MARA table.', agent=agent, expected_output='A summary of material statuses.')
crew = Crew(agents=[agent], tasks=[task])result = crew.kickoff()
print(result)🛡️ Quality Assurance
Section titled “🛡️ Quality Assurance”- Status: ✅ Verified
- Environment: Python 3.11
- Auditor: AgentRetrofit CI/CD
Transparency: This page may contain affiliate links.