Skip to content

Latest commit

 

History

History
92 lines (50 loc) · 3.45 KB

namespace-level-mapping-63ad410.md

File metadata and controls

92 lines (50 loc) · 3.45 KB

Namespace-Level Mapping

You can map a Kubernetes namespace to an SAP Service Manager instance in a given subaccount. The Service Manager instance is then used to provision all service instances in that namespace.

Prerequisites

Context

To connect a namespace to a specific subaccount, maintain the access credentials to the subaccount in a Secret dedicated to a specific namespace. Create the {NAMESPACE-NAME}-sap-btp-service-operator Secret in the kyma-system namespace.

Creating a Namespace-Based Secret

Procedure

  1. In the SAP BTP cockpit, create a new SAP Service Manager service instance with the service-operator-access plan. See Creating Instances in Other Environments.

  2. Create a service binding to the SAP Service Manager service instance you have created. See Creating Service Bindings in Other Environments.

  3. Get the access credentials of the SAP Service Manager instance from its service binding. Copy them from the SAP BTP cockpit as a JSON file.

  4. Create the creds.json file in your working directory and save the credentials there.

  5. In the same working directory, call the create-secret-file.sh script with the operator option as the first parameter and namespace-name-sap-btp-service-operator Secret as the second parameter:

    curl https://raw.githubusercontent.com/kyma-project/btp-manager/main/hack/create-secret-file.sh | bash -s operator {NAMESPACE_NAME}-sap-btp-service-operator

    The expected result is the btp-access-credentials-secret.yaml file created in your working directory:

    apiVersion: v1
kind: Secret
type: Opaque
metadata:
  name: {NAMESPACE_NAME}-sap-btp-service-operator
  namespace: kyma-system
data:
  clientid: {CLIENT_ID}
  clientsecret: {CLIENT_SECRET}
  sm_url: {SM_URL}
  tokenurl: {AUTH_URL}
  tokenurlsuffix: "/oauth/token"

  6. To create the Secret, run:

    kubectl create -f ./btp-access-credentials-secret.yaml

    You see the status Created.

Creating a Service Instance with a Namespace-Based Secret

Procedure

  1. To create a service instance with a namespace-based Secret, follow the instructions in Creating Service Instances and Service Bindings.

  2. To verify that you've correctly added the access credentials of the SAP Service Manager instance in your service instance, go to the custom resource (CR) status section, and make sure the subaccount ID to which the instance belongs is provided in the subaccountID field. The field must not be empty.