-
Notifications
You must be signed in to change notification settings - Fork 17
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Improve the docs on creating Secrets (#883)
* Improve the docs on creating Secrets * Update the secrets precedence diagram * Formatting fixes * Fix broken links * Use placeholders in code blocks * Fix the sidebar file * Add step 6 in creating Secret procedure * CR section * Apply review suggestions * More review suggestions applied
- Loading branch information
1 parent
a0e4c9c
commit a05f80c
Showing
15 changed files
with
527 additions
and
477 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
2 changes: 1 addition & 1 deletion
2
...orials/04-10-create-btp-manager-secret.md → docs/user/03-00-create-btp-manager-secret.md
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
83 changes: 83 additions & 0 deletions
83
docs/user/03-21-create-service-instance-with-custom-secret.md
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,83 @@ | ||
# Create a Service Instance with a Custom Secret | ||
|
||
To have multiple service instances from different subaccounts associated with one namespace, you must use a custom Secret to create these service instances. | ||
|
||
## Context | ||
|
||
To create a service instance with a custom Secret, you must use the **btpAccessCredentialsSecret** field in the `spec` of the service instance. In it, you pass the Secret from the `kyma-system` namespace to create your service instance. You can use different Secrets for different service instances. | ||
|
||
## Prerequisites | ||
|
||
* A subaccount in the SAP BTP cockpit | ||
|
||
## Procedure | ||
|
||
### Create Your Custom Secret | ||
|
||
1. [Create an SAP Service Manager service instance](03-30-management-of-service-instances-and-bindings.md#create-a-service-instance) with the `service-operator-access` plan. | ||
2. [Create a service binding](03-30-management-of-service-instances-and-bindings.md#create-a-service-binding) to the SAP Service Manager service instance you have created. | ||
3. Get the access credentials of the SAP Service Manager instance from its service binding. Copy them from the BTP cockpit as a JSON. | ||
4. Create the `creds.json` file in your working directory and save the credentials there. | ||
5. In the same working directory, generate the Secret by calling the `create-secret-file.sh` script with the **operator** option as the first parameter and **your-secret-name** as the second parameter. | ||
|
||
> [!WARNING] | ||
> Once you set a Secret name in the service instance, you cannot change it in the future. | ||
```sh | ||
curl https://raw.githubusercontent.com/kyma-project/btp-manager/main/hack/create-secret-file.sh | bash -s operator {YOUR_SECRET_NAME} | ||
``` | ||
|
||
The expected result is the file `btp-access-credentials-secret.yaml` created in your working directory: | ||
|
||
```yaml | ||
apiVersion: v1 | ||
kind: Secret | ||
type: Opaque | ||
metadata: | ||
name: {YOUR_SECRET_NAME} | ||
namespace: kyma-system | ||
data: | ||
clientid: {CLIENT_ID} | ||
clientsecret: {CLIENT_SECRET} | ||
sm_url: {SM_URL} | ||
tokenurl: {AUTH_URL} | ||
tokenurlsuffix: "/oauth/token" | ||
``` | ||
|
||
6. To verify if you've correctly added the access credentials of the SAP Service Manager instance in your service instance, go to the CR `status` section, and make sure the subaccount ID to which the instance belongs is provided in the **subaccountID** field. The field must not be empty. | ||
### Create a Service Instance with the Custom Secret | ||
1. Create your service instance with: | ||
* the **btpAccessCredentialsSecret** field in the `spec` pointing to the custom Secret you have created | ||
* other parameters as needed<br> | ||
See an example of a ServiceInstance custom resource: | ||
```yaml | ||
kubectl create -f - <<EOF | ||
apiVersion: services.cloud.sap.com/v1 | ||
kind: ServiceInstance | ||
metadata: | ||
name: {SERVICE_INSTANCE_NAME} | ||
namespace: {NAMESPACE_NAME} | ||
spec: | ||
serviceOfferingName: {SERVICE_OFFERING_NAME} | ||
servicePlanName: {SERVICE_PLAN_NAME} | ||
btpAccessCredentialsSecret: {YOUR_SECRET_NAME} | ||
EOF | ||
``` | ||
2. To verify that your service instance has been created successfully, run: | ||
```bash | ||
kubectl get serviceinstances.services.cloud.sap.com {SERVICE_INSTANCE_NAME} -o yaml | ||
``` | ||
You see the status `Created`. | ||
You also see your Secret name in the **btpAccessCredentialsSecret** field of the `spec`. | ||
## Related Information | ||
[Working with Multiple Subaccounts](03-20-multitenancy.md)<br> | ||
[Create a Service Instance with a Namespace-Based Secret](03-22-create-service-instance-with-namespace-based-secret.md) |
73 changes: 73 additions & 0 deletions
73
docs/user/03-22-create-service-instance-with-namespace-based-secret.md
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,73 @@ | ||
# Create a Service Instance with a Namespace-Based Secret | ||
|
||
To have service instances from one subaccount associated with one namespace, you must use a Secret dedicated to this namespace to create these service instances. | ||
|
||
## Prerequisites | ||
|
||
* A subaccount in the SAP BTP cockpit | ||
|
||
## Procedure | ||
|
||
### Create a Namespace-Based Secret | ||
|
||
1. [Create an SAP Service Manager service instance](03-30-management-of-service-instances-and-bindings.md#create-a-service-instance) with the `service-operator-access` plan. | ||
2. [Create a service binding](03-30-management-of-service-instances-and-bindings.md#create-a-service-binding) to the SAP Service Manager service instance you have created. | ||
3. Get the access credentials of the SAP Service Manager instance with the `service-operator-access` plan from its service binding. Copy them from the SAP BTP cockpit as a JSON. | ||
4. Create the `creds.json` file in your working directory and save the credentials there. | ||
5. In the same working directory, generate the Secret by calling the `create-secret-file.sh` script with the **operator** option as the first parameter and **managed namespace sap-btp-service-operator secret** as the second parameter. | ||
|
||
```sh | ||
curl https://raw.githubusercontent.com/kyma-project/btp-manager/main/hack/create-secret-file.sh | bash -s operator {NAMESPACE_NAME}-sap-btp-service-operator | ||
``` | ||
|
||
The expected result is the file `btp-access-credentials-secret.yaml` created in your working directory: | ||
|
||
```yaml | ||
apiVersion: v1 | ||
kind: Secret | ||
type: Opaque | ||
metadata: | ||
name: {NAMESPACE_NAME}-sap-btp-service-operator | ||
namespace: kyma-system | ||
data: | ||
clientid: {CLIENT_ID} | ||
clientsecret: {CLIENT_SECRET} | ||
sm_url: {SM_URL} | ||
tokenurl: {AUTH_URL} | ||
tokenurlsuffix: "/oauth/token" | ||
``` | ||
6. To verify if you've correctly added the access credentials of the SAP Service Manager instance in your service instance, go to the CR `status` section, and make sure the subaccount ID to which the instance belongs is provided in the **subaccountID** field. The field must not be empty. | ||
### Create a Service Instance with a Managed Namespace Secret | ||
1. Provide the needed parameters and create your service instance. | ||
See an example of a ServiceInstance custom resource: | ||
```yaml | ||
kubectl create -f - <<EOF | ||
apiVersion: services.cloud.sap.com/v1 | ||
kind: ServiceInstance | ||
metadata: | ||
name: {SERVICE_INSTANCE_NAME} | ||
namespace: {NAMESPACE_NAME} | ||
spec: | ||
serviceOfferingName: {SERVICE_OFFERING_NAME} | ||
servicePlanName: {SERVICE_PLAN_NAME} | ||
EOF | ||
``` | ||
2. To verify that your service instance has been created successfully, run: | ||
```bash | ||
kubectl get serviceinstances.services.cloud.sap.com {SERVICE_INSTANCE_NAME} -o yaml | ||
``` | ||
## Result | ||
You see the status `Created` and the message confirming that your servicde instance was created successfully. | ||
## Related Information | ||
[Working with Multiple Subaccounts](03-20-multitenancy.md)<br> | ||
[Create a Service Instance with a Custom Secret](03-21-create-service-instance-with-custom-secret.md) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,19 +1,20 @@ | ||
<!-- markdown-link-check-disable --> | ||
* [Back to Kyma Home](/) | ||
* [SAP BTP Operator Module](/btp-manager/user/README.md) | ||
* [Create the `sap-btp-manager` Secret](/btp-manager/user/03-00-create-btp-manager-secret.md) | ||
* [Install the SAP BTP Operator Module](/btp-manager/user/03-05-install-module.md) | ||
* [Preconfigured Credentials and Access](/btp-manager/user/03-10-preconfigured-secret.md) | ||
* [Working with Multiple Subaccounts](/btp-manager/user/03-20-multitenancy.md) | ||
* [Management of the Service Instances and Service Bindings Lifecycle](/btp-manager/user/03-30-management-of-service-instances-and-bindings.md) | ||
* [Working with Multiple Subaccounts](/btp-manager/user/03-20-multitenancy.md) | ||
* [Create a Service Instance with a Custom Secret](/btp-manager/user/03-21-create-service-instance-with-custom-secret.md) | ||
* [Create a Service Instance with a Namespace-Based Secret](/btp-manager/user/03-22-create-service-instance-with-namespace-based-secret.md) | ||
* [Service Binding Rotation](/btp-manager/user/03-40-service-binding-rotation.md) | ||
* [Formats of Service Binding Secrets](/btp-manager/user/03-50-formatting-service-binding-secret.md) | ||
* [Resources](/btp-manager/user/resources/README.md) | ||
* [SAP BTP Operator Custom Resource](/btp-manager/user/resources/02-10-sap-btp-operator-cr.md) | ||
* [Service Instance Custom Resource](/btp-manager/user/resources/02-20-service-instance-cr.md) | ||
* [Service Binding Custom Resource](/btp-manager/user/resources/02-30-service-binding-cr.md) | ||
* [Tutorials](/btp-manager/user/tutorials/README.md) | ||
* [Create `sap-btp-manager` Secret](/btp-manager/user/tutorials/04-10-create-btp-manager-secret.md) | ||
* [Create a Custom `sap-btp-service-operator` Secret](/btp-manager/user/tutorials/04-20-create-btp-service-operator-secret.md) | ||
* [Install the SAP BTP Operator Module](/btp-manager/user/tutorials/04-30-install-module.md) | ||
* [Create an SAP BTP Service in Your Kyma Cluster](/btp-manager/user/tutorials/04-40-create-service-in-cluster.md) | ||
* [Create a Service Instance with a Custom Secret](/btp-manager/user/tutorials/04-50-create-service-instance-with-custom-secret.md) | ||
|
||
<!-- markdown-link-check-enable --> |
Oops, something went wrong.