Kyma

Appearance

Instance-Level Mapping ​

You can map a Kubernetes service instance to an SAP Service Manager instance in a given subaccount. The Service Manager instance is then used to provision that service instance.

Prerequisites ​

Context ​

To have multiple service instances from different subaccounts associated with one namespace, you must store access credentials for each subaccount in a custom Secret in the kyma-system namespace. To create a service instance with a custom Secret, you must use the btpAccessCredentialsSecret field in the spec of the service instance. In it, you pass the Secret from the kyma-system namespace to create your service instance. You can use different Secrets for different service instances.

Create Your Custom Secret ​

  1. In the SAP BTP cockpit, create an SAP Service Manager service instance with the service-operator-access plan. See Creating Instances in Other Environments.

  2. Create a service binding to the SAP Service Manager service instance you have created. See Creating Service Bindings in Other Environments.

  3. Get the access credentials of the SAP Service Manager instance from its service binding. Copy them from the BTP cockpit as a JSON file.

  4. Create the creds.json file in your working directory and save the credentials there.

  5. In the same working directory, generate the Secret by calling the create-secret-file.sh script with the operator option as the first parameter and your-secret-name as the second parameter:

    sh
    curl https://raw.githubusercontent.com/kyma-project/btp-manager/main/hack/create-secret-file.sh | bash -s operator {YOUR_SECRET_NAME}

    The expected result is the file btp-access-credentials-secret.yaml created in your working directory:

    yaml
    apiVersion: v1
kind: Secret
type: Opaque
metadata:
  name: {YOUR_SECRET_NAME}
  namespace: kyma-system
data:
  clientid: {CLIENT_ID}
  clientsecret: {CLIENT_SECRET}
  sm_url: {SM_URL}
  tokenurl: {AUTH_URL}
  tokenurlsuffix: "/oauth/token"

  6. To create the Secret, run:

    kubectl create -f ./btp-access-credentials-secret.yaml

  7. To verify that the Secret has been successfully created, run:

    kubectl get secret -n kyma-system {YOUR_SECRET_NAME}

    You see the status Created.

    NOTE

    You can also view the Secret in Kyma dashboard. In the kyma-system namespace, go to Configuration -> Secrets, and check the list of Secrets.

Create a Service Instance with the Custom Secret ​

To create the service instance, use either Kyma dashboard or kubectl.

Kyma dashboard is a web-based UI providing a graphical overview of your cluster and all its resources. To access Kyma dashboard, use the link available in the Kyma Environment section of your subaccount Overview.

Procedure ​

Working with Multiple Subaccounts
Namespace-Level Mapping