Namespace-Level Mapping

You can map a Kubernetes namespace to an SAP Service Manager instance in a given subaccount. The Service Manager instance is then used to provision all service instances in that namespace.

Prerequisites

A subaccount in the SAP BTP cockpit.
You have the SAP BTP Operator module added. For instructions on adding modules, see Adding and Deleting a Kyma Module.
kubectl configured to communicate with your Kyma instance. See Access a Kyma Instance Using kubectl.

Context

To connect a namespace to a specific subaccount, maintain the access credentials to the subaccount in a Secret dedicated to a specific namespace. Create the {NAMESPACE-NAME}-sap-btp-service-operator Secret in the kyma-system namespace.

Create a Namespace-Based Secret

In the SAP BTP cockpit, create a new SAP Service Manager service instance with the service-operator-access plan. See Creating Instances in Other Environments.
Create a service binding to the SAP Service Manager service instance you have created. See Creating Service Bindings in Other Environments.
Get the access credentials of the SAP Service Manager instance from its service binding. Copy them from the SAP BTP cockpit as a JSON file.
Create the creds.json file in your working directory and save the credentials there.

In the same working directory, call the create-secret-file.sh script with the operator option as the first parameter and namespace-name-sap-btp-service-operator Secret as the second parameter.

curl https://raw.githubusercontent.com/kyma-project/btp-manager/main/hack/create-secret-file.sh | bash -s operator {NAMESPACE_NAME}-sap-btp-service-operator

The expected result is the btp-access-credentials-secret.yaml file created in your working directory:

yaml

apiVersion: v1
kind: Secret
type: Opaque
metadata:
  name: {NAMESPACE_NAME}-sap-btp-service-operator
  namespace: kyma-system
data:
  clientid: {CLIENT_ID}
  clientsecret: {CLIENT_SECRET}
  sm_url: {SM_URL}
  tokenurl: {AUTH_URL}
  tokenurlsuffix: "/oauth/token"

To create the Secret, run:

kubectl create -f ./btp-access-credentials-secret.yaml

You see the status Created.

Create a Service Instance with a Namespace-Based Secret

To create a service instance with a namespace-based Secret, follow the instructions in Create Service Instances and Service Bindings.
To verify that you've correctly added the access credentials of the SAP Service Manager instance in your service instance, go to the custom resource (CR) status section, and make sure the subaccount ID to which the instance belongs is provided in the subaccountID field. The field must not be empty.

Working with Multiple Subaccounts
Instance-Level

Istio Service Mesh

Tutorials

Technical Reference

Troubleshooting

Tutorials

Expose a Workload

Use APIRule v2

Use APIRule v2alpha1

Use APIRule v1beta1

Expose and Secure a Workload

Use APIRule v2

Use APIRule v2alpha1

Use APIRule v1beta1

Security

Custom Resources

APIGateway Custom Resource

APIRule Custom Resource

v2

v2alpha1

v1beta1

APIRule Migration

Technical Reference

Troubleshooting Guides

APIRule and Service Connection Issues

APIRule v2

APIRule v2alpha1

APIRule v1beta1

External DNS Management Errors

APIRule v2 Introduction

Resources

Tutorials

Technical Reference

Runtime Agent

Tutorials

Resources

Tutorials

Register a Service

VPC Peering

Resources

Tutorials

Tutorials

Resources

Resources

Troubleshooting

Tutorials

Resources

Technical Reference

Troubleshooting Guides

Collecting Logs

Collecting Traces

Collecting Metrics

Filtering and Processing Data

Integrate with your OTLP Backend

Architecture

Integration Guides

Resources

Tutorials

Resources

Technical Reference

Tutorials

Commands

Namespace-Level Mapping ​

Prerequisites ​

Context ​

Create a Namespace-Based Secret ​

Create a Service Instance with a Namespace-Based Secret ​

Related Information ​

Namespace-Level Mapping

Prerequisites

Context

Create a Namespace-Based Secret

Create a Service Instance with a Namespace-Based Secret

Related Information