Skip to content

Commit

Permalink
add secret formats to readme (#326)
Browse files Browse the repository at this point in the history 
* add secret formats to readme

* add secret formats to readme

* add secret formats to readme

* Update README.md

Changed the credentials format descriptions

* Update README.md

* Update README.md

UA changes

* Update README.md

* Update README.md

* Update README.md

* Update README.md

* Update README.md

* Update README.md

* Update README.md

---------

Co-authored-by: Daniel Korac <[email protected]>
  • Loading branch information
@TalShorSap @danielforsap
TalShorSap and danielforsap authored Sep 20, 2023
1 parent e36e25e commit b83f523
Showing 1 changed file with 88 additions and 26 deletions.
114 changes: 88 additions & 26 deletions README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -27,6 +27,7 @@ The SAP BTP service operator is based on the [Kubernetes Operator pattern](https
* [Credentials Rotation](#credentials-rotation)
* [Multitenancy](#multitenancy)
* [Troubleshooting and Support](#troubleshooting-and-support)
* [Formats of Secret Objects](#formats-of-secret-objects)
* [Uninstalling the Operator](#uninstalling-the-operator)

## Architecture
Expand Down Expand Up @@ -145,18 +146,18 @@ Review the supported Kubernetes API versions for the following SAP BTP Service O
1. To create an instance of a service offered by SAP BTP, first create a `ServiceInstance` custom-resource file:

```yaml
apiVersion: services.cloud.sap.com/v1
kind: ServiceInstance
metadata:
name: my-service-instance
spec:
serviceOfferingName: sample-service
servicePlanName: sample-plan
externalName: my-service-instance-external
parameters:
key1: val1
key2: val2
```
apiVersion: services.cloud.sap.com/v1
kind: ServiceInstance
metadata:
name: my-service-instance
spec:
serviceOfferingName: sample-service
servicePlanName: sample-plan
externalName: my-service-btp-name
parameters:
key1: val1
key2: val2
```

* `<offering>` - The name of the SAP BTP service that you want to create.
To learn more about viewing and managing the available services for your subaccount in the SAP BTP cockpit, see [Service Marketplace](https://help.sap.com/viewer/09cc82baadc542a688176dce601398de/Cloud/en-US/affcc245c332433ba71917ff715b9971.html).
Expand Down Expand Up @@ -258,20 +259,20 @@ spec:

### Service Binding
#### Spec
| Parameter | Type | Description |
|:-----------------|:---------|:-----------------------------------------------------------------------------------------------------------|
| serviceInstanceName`*` | `string` | The Kubernetes name of the service instance to bind, should be in the namespace of the binding. |
| externalName | `string` | The name for the service binding in SAP BTP, defaults to the binding `metadata.name` if not specified. |
| secretName | `string` | The name of the secret where the credentials are stored, defaults to the binding `metadata.name` if not specified. |
| secretKey | `string` | The key inside the binding secret to store the credentials returned by the broker encoded as json to support complex data structures. |
| secretRootKey | `string` | The key inside the secret to store all binding data including credentials returned by the broker and additional info under single key.<br/>Convenient way to store whole binding data in single file when using `volumeMounts`. |
| parameters | `[]object` | Some services support the provisioning of additional configuration parameters during the bind request.<br/>For the list of supported parameters, check the documentation of the particular service offering.|
| parametersFrom | `[]object` | List of sources to populate parameters. |
| userInfo | `object` | Contains information about the user that last modified this service binding. |
| credentialsRotationPolicy | `object` | Holds automatic credentials rotation configuration. |
| credentialsRotationPolicy.enabled | `boolean` | Indicates whether automatic credentials rotation are enabled. |
| credentialsRotationPolicy.rotationFrequency | `duration` | Specifies the frequency at which the binding rotation is performed. |
| credentialsRotationPolicy.rotatedBindingTTL | `duration` | Specifies the time period for which to keep the rotated binding. |
| Parameter | Type | Description |
|:-----------------|:---------|:-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
| serviceInstanceName`*` | `string` | The Kubernetes name of the service instance to bind, should be in the namespace of the binding. |
| externalName | `string` | The name for the service binding in SAP BTP, defaults to the binding `metadata.name` if not specified. |
| secretName | `string` | The name of the secret where the credentials are stored, defaults to the binding `metadata.name` if not specified. |
| secretKey | `string` | The secret key is a part of the Secret object, which stores service binding data (credentials) received from the broker. When the secret key is used, all the credentials are stored under a single key. This makes it a convenient way to store credentials data in one file when using volumeMounts. [Example](#formats-of-secret-objects) |
| secretRootKey | `string` | The root key is a part of the Secret object, which stores service binding data (credentials) received from the broker, as well as additional service instance information. When the root key is used, all data is stored under a single key. This makes it a convenient way to store data in one file when using volumeMounts. [Example](#formats-of-secret-objects) |
| parameters | `[]object` | Some services support the provisioning of additional configuration parameters during the bind request.<br/>For the list of supported parameters, check the documentation of the particular service offering. |
| parametersFrom | `[]object` | List of sources to populate parameters. |
| userInfo | `object` | Contains information about the user that last modified this service binding. |
| credentialsRotationPolicy | `object` | Holds automatic credentials rotation configuration. |
| credentialsRotationPolicy.enabled | `boolean` | Indicates whether automatic credentials rotation are enabled. |
| credentialsRotationPolicy.rotationFrequency | `duration` | Specifies the frequency at which the binding rotation is performed. |
| credentialsRotationPolicy.rotatedBindingTTL | `duration` | Specifies the time period for which to keep the rotated binding. |



Expand Down Expand Up @@ -517,6 +518,67 @@ The SAP BTP service operator project maintainers will respond to the best of the
[Back to top](#sap-business-technology-platform-sap-btp-service-operator-for-kubernetes)
## Formats of Secret Objects
### Key- Value Pairs (Default)
The binding object includes credentials returned from the broker and service instance info presented as key-value pairs.
```bash
#Credentials
uri: https://my-service.authentication.eu10.hana.ondemand.com
username: admin
password: ********
#Service instance info
instance_guid: <instance_guid> // The service instance ID
instance_name: my-service-btp-name // Taken from the service instance external_name field if set. Otherwise from metadata.name
plan: sample-plan // The service plan name
type: sample-service // The service offering name
```
### Credentials as JSON Object
To show credentials returned from the broker as a JSON object, use the 'secretKey' attribute in the service binding spec.
The value of 'secretKey' is the name of the key that stores the credentials in JSON format.
```bash
#Credentials
your-secretKey-value:
{
uri: https://my-service.authentication.eu10.hana.ondemand.com
username: admin
password: ********
}
#Service Instance info
instance_guid: <instance_guid> // The service instance ID
instance_name: my-service-btp-name // Taken from the service instance external_name field if set. Otherwise from metadata.name
plan: sample-plan // The service plan name
type: sample-service // The service offering name
```
### Credentials and Service Info as One JSON Object
To show both credentials returned from the broker and service instance info as a JSON object, use the 'secretRootKey' attribute in the service binding spec.
The value of 'secretRootKey' is the name of the key that stores both credentials and serivce instance info in JSON format.
```bash
your-secretRootKey-value:
{
#Credentials
uri: https://my-service.authentication.eu10.hana.ondemand.com
username: admin
password: ********
#Service Instance info
instance_guid: <instance_guid> // The service instance id
instance_name: my-service-btp-name // Taken from the service instance external_name field if set. Otherwise from metadata.name
plan: sample-plan // The service plan name
type: sample-service // The service offering name
}
```
[Back to top](#sap-business-technology-platform-sap-btp-service-operator-for-kubernetes)
## Uninstalling the Operator
Before you uninstall the operator, we recommend you manually delete all associated service instances and bindings. This way, you'll ensure all data stored with service instances and bindings are properly taken care of. Instances and bindings that were not manually deleted will be automatically deleted once you start the uninstallation process.
Expand Down

0 comments on commit b83f523

Please sign in to comment.