From b83f523f8d45b1484d79e84b156e6443e18e6535 Mon Sep 17 00:00:00 2001 From: TalShorSap <108805932+TalShorSap@users.noreply.github.com> Date: Wed, 20 Sep 2023 14:47:39 +0300 Subject: [PATCH] add secret formats to readme (#326) * add secret formats to readme * add secret formats to readme * add secret formats to readme * Update README.md Changed the credentials format descriptions * Update README.md * Update README.md UA changes * Update README.md * Update README.md * Update README.md * Update README.md * Update README.md * Update README.md * Update README.md --------- Co-authored-by: Daniel Korac <99260961+danielforsap@users.noreply.github.com> --- README.md | 114 +++++++++++++++++++++++++++++++++++++++++------------- 1 file changed, 88 insertions(+), 26 deletions(-) diff --git a/README.md b/README.md index dfb80dab..e1bec0f4 100644 --- a/README.md +++ b/README.md @@ -27,6 +27,7 @@ The SAP BTP service operator is based on the [Kubernetes Operator pattern](https * [Credentials Rotation](#credentials-rotation) * [Multitenancy](#multitenancy) * [Troubleshooting and Support](#troubleshooting-and-support) +* [Formats of Secret Objects](#formats-of-secret-objects) * [Uninstalling the Operator](#uninstalling-the-operator) ## Architecture @@ -145,18 +146,18 @@ Review the supported Kubernetes API versions for the following SAP BTP Service O 1. To create an instance of a service offered by SAP BTP, first create a `ServiceInstance` custom-resource file: ```yaml -apiVersion: services.cloud.sap.com/v1 -kind: ServiceInstance -metadata: - name: my-service-instance -spec: - serviceOfferingName: sample-service - servicePlanName: sample-plan - externalName: my-service-instance-external - parameters: - key1: val1 - key2: val2 -``` + apiVersion: services.cloud.sap.com/v1 + kind: ServiceInstance + metadata: + name: my-service-instance + spec: + serviceOfferingName: sample-service + servicePlanName: sample-plan + externalName: my-service-btp-name + parameters: + key1: val1 + key2: val2 + ``` * `` - The name of the SAP BTP service that you want to create. To learn more about viewing and managing the available services for your subaccount in the SAP BTP cockpit, see [Service Marketplace](https://help.sap.com/viewer/09cc82baadc542a688176dce601398de/Cloud/en-US/affcc245c332433ba71917ff715b9971.html). @@ -258,20 +259,20 @@ spec: ### Service Binding #### Spec -| Parameter | Type | Description | -|:-----------------|:---------|:-----------------------------------------------------------------------------------------------------------| -| serviceInstanceName`*` | `string` | The Kubernetes name of the service instance to bind, should be in the namespace of the binding. | -| externalName | `string` | The name for the service binding in SAP BTP, defaults to the binding `metadata.name` if not specified. | -| secretName | `string` | The name of the secret where the credentials are stored, defaults to the binding `metadata.name` if not specified. | -| secretKey | `string` | The key inside the binding secret to store the credentials returned by the broker encoded as json to support complex data structures. | -| secretRootKey | `string` | The key inside the secret to store all binding data including credentials returned by the broker and additional info under single key.
Convenient way to store whole binding data in single file when using `volumeMounts`. | -| parameters | `[]object` | Some services support the provisioning of additional configuration parameters during the bind request.
For the list of supported parameters, check the documentation of the particular service offering.| -| parametersFrom | `[]object` | List of sources to populate parameters. | -| userInfo | `object` | Contains information about the user that last modified this service binding. | -| credentialsRotationPolicy | `object` | Holds automatic credentials rotation configuration. | -| credentialsRotationPolicy.enabled | `boolean` | Indicates whether automatic credentials rotation are enabled. | -| credentialsRotationPolicy.rotationFrequency | `duration` | Specifies the frequency at which the binding rotation is performed. | -| credentialsRotationPolicy.rotatedBindingTTL | `duration` | Specifies the time period for which to keep the rotated binding. | +| Parameter | Type | Description | +|:-----------------|:---------|:-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| +| serviceInstanceName`*` | `string` | The Kubernetes name of the service instance to bind, should be in the namespace of the binding. | +| externalName | `string` | The name for the service binding in SAP BTP, defaults to the binding `metadata.name` if not specified. | +| secretName | `string` | The name of the secret where the credentials are stored, defaults to the binding `metadata.name` if not specified. | +| secretKey | `string` | The secret key is a part of the Secret object, which stores service binding data (credentials) received from the broker. When the secret key is used, all the credentials are stored under a single key. This makes it a convenient way to store credentials data in one file when using volumeMounts. [Example](#formats-of-secret-objects) | +| secretRootKey | `string` | The root key is a part of the Secret object, which stores service binding data (credentials) received from the broker, as well as additional service instance information. When the root key is used, all data is stored under a single key. This makes it a convenient way to store data in one file when using volumeMounts. [Example](#formats-of-secret-objects) | +| parameters | `[]object` | Some services support the provisioning of additional configuration parameters during the bind request.
For the list of supported parameters, check the documentation of the particular service offering. | +| parametersFrom | `[]object` | List of sources to populate parameters. | +| userInfo | `object` | Contains information about the user that last modified this service binding. | +| credentialsRotationPolicy | `object` | Holds automatic credentials rotation configuration. | +| credentialsRotationPolicy.enabled | `boolean` | Indicates whether automatic credentials rotation are enabled. | +| credentialsRotationPolicy.rotationFrequency | `duration` | Specifies the frequency at which the binding rotation is performed. | +| credentialsRotationPolicy.rotatedBindingTTL | `duration` | Specifies the time period for which to keep the rotated binding. | @@ -517,6 +518,67 @@ The SAP BTP service operator project maintainers will respond to the best of the [Back to top](#sap-business-technology-platform-sap-btp-service-operator-for-kubernetes) +## Formats of Secret Objects + +### Key- Value Pairs (Default) +The binding object includes credentials returned from the broker and service instance info presented as key-value pairs. +```bash +#Credentials +uri: https://my-service.authentication.eu10.hana.ondemand.com +username: admin +password: ******** + +#Service instance info +instance_guid: // The service instance ID +instance_name: my-service-btp-name // Taken from the service instance external_name field if set. Otherwise from metadata.name +plan: sample-plan // The service plan name +type: sample-service // The service offering name +``` + +### Credentials as JSON Object +To show credentials returned from the broker as a JSON object, use the 'secretKey' attribute in the service binding spec. + +The value of 'secretKey' is the name of the key that stores the credentials in JSON format. + +```bash +#Credentials +your-secretKey-value: +{ + uri: https://my-service.authentication.eu10.hana.ondemand.com + username: admin + password: ******** +} + +#Service Instance info +instance_guid: // The service instance ID +instance_name: my-service-btp-name // Taken from the service instance external_name field if set. Otherwise from metadata.name +plan: sample-plan // The service plan name +type: sample-service // The service offering name +``` + +### Credentials and Service Info as One JSON Object +To show both credentials returned from the broker and service instance info as a JSON object, use the 'secretRootKey' attribute in the service binding spec. + +The value of 'secretRootKey' is the name of the key that stores both credentials and serivce instance info in JSON format. + +```bash +your-secretRootKey-value: +{ + #Credentials + uri: https://my-service.authentication.eu10.hana.ondemand.com + username: admin + password: ******** + + #Service Instance info + instance_guid: // The service instance id + instance_name: my-service-btp-name // Taken from the service instance external_name field if set. Otherwise from metadata.name + plan: sample-plan // The service plan name + type: sample-service // The service offering name +} +``` + +[Back to top](#sap-business-technology-platform-sap-btp-service-operator-for-kubernetes) + ## Uninstalling the Operator Before you uninstall the operator, we recommend you manually delete all associated service instances and bindings. This way, you'll ensure all data stored with service instances and bindings are properly taken care of. Instances and bindings that were not manually deleted will be automatically deleted once you start the uninstallation process.