add secret formats to readme #326
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
|
|
@@ -27,6 +27,7 @@ The SAP BTP service operator is based on the [Kubernetes Operator pattern](https | |
| * [Credentials Rotation](#credentials-rotation) | ||
| * [Multitenancy](#multitenancy) | ||
| * [Troubleshooting and Support](#troubleshooting-and-support) | ||
| * [Formats of Secret Objects](#formats-of-secret-objects) | ||
| * [Uninstalling the Operator](#uninstalling-the-operator) | ||
|
|
||
| ## Architecture | ||
|
|
@@ -145,18 +146,18 @@ Review the supported Kubernetes API versions for the following SAP BTP Service O | |
| 1. To create an instance of a service offered by SAP BTP, first create a `ServiceInstance` custom-resource file: | ||
|
|
||
| ```yaml | ||
| apiVersion: services.cloud.sap.com/v1 | ||
| kind: ServiceInstance | ||
| metadata: | ||
| name: my-service-instance | ||
| spec: | ||
| serviceOfferingName: sample-service | ||
| servicePlanName: sample-plan | ||
| externalName: my-service-btp-name | ||
| parameters: | ||
| key1: val1 | ||
| key2: val2 | ||
| ``` | ||
|
|
||
| * `<offering>` - The name of the SAP BTP service that you want to create. | ||
| To learn more about viewing and managing the available services for your subaccount in the SAP BTP cockpit, see [Service Marketplace](https://help.sap.com/viewer/09cc82baadc542a688176dce601398de/Cloud/en-US/affcc245c332433ba71917ff715b9971.html). | ||
|
|
@@ -258,20 +259,20 @@ spec: | |
|
|
||
| ### Service Binding | ||
| #### Spec | ||
| | Parameter | Type | Description | | ||
| |:-----------------|:---------|:-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| | ||
| | serviceInstanceName`*` | `string` | The Kubernetes name of the service instance to bind, should be in the namespace of the binding. | | ||
| | externalName | `string` | The name for the service binding in SAP BTP, defaults to the binding `metadata.name` if not specified. | | ||
| | secretName | `string` | The name of the secret where the credentials are stored, defaults to the binding `metadata.name` if not specified. | | ||
| | secretKey | `string` | Property of the Secret object that stores service binding data (credentials) returned from the broker. It is encoded as a JSON object to support complex data structures. [Example](#formats-of-secret-objects) | | ||
| | secretRootKey | `string` | The root key is a part of the Secret object, which stores service binding data (credentials) received from the broker, as well as additional information. When the root key is used, all data is stored under a single key. This makes it a convenient way to store data in one file when using volumeMounts. [Example](#formats-of-secret-objects) | | ||
TalShorSap marked this conversation as resolved.
Show resolved
Hide resolved
|
||
| | parameters | `[]object` | Some services support the provisioning of additional configuration parameters during the bind request.<br/>For the list of supported parameters, check the documentation of the particular service offering. | | ||
| | parametersFrom | `[]object` | List of sources to populate parameters. | | ||
| | userInfo | `object` | Contains information about the user that last modified this service binding. | | ||
| | credentialsRotationPolicy | `object` | Holds automatic credentials rotation configuration. | | ||
| | credentialsRotationPolicy.enabled | `boolean` | Indicates whether automatic credentials rotation are enabled. | | ||
| | credentialsRotationPolicy.rotationFrequency | `duration` | Specifies the frequency at which the binding rotation is performed. | | ||
| | credentialsRotationPolicy.rotatedBindingTTL | `duration` | Specifies the time period for which to keep the rotated binding. | | ||
|
|
||
|
|
||
|
|
||
|
|
@@ -517,6 +518,66 @@ The SAP BTP service operator project maintainers will respond to the best of the | |
|
|
||
| [Back to top](#sap-business-technology-platform-sap-btp-service-operator-for-kubernetes) | ||
|
|
||
| ## Formats of Secret Objects | ||
|
|
||
| ### Key- Value Pairs (Default) | ||
| The binding object includes credentials returned from the broker and service instance info presented as key-value pairs. | ||
| ```bash | ||
| #Credentials | ||
| uri: https://my-service.authentication.eu10.hana.ondemand.com | ||
| username: admin | ||
| password: ******** | ||
|
|
||
| #Service instance info | ||
| instance_guid: <instance_guid> // The service instance ID | ||
| instance_name: my-service-btp-name // Taken from the service instance external_name field if set. Otherwise from metadata.name | ||
| plan: sample-plan // The service plan name | ||
| type: sample-service // The service offering name | ||
| ``` | ||
|
|
||
| ### Credentials as JSON Object | ||
| To show credentials returned from the broker as a JSON object, add 'secretKey: your-secret-value' to the binding spec. | ||
|
There was a problem hiding this comment. it shoud be clearer that 'your-secret-value' is a sample value. "...specify your desired key name in add 'secretKey' attribute in the binding spec" There was a problem hiding this comment. To show credentials returned from the broker as a JSON object, specify your desired key name for 'secretKey' attribute in the binding spec. 'secretKey: your-desired-key-name' There was a problem hiding this comment. @danielforsap need to add reason and take care for Avi's comment |
||
|
|
||
| your-secret-vaue will be a key for a value in JSON format that contains credentials while service instance info remains presented in key-value pairs. | ||
| ```bash | ||
| #Credentials | ||
| your-secret-value: | ||
TalShorSap marked this conversation as resolved.
Show resolved
Hide resolved
|
||
| { | ||
| uri: https://my-service.authentication.eu10.hana.ondemand.com | ||
| username: admin | ||
| password: ******** | ||
| } | ||
|
|
||
| #Service Instance info | ||
| instance_guid: <instance_guid> // The service instance ID | ||
| instance_name: my-service-btp-name // Taken from the service instance external_name field if set. Otherwise from metadata.name | ||
| plan: sample-plan // The service plan name | ||
| type: sample-service // The service offering name | ||
| ``` | ||
|
|
||
| ## Credentials and Binding Info as One JSON Object | ||
TalShorSap marked this conversation as resolved.
Show resolved
Hide resolved
|
||
| To show both credentials returned from the broker and service instance info as a JSON object, add 'secretRootKey: your-secret-value' to the binding spec. | ||
TalShorSap marked this conversation as resolved.
Show resolved
Hide resolved
|
||
|
|
||
| your-secret-value becomes a key that contains credentials and service instance info in a JSON format. | ||
|
|
||
| ```bash | ||
| your-secret-value: | ||
TalShorSap marked this conversation as resolved.
Show resolved
Hide resolved
|
||
| { | ||
| #Credentials | ||
| uri: https://my-service.authentication.eu10.hana.ondemand.com | ||
| username: admin | ||
| password: ******** | ||
|
|
||
| #Service Instance info | ||
| instance_guid: <instance_guid> // The service instance id | ||
| instance_name: my-service-btp-name // Taken from the service instance external_name field if set. Otherwise from metadata.name | ||
| plan: sample-plan // The service plan name | ||
| type: sample-service // The service offering name | ||
| } | ||
| ``` | ||
|
|
||
| [Back to top](#sap-business-technology-platform-sap-btp-service-operator-for-kubernetes) | ||
|
|
||
| ## Uninstalling the Operator | ||
|
|
||
| Before you uninstall the operator, we recommend you manually delete all associated service instances and bindings. This way, you'll ensure all data stored with service instances and bindings are properly taken care of. Instances and bindings that were not manually deleted will be automatically deleted once you start the uninstallation process. | ||
|
|
||
Oops, something went wrong.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
In rootKey you use 'property' while in secretRootKey we use 'key'. key is also baked in the attributes' name. And you also use it below in the format title ("Key- Value Pairs") and the description.
"...defines a name of a key in the secret object in which the service binding data (credentials) returned from the broker will be stored..."
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@TalShorSap
Part of the Secret object that stores service binding data (credentials) received from the broker. When secretKey is used, credentials are stored in the JSON format.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
done
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@danielforsap
The root key... -> The secretRootKey is the key in the secret object in which... (value is json)