You can map a Kubernetes namespace to an SAP Service Manager instance in a given subaccount. The Service Manager instance is then used to provision all service instances in this namespace.
- A subaccount in the SAP BTP cockpit.
- kubectl configured for communicating with your Kyma instance. See Access a Kyma Instance Using kubectl.
To connect a namespace to a specific subaccount, maintain the access credentials to the subaccount in a Secret dedicated to a specific namespace. Create the {NAMESPACE-NAME}-sap-btp-service-operator
Secret in the kyma-system
namespace.
-
In the SAP BTP cockpit, create a new SAP Service Manager service instance with the
service-operator-access
plan. See Creating Instances in Other Environments. -
Create a service binding to the SAP Service Manager service instance you have created. See Creating Service Bindings in Other Environments.
-
Get the access credentials of the SAP Service Manager instance from its service binding. Copy them from the SAP BTP cockpit as a JSON file.
-
Create the
creds.json
file in your working directory and save the credentials there. -
In the same working directory, generate the Secret by calling the
create-secret-file.sh
script with the operator option as the first parameter and namespace-name-sap-btp-service-operator Secret as the second parameter.curl https://raw.githubusercontent.com/kyma-project/btp-manager/main/hack/create-secret-file.sh | bash -s operator {NAMESPACE_NAME}-sap-btp-service-operator
The expected result is the file
btp-access-credentials-secret.yaml
created in your working directory:apiVersion: v1 kind: Secret type: Opaque metadata: name: {NAMESPACE_NAME}-sap-btp-service-operator namespace: kyma-system data: clientid: {CLIENT_ID} clientsecret: {CLIENT_SECRET} sm_url: {SM_URL} tokenurl: {AUTH_URL} tokenurlsuffix: "/oauth/token"
-
To create the Secret, run:
kubectl create -f ./btp-access-credentials-secret.yaml
You can see the status
Created
.
-
To create a service instance with a namespace-based Secret, follow the instructions in Create Service Instances and Service Bindings.
-
To verify if you've correctly added the access credentials of the SAP Service Manager instance in your service instance, go to the custom resource (CR)
status
section, and make sure the subaccount ID to which the instance belongs is provided in the subaccountID field. The field must not be empty.