Deploy an SAP BTP service in your Kyma cluster

This tutorial describes how you can deploy a simple SAP BTP audit log service in your Kyma cluster using the SAP BTP service operator.

Prerequisites

Kyma cluster running on Kubernetes v1.19 or higher
SAP BTP Global Account and Subaccount
kubectl v1.17 or higher
helm v3.0 or higher
jq

Steps

Create a Namespace and install cert-manager in it. The SAP BTP operator requires cert-manager to work properly. You can skip this step if you have cert-manager already installed. Run:
Click to copy
```
kubectl create ns cert-manager
kubectl label namespace cert-manager istio-injection=disabled
kubectl apply -f https://github.com/cert-manager/cert-manager/releases/download/v1.7.1/cert-manager.yaml
echo "Wait two minutes. For details, read: https://cert-manager.io/docs/concepts/webhook/#webhook-connection-problems-shortly-after-cert-manager-installation"
sleep 120
```
CAUTION: There's a known issue with the webhook connection shortly after cert-manager installation, and with the BTP operator webhook. If you see the failed calling webhook error after running this and/or the next command, wait a moment and repeat the operation.
Obtain the access credentials for the SAP BTP service operator as described in step 2 of the SAP BTP operator setup. Then, save the credentials to the creds.json file.

Create a Namespace and install the SAP BTP service operator in it:

Click to copy

kubectl create ns sap-btp-operator
kubectl label namespace sap-btp-operator istio-injection=disabled
helm repo add sap-btp-operator https://sap.github.io/sap-btp-service-operator
helm upgrade --install btp-operator sap-btp-operator/sap-btp-operator --create-namespace --namespace=sap-btp-operator --set manager.secret.clientid="$(jq --raw-output '.clientid' creds.json)" --set manager.secret.clientsecret="$(jq --raw-output '.clientsecret' creds.json)" --set manager.secret.sm_url="$(jq --raw-output '.sm_url' creds.json)" --set manager.secret.tokenurl="$(jq --raw-output '.url' creds.json)"
echo "Wait 30 seconds to make btp-operator webhook ready"
sleep 30

Create a Service Instance:
Click to copy
```
kubectl create -f - <<EOF
apiVersion: services.cloud.sap.com/v1alpha1
kind: ServiceInstance
metadata:
  name: btp-audit-log-instance
  namespace: default
spec:
  serviceOfferingName: auditlog-api
  servicePlanName: default
  externalName: btp-audit-log-instance
EOF
```
TIP: You can find values for the serviceOfferingName and servicePlanName parameters in the Service Marketplace of the SAP BTP Cockpit. Click on the service's tile and find name and Plan respectively. The value of the externalName parameter must be unique.
To see the output, run:
Click to copy
```
kubectl get serviceinstances.services.cloud.sap.com btp-audit-log-instance -o yaml
```
You can see the status created and the message ServiceInstance provisioned successfully.

Create a Service Binding:

Click to copy

kubectl create -f - <<EOF
apiVersion: services.cloud.sap.com/v1alpha1
kind: ServiceBinding
metadata:
  name: btp-audit-log-binding
  namespace: default
spec:
  serviceInstanceName: btp-audit-log-instance
  externalName: btp-audit-log-binding
  secretName: btp-audit-log-binding
EOF

To see the output, run:
Click to copy
```
kubectl get servicebindings.services.cloud.sap.com btp-audit-log-binding -o yaml
```
You can see the status created and the message ServiceBinding provisioned successfully.
You can now use a given service in your Kyma cluster. To see credentials, run:
Click to copy
```
kubectl get secret btp-audit-log-binding -o yaml
```

Clean up your resources:

Click to copy

kubectl delete servicebindings.services.cloud.sap.com btp-audit-log-binding
kubectl delete serviceinstances.services.cloud.sap.com btp-audit-log-instance
helm delete btp-operator -n sap-btp-operator
kubectl delete -f https://github.com/cert-manager/cert-manager/releases/download/v1.7.1/cert-manager.yaml
kubectl delete ns cert-manager
kubectl delete ns sap-btp-operator

TIP: You can use Kyma Dashboard to create and manage resources such as ServiceInstances and ServiceBindings. To do so, navigate to your Namespace view and go to the Service Management tab in the left navigation. Still, you need to obtain service details, such as service name and plan, from the BTP Cockpit.